Wirus wincft.exe oraz dużo działających procesów


(Tomi798) #1

Witam,otóż niedawno pożyczyłem sobie od znajomego netbooka i chciałem go trochę oczyścić ze zbędnych programów.Zainstalowałem avire,zeskanowałem i przeczyściłem cleanerem.Po jakimś czasie wykrywa mi tego właśnie wirusa wincft.exe ale nie można go usunąć.Drugą sprawą jest to że jest dość dużo działających procesów(w tej chwili 53)których nie znam.Proszę o pomoc w sprawie wirusa i możliwość wyłączenia zbędnych procesów.Tak jak napisałem jest to netbook,system windows xp SP3.

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-09-15 15:14:07

Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.01.0

Running: 5omk9q4i.exe; Driver: C:\DOCUME~1\MONIA\USTAWI~1\Temp\pxldypod.sys



---- System - GMER 1.0.15 ----


SSDT A5B33A6E ZwCreateKey

SSDT A5B33A64 ZwCreateThread

SSDT A5B33A73 ZwDeleteKey

SSDT A5B33A7D ZwDeleteValueKey

SSDT A5B33A82 ZwLoadKey

SSDT A5B33A50 ZwOpenProcess

SSDT A5B33A55 ZwOpenThread

SSDT A5B33A8C ZwReplaceKey

SSDT A5B33A87 ZwRestoreKey

SSDT A5B33A78 ZwSetValueKey

SSDT A5B33A5F ZwTerminateProcess


---- User code sections - GMER 1.0.15 ----


.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1976] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[3808] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]


---- User IAT/EAT - GMER 1.0.15 ----


IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010


---- Devices - GMER 1.0.15 ----


AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)


---- Registry - GMER 1.0.15 ----


Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bbb005                                                   

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bbb005 (not active ControlSet)                               


---- EOF - GMER 1.0.15 ----

Nie działa mi skanowanie OTL,proszę napisać jakim innym programem mam to zeskanować.


(Leon$) #2

http://www.instalki.pl/programy/downloa ... sbFix.html

z opcji Deletion

potem skan Otl

:slight_smile:


(Tomi798) #3

Zrobiłem tak ja kazałeś

usbfix

############################## | UsbFix 7.058 | [Deletion]


User: MONIA (Administrator) # MONIKA []

Updated 24/08/2011 by El Desaparecido

Started at 17:12:37 | 15/09/2011

Website: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contact: contact@eldesaparecido.com


CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz

CPU 2: Intel(R) Atom(TM) CPU N450 @ 1.66GHz

Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Dodatek Service Pack 3

Internet Explorer 8.0.6001.18702


Windows Firewall: Enabled

Antivirus: AntiVir Desktop 9.0.1.32 [(!) Disabled | Updated]

RAM -> 1013 Mb 

C:\ (%systemdrive%) -> Fixed drive # 134 Gb (95 Mb free - 71%) [ACER] # NTFS

D:\ -> Fixed drive # 4 Gb (3 Mb free - 66%) [] # FAT32


################## | Files # Infected Folders |


Deleted ! C:\Recycler\S-1-5-21-439199626-1318987518-222395546-1006


################## | Registry |



################## | Mountpoints2 |



################## | Listing |


[22/06/2011 - 23:52:32 | D] C:\40568603fa275c134d

[21/06/2011 - 18:08:50 | D] C:\6d225614f1584dec40bf19a0d319

[31/12/2010 - 07:30:20 | D] C:\ACER

[15/08/2010 - 23:49:38 | N | 0] C:\AUTOEXEC.BAT

[16/08/2010 - 02:11:38 | D] C:\Book

[14/09/2011 - 20:51:19 | N | 211] C:\boot.ini

[15/04/2008 - 14:00:00 | N | 4952] C:\Bootfont.bin

[14/09/2011 - 22:41:17 | D] C:\Config.Msi

[15/08/2010 - 23:49:38 | N | 0] C:\CONFIG.SYS

[02/01/2011 - 13:16:37 | D] C:\DirectX_Eradicator

[30/12/2010 - 22:56:37 | D] C:\Documents and Settings

[17/08/2011 - 21:33:44 | D] C:\i386

[16/08/2010 - 01:12:45 | D] C:\Intel

[15/08/2010 - 23:49:38 | N | 0] C:\IO.SYS

[15/08/2010 - 23:49:38 | N | 0] C:\MSDOS.SYS

[16/08/2010 - 01:27:11 | RHD] C:\MSOCache

[15/04/2008 - 14:00:00 | N | 47564] C:\NTDETECT.COM

[15/04/2008 - 14:00:00 | N | 251152] C:\ntldr

[31/12/2010 - 07:30:19 | D] C:\OEM

[15/09/2011 - 13:51:35 | ASH | 1598029824] C:\pagefile.sys

[14/09/2011 - 22:41:16 | D] C:\Program Files

[15/09/2011 - 17:12:55 | SHD] C:\RECYCLER

[16/08/2010 - 01:22:49 | N | 2211] C:\RHDSetup.log

[30/12/2010 - 22:56:16 | SHD] C:\System Volume Information

[15/09/2011 - 17:12:55 | D] C:\UsbFix

[15/09/2011 - 17:12:56 | A | 914] C:\UsbFix.txt

[02/01/2011 - 14:17:00 | D] C:\VALUEADD

[14/09/2011 - 22:41:04 | D] C:\WINDOWS

[13/08/2010 - 10:33:06 | N | 234881707] D:\var.img

[13/08/2010 - 10:32:58 | N | 153093047] D:\q2l.img

[26/03/2010 - 09:14:46 | N | 1048576000] D:\firefox.img

[30/12/2010 - 21:57:36 | SHD] D:\System Volume Information

[31/12/2010 - 06:26:52 | D] D:\android

[01/01/2011 - 16:55:52 | SHD] D:\Recycled


################## | Vaccin |


C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)

D:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)


################## | Upload |


Please send the file: C:\UsbFix_Upload_Me_MONIKA.zip

http://www.teamxscript.org/Upload.php

Thank you for your contribution.


################## | E.O.F |

Zaraz wkleje otl jeżeli pójdzie


(Leon$) #4

log wklej na http://www.wklej.org/

według zasad zasady-wklejania-logow-forum-tytulowania-tematow-t253052.html

:slight_smile:


(Tomi798) #5

otl

http://wklej.org/id/594423/

extras

http://wklej.org/id/594424/


(Leon$) #6

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

Pokaż log z usuwania.

potem nowy log OTL robiony opcją Run Scan (Skanuj)

:slight_smile:


(Tomi798) #7

log z usuwania

http://wklej.org/id/594439/

log otl

http://wklej.org/id/594444/


(Leon$) #8

Log wygląda na czysty

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

W OTL kilknij CleanUp (Sprzątanie)

przeskanuj

Dr.WEB CureIt! http://www.dobreprogramy.pl/DrWEB-CureI ... 12976.html

:slight_smile: