mam takie wirusy oraz jakies hacktools jak sie tego pozbyc log z combofix:
ComboFix 09-01-21.04 - WalK 2009-01-27 12:24:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2047.1425 [GMT 1:00]
Uruchomiony z: e:\documents and settings\WalK\Moje dokumenty\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated)
FW: Symantec Endpoint Protection *enabled*
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\windows\expiorer.exe
F:\Autorun.inf
F:\iq.bat
F:\j60osk9.cmd
F:\qoes.bat
G:\Autorun.inf
G:\iq.bat
G:\j60osk9.cmd
G:\qoes.bat
G:\x2tpc.cmd
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-27 do 2009-01-27 )))))))))))))))))))))))))))))))
.
2009-01-22 22:51 . 2009-01-22 22:51
2009-01-21 22:19 . 2009-01-22 08:55
2009-01-21 19:15 . 2009-01-21 19:15
2009-01-15 22:42 . 2009-01-15 22:43
2009-01-13 14:37 . 2009-01-13 14:38
2009-01-13 13:55 . 2009-01-13 13:55
2009-01-13 11:30 . 2009-01-13 11:30
2009-01-13 09:29 . 2004-08-04 00:44 70,144 --a------ e:\windows\AhnRpta.exe
2009-01-12 20:42 . 2009-01-12 20:50 183 --a------ e:\windows\wcx_ftp.ini
2009-01-10 15:07 . 2009-01-10 15:07 1,172 --a------ e:\windows\bestplayer.ini
2009-01-10 15:07 . 2009-01-10 15:07 69 --a------ e:\windows\bestplayer.bpp
2009-01-10 15:07 . 2009-01-10 15:07 0 --a------ e:\windows\bestplayer.bbt
2009-01-10 00:45 . 2009-01-27 12:25
2009-01-10 00:45 . 2009-01-10 09:08
2009-01-10 00:45 . 2009-01-08 02:06
2009-01-10 00:45 . 2009-01-08 02:59
2009-01-10 00:45 . 2009-01-08 02:59
2009-01-10 00:45 . 2009-01-08 02:59
2009-01-10 00:45 . 2009-01-08 02:59
2009-01-10 00:45 . 2009-01-10 00:45
2009-01-09 13:48 . 2009-01-09 13:48
2009-01-09 13:48 . 2009-01-09 13:48
2009-01-08 23:26 . 2009-01-08 23:26
2009-01-08 20:40 . 2009-01-08 20:40
2009-01-08 20:16 . 2009-01-08 20:16 421 --a------ e:\windows\ODBC.INI
2009-01-08 20:15 . 2003-06-19 01:31 17,920 --a------ e:\windows\system32\mdimon.dll
2009-01-08 20:13 . 2009-01-08 20:13
2009-01-08 20:12 . 2009-01-08 20:14
2009-01-08 20:12 . 2009-01-08 20:12
2009-01-08 20:08 . 2009-01-08 20:08
2009-01-08 20:05 . 2009-01-08 20:05 717,296 --a------ e:\windows\system32\drivers\sptd.sys
2009-01-08 18:53 . 2009-01-08 18:53
2009-01-08 18:53 . 2009-01-10 21:24 202,352 --a------ e:\windows\system32\PnkBstrB.exe
2009-01-08 18:53 . 2009-01-10 21:24 138,624 --a------ e:\windows\system32\drivers\PnkBstrK.sys
2009-01-08 18:53 . 2009-01-08 18:53 66,872 --a------ e:\windows\system32\PnkBstrA.exe
2009-01-08 18:05 . 2009-01-08 18:42
2009-01-08 16:49 . 2009-01-08 16:49
2009-01-08 16:24 . 2008-06-18 18:01 77,824 --a------ e:\windows\SET14.tmp
2009-01-08 16:24 . 2008-06-19 16:20 57,344 --a------ e:\windows\ALCMTR.EXE
2009-01-08 16:19 . 2007-11-14 15:18 553 --a------ e:\windows\USetup.iss
2009-01-08 16:18 . 2005-07-15 16:48 40,960 -r------- e:\windows\system32\ChCfg.exe
2009-01-08 16:17 . 2008-03-05 18:07 520,192 --a------ e:\windows\RtlExUpd.dll
2009-01-08 08:30 . 2009-01-08 08:32
2009-01-08 08:16 . 2009-01-08 08:16
2009-01-08 03:02 . 2004-08-03 23:58 5,504 --a------ e:\windows\system32\drivers\MSTEE.sys
2009-01-08 03:00 . 2004-08-04 01:44 77,312 --a------ e:\windows\system32\usbui.dll
2009-01-08 03:00 . 2004-08-04 00:07 14,080 --a------ e:\windows\system32\drivers\CmBatt.sys
2009-01-08 03:00 . 2001-08-17 22:57 14,080 --a------ e:\windows\system32\drivers\battc.sys
2009-01-08 03:00 . 2001-08-17 22:58 9,344 --a------ e:\windows\system32\drivers\compbatt.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 16:03 --------- d-----w e:\program files\NAPI-PROJEKT
2009-01-08 22:08 --------- d-----w e:\program files\SubEdit-Player
2009-01-08 17:01 --------- d-----w e:\program files\Common Files\InstallShield
2009-01-08 15:40 --------- d-----w e:\program files\Realtek
2009-01-08 15:18 --------- d–h--w e:\program files\InstallShield Installation Information
2009-01-08 01:17 --------- d-----w e:\program files\ATI
2009-01-08 01:10 --------- d-----w e:\program files\microsoft frontpage
2009-01-08 01:09 --------- d-----w e:\program files\Usługi online
2009-01-07 22:55 --------- d-----w e:\documents and settings\WalK\Dane aplikacji\ATI
2009-01-07 22:55 --------- d-----w e:\documents and settings\All Users\Dane aplikacji\ATI
2009-01-07 22:51 --------- d-----w e:\program files\ATI Technologies
2009-01-07 21:53 --------- d-----w e:\program files\ASUS
2009-01-07 21:04 --------- d-----w e:\program files\K-Lite Codec Pack
2009-01-07 21:01 --------- d-----w e:\program files\Konnekt
2009-01-07 20:13 --------- d-----w e:\program files\Toshiba
2009-01-07 19:34 --------- d-----w e:\program files\BitLord
2009-01-07 19:21 --------- d-----w e:\program files\Common Files\Symantec Shared
2009-01-07 19:20 --------- d-----w e:\documents and settings\All Users\Dane aplikacji\Symantec
2009-01-07 19:19 805 ----a-w e:\windows\system32\drivers\SYMEVENT.INF
2009-01-07 19:19 60,800 ----a-w e:\windows\system32\S32EVNT1.DLL
2009-01-07 19:19 123,952 ----a-w e:\windows\system32\drivers\SYMEVENT.SYS
2009-01-07 19:19 10,563 ----a-w e:\windows\system32\drivers\SYMEVENT.CAT
2009-01-07 19:19 --------- d-----w e:\program files\Symantec
2009-01-07 19:03 --------- d-----w e:\documents and settings\All Users\Dane aplikacji\stamina
2009-01-07 18:41 --------- d-----w e:\program files\Atheros
2009-01-07 18:41 --------- d-----w e:\documents and settings\WalK\Dane aplikacji\InstallShield
2009-01-07 18:41 --------- d-----w e:\documents and settings\All Users\Dane aplikacji\Atheros
2008-12-28 22:48 2,330,643 ----a-w e:\windows\system32\x264vfw.dll
2008-12-08 20:45 92,488 ----a-w e:\windows\system32\drivers\SysPlant.sys
2008-12-08 20:43 42,312 ----a-w e:\windows\system32\drivers\WPSDRVnt.sys
2008-12-08 20:43 357,704 ----a-w e:\windows\system32\sysfer.dll
2008-12-08 20:43 107,848 ----a-w e:\windows\system32\SymVPN.dll
2008-12-08 20:42 49,480 ----a-w e:\windows\system32\FwsVpn.dll
2008-12-08 11:53 57,344 ----a-w e:\windows\system32\ff_vfw.dll
2008-12-07 18:08 795,648 ----a-w e:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w e:\windows\system32\xvidvfw.dll
2008-10-28 22:35 684,032 ----a-w e:\windows\system32\divx.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“e:\windows\system32\ctfmon.exe” [2004-08-04 15360]
“Konnekt”=“e:\program files\Konnekt\konnekt.exe” [2005-05-24 503808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ACU”=“e:\program files\Atheros\ACU.exe” [2008-04-09 450648]
“ccApp”=“e:\program files\Common Files\Symantec Shared\ccApp.exe” [2008-08-14 115560]
“ATKMEDIA”=“e:\program files\ASUS\ATK Media\DMedia.exe” [2008-06-24 159744]
“StartCCC”=“e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-01-21 61440]
“RTHDCPL”=“RTHDCPL.EXE” [2008-06-20 e:\windows\RTHDCPL.EXE]
“SoundMan”=“SOUNDMAN.EXE” [2006-02-14 e:\windows\SoundMan.exe]
“AlcWzrd”=“ALCWZRD.EXE” [2008-06-19 e:\windows\ALCWZRD.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“e:\windows\system32\CTFMON.EXE” [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.l3fhg”= mp3fhg.acm
“msacm.divxa32”= divxa32.acm
“VIDC.X264”= x264vfw.dll
“VIDC.HFYU”= huffyuv.dll
“vidc.i263”= i263_32.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@=“Service”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2008-06-12 02:38 34672 e:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
–a------ 2008-11-23 01:36 203720 e:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
–a------ 2007-04-19 11:32 225280 e:\program files\ATK Hotkey\HControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
–a----t- 2009-01-07 19:47 133104 e:\documents and settings\WalK\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“Ati HotKey Poller”=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“e:\Program Files\Konnekt\konnekt.exe”=
“e:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe”=
“e:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE”=
“e:\Program Files\Common Files\Symantec Shared\ccApp.exe”=
“e:\Program Files\BitLord\BitLord.exe”=
“f:\gry\America’s Army\System\ArmyOps.exe”=
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-07 99376]
R3 WSIMD;wsimd Service;e:\windows\system32\drivers\wsimd.sys [2009-01-07 57408]
S3 COH_Mon;COH_Mon;e:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{db857f0a-dcea-11dd-99b1-00235480f97f}]
\Shell\AutoRun\command - H:\xcisvxl.com
\Shell\open\Command - H:\xcisvxl.com
.
Zawartość folderu ‘Zaplanowane zadania’
2009-01-27 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1292428093-682003330-1003.job
- e:\documents and settings\WalK\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-01-07 19:47]
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKCU-Run-cdoosoft - e:\windows\system32\olhrwef.exe
ShellExecuteHooks-{BB4C402F-882A-4526-8C08-51278EA437C1} - e:\windows\system32\afmain0.dll
MSConfigStartUp-vamsoft - e:\windows\system32\vamsoft.exe
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7F5E8811-C897-4AA2-8313-DB5066AEE869} = 194.204.159.1,194.204.152.34
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 12:26:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘winlogon.exe’(1200)
-
-
-
-
-
e:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-01-27 12:27:03
ComboFix-quarantined-files.txt 2009-01-27 11:27:00
ComboFix2.txt 2009-01-10 08:37:02
Przed: 14 998 573 056 bajtów wolnych
Po: 15,009,792,000 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
e:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
212