x-kom hosting

Infostealer.Gampass może ktoś wytłumaczyć jak usunąć?

pazzo
utworzono
utworzono

Tak jak w temacie. Czytałem troche o jakichs logach ale kompletnie na tym sie nie znam.

pazzo
komentarz
komentarz

Log:

ComboFix 09-02-15.01 - zxc 2009-02-16 16:53:41.1 - [b]FAT32[/b]x86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.511.239 [GMT 1:00]Uruchomiony z: C:\ComboFix.exe * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\AutoRun.infD:\1utbfd.batD:\Autorun.infD:\m0vnonh.batD:\pook.comE:\1utbfd.batE:\Autorun.infE:\gfqgq.cmdE:\m0vnonh.batE:\pook.com.(((((((((((((((((((((((((   Pliki utworzone od 2009-01-16 do 2009-02-16  ))))))))))))))))))))))))))))))).2009-02-16 16:47 . 2009-02-16 16:47	2,923,783	-ra------	C:\ComboFix.exe2009-02-16 16:14 . 2009-02-16 16:14	<DIR>	d--------	c:\program files\Turbo Torrent2009-02-16 16:13 . 2009-02-16 16:13	3,426,711	--a------	C:\turbo-1.1.6.exe2009-02-16 15:42 . 2009-02-16 15:42	<DIR>	d--------	c:\program files\Gadu-Gadu2009-02-16 15:42 . 2009-02-16 15:42	<DIR>	d--------	c:\documents and settings\zxc\Gadu-Gadu2009-02-16 13:48 . 2009-02-16 13:48	<DIR>	d--------	c:\documents and settings\zxc\Dane aplikacji\HP2009-02-16 13:47 . 2009-02-16 13:47	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\WEBREG2009-02-16 13:45 . 2007-03-08 05:20	16,496	-ra------	c:\windows\system32\drivers\HPZipr12.sys2009-02-16 13:44 . 2009-02-16 13:44	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard2009-02-16 13:44 . 2007-05-02 11:03	267,864	-ra------	c:\windows\system32\hpzids01.dll2009-02-16 13:44 . 2007-03-15 15:32	118,272	--a------	c:\windows\system32\hpz3l5ha.dll2009-02-16 13:44 . 2007-03-08 05:20	49,920	-ra------	c:\windows\system32\drivers\HPZid412.sys2009-02-16 13:44 . 2007-03-08 05:20	21,568	-ra------	c:\windows\system32\drivers\HPZius12.sys2009-02-16 13:43 . 2007-05-02 09:56	954,368	-ra------	c:\windows\system32\hpotiop5.dll2009-02-16 13:43 . 2007-05-02 10:01	675,840	-ra------	c:\windows\system32\hpowiax5.dll2009-02-16 13:43 . 2007-03-08 05:20	364,544	-ra------	c:\windows\system32\hppldcoi.dll2009-02-16 13:43 . 2007-03-08 05:20	309,760	-ra------	c:\windows\system32\difxapi.dll2009-02-16 13:43 . 2007-05-02 10:00	303,104	-ra------	c:\windows\system32\hpovst12.dll2009-02-16 13:43 . 2004-08-03 22:58	15,104	--a------	c:\windows\system32\drivers\usbscan.sys2009-02-16 13:43 . 2004-08-03 22:58	15,104	--a------	c:\windows\system32\dllcache\usbscan.sys2009-02-16 13:42 . 2009-02-16 13:42	<DIR>	d--------	c:\documents and settings\zxc\Dane aplikacji\HPAppData2009-02-16 13:42 . 2009-02-16 13:42	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY2009-02-16 13:41 . 2009-02-16 13:41	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant2009-02-16 13:41 . 2009-02-16 13:41	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\HP2009-02-16 13:40 . 2009-02-16 13:40	<DIR>	d--------	c:\program files\Hewlett-Packard2009-02-16 13:40 . 2009-02-16 13:40	<DIR>	d--------	c:\program files\Common Files\HP2009-02-16 13:40 . 2009-02-16 13:40	<DIR>	d--------	c:\program files\Common Files\Hewlett-Packard2009-02-16 13:39 . 2009-02-16 13:39	<DIR>	d--------	c:\windows\system32\DRVSTORE2009-02-16 13:38 . 2009-02-16 13:38	<DIR>	d--------	c:\program files\HP2009-02-16 13:38 . 2004-08-03 23:08	31,616	--a------	c:\windows\system32\drivers\usbccgp.sys2009-02-16 13:38 . 2004-08-03 23:08	31,616	--a------	c:\windows\system32\dllcache\usbccgp.sys2009-02-16 13:38 . 2004-08-03 23:08	26,496	--a------	c:\windows\system32\dllcache\usbstor.sys2009-02-16 13:38 . 2004-08-03 23:01	25,856	--a------	c:\windows\system32\drivers\usbprint.sys2009-02-16 13:38 . 2004-08-03 23:01	25,856	--a------	c:\windows\system32\dllcache\usbprint.sys2009-02-16 13:37 . 2009-02-16 13:46	159,941	--a------	c:\windows\hpoins21.dat2009-02-16 13:37 . 2007-05-15 11:13	8,138	---------	c:\windows\hpomdl21.dat2009-02-16 13:34 . 2003-06-19 01:31	17,920	--a------	c:\windows\system32\mdimon.dll2009-02-16 13:34 . 2009-02-16 13:34	421	--a------	c:\windows\ODBC.INI2009-02-16 13:33 . 2009-02-16 13:33	<DIR>	d--------	c:\program files\Microsoft.NET2009-02-16 13:33 . 2009-02-16 13:33	<DIR>	d--------	c:\program files\Microsoft Works2009-02-16 13:32 . 2009-02-16 13:32	<DIR>	d--------	c:\windows\SHELLNEW2009-02-16 11:31 . 2009-02-16 11:31	<DIR>	d--------	c:\program files\IrfanView2009-02-16 11:25 . 2009-02-16 11:25	<DIR>	d--------	C:\Nowy folder2009-02-16 11:13 . 2009-02-16 11:13	<DIR>	d--hs----	C:\Recycled2009-02-16 10:31 . 2009-02-16 10:31	<DIR>	d--------	c:\windows\nview2009-02-16 10:31 . 2005-06-15 10:20	176,128	--a------	c:\windows\system32\nvudisp.exe2009-02-16 10:31 . 2009-02-16 16:56	26,682	--a------	c:\windows\system32\nvapps.xml2009-02-16 10:31 . 2005-06-15 10:20	14,757	--a------	c:\windows\system32\nvdisp.nvu2009-02-16 10:29 . 2004-05-02 09:47	23,040	-ra------	c:\windows\system32\drivers\GVCplDrv.sys2009-02-16 10:26 . 2005-05-17 10:45	300,032	-ra------	c:\windows\system32\idecoi.dll2009-02-16 10:26 . 2005-05-17 10:45	92,800	-ra------	c:\windows\system32\drivers\nvata.sys2009-02-16 10:25 . 2009-02-16 10:25	<DIR>	d--------	c:\program files\Realtek Sound Manager2009-02-16 10:25 . 2009-02-16 10:25	<DIR>	d--------	c:\program files\AvRack2009-02-16 10:24 . 2009-02-16 10:24	<DIR>	d--------	c:\program files\AMD2009-02-16 10:24 . 2004-12-22 10:06	17,584,128	--a------	c:\windows\system32\ALSNDMGR.CPL2009-02-16 10:24 . 2004-11-05 09:29	208,896	---------	c:\windows\alcupd.exe2009-02-16 10:24 . 2004-09-01 13:04	139,264	---------	c:\windows\alcrmv.exe2009-02-16 10:24 . 2005-03-09 15:53	43,008	--a------	c:\windows\system32\drivers\AmdK8.sys2009-02-16 10:17 . 2009-02-16 10:17	<DIR>	d--------	c:\program files\TP-LINK2009-02-16 10:17 . 2005-12-30 08:04	1,396,835	--a------	c:\windows\system32\AegisE5.dll2009-02-16 10:17 . 2005-12-21 10:16	470,048	--a------	c:\windows\system32\drivers\ar5211.sys2009-02-16 10:17 . 2005-12-21 10:16	470,048	--a------	c:\windows\system32\ar5211.sys2009-02-16 10:17 . 2005-12-30 08:15	385,024	--a------	c:\windows\system32\athcfg11.dll2009-02-16 10:17 . 2005-12-30 08:04	315,392	--a------	c:\windows\system32\AegisI5.exe2009-02-16 10:17 . 2006-03-21 09:52	249,856	--a------	c:\windows\system32\wgapi.dll2009-02-16 10:17 . 2005-12-30 08:10	237,568	--a------	c:\windows\system32\wcapi.dll2009-02-16 10:17 . 2005-12-30 08:14	77,824	--a------	c:\windows\system32\athcfg11res.dll2009-02-16 10:17 . 2006-03-29 16:04	42,484	--a------	c:\windows\system32\net5211.inf2009-02-16 10:17 . 2005-12-30 08:15	36,864	--a------	c:\windows\system32\acs.exe2009-02-16 10:17 . 2009-02-16 10:17	21,275	--a------	c:\windows\system32\drivers\AegisP.sys2009-02-16 10:17 . 2005-12-21 10:15	26	--a------	c:\windows\system32\net5211.cat2009-02-16 10:16 . 2009-02-16 10:16	<DIR>	d--------	C:\temp2009-02-16 10:14 . 2009-02-16 10:14	<DIR>	d--------	c:\program files\Wireless 11Mbps Network2009-02-16 10:14 . 2009-02-16 10:14	<DIR>	d--h-----	c:\program files\InstallShield Installation Information2009-02-16 10:14 . 2009-02-16 10:14	<DIR>	d--------	c:\program files\Common Files\InstallShield2009-02-16 10:14 . 2002-12-04 16:09	81,920	--a------	c:\windows\W32N50.dll2009-02-16 10:14 . 2003-04-08 14:43	40,960	--a------	c:\windows\system32\_IsUser.dll2009-02-16 10:14 . 2002-12-04 16:09	32,768	--a------	c:\windows\PCARmDrv.exe2009-02-16 10:14 . 2002-12-04 16:09	18,189	--a------	c:\windows\PCAMPR5.SYS2009-02-16 10:14 . 2002-12-04 16:09	17,936	--a------	c:\windows\PCAMPR4.SYS2009-02-16 10:14 . 2002-12-04 16:09	17,134	--a------	c:\windows\PCANDIS5.SYS2009-02-16 10:14 . 2002-12-04 16:09	16,848	--a------	c:\windows\PCANDIS4.SYS2009-02-16 10:14 . 2002-12-04 16:09	16,580	--a------	c:\windows\PCAMPR3.VXD2009-02-16 10:14 . 2002-12-04 16:09	16,073	--a------	c:\windows\PCANDIS3.VXD2009-02-16 10:11 . 2009-02-16 10:11	<DIR>	d--------	c:\program files\Symantec2009-02-16 10:11 . 2009-02-16 10:11	<DIR>	d--------	c:\program files\Norton AntiVirus2009-02-16 10:11 . 2009-02-16 10:11	<DIR>	d--------	c:\program files\Common Files\Symantec Shared2009-02-16 10:11 . 2009-02-16 10:11	<DIR>	d--------	c:\documents and settings\zxc\Dane aplikacji\Symantec2009-02-16 10:11 . 2009-02-16 10:11	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Symantec2009-02-16 10:11 . 2001-08-15 15:20	120,379	--a------	c:\windows\system32\SYMEVNT.3862009-02-16 10:11 . 2001-08-15 15:20	57,696	--a------	c:\windows\system32\drivers\SYMEVENT.SYS2009-02-16 10:11 . 2001-08-15 15:20	36,864	--a------	c:\windows\system32\S32EVNT1.DLL2009-02-16 10:11 . 2001-08-15 15:20	4,032	--a------	c:\windows\system32\SYMEVNT1.DLL2009-02-16 10:05 . 2009-02-16 09:50	<DIR>	d--h-----	c:\documents and settings\zxc\Ustawienia lokalne2009-02-16 10:05 . 2009-02-16 10:05	<DIR>	dr-------	c:\documents and settings\zxc\Ulubione2009-02-16 10:05 . 2009-02-16 09:50	<DIR>	d--h-----	c:\documents and settings\zxc\Szablony2009-02-16 10:05 . 2009-02-16 09:50	<DIR>	d--------	c:\documents and settings\zxc\Pulpit2009-02-16 10:05 . 2009-02-16 10:05	<DIR>	dr-------	c:\documents and settings\zxc\Moje dokumenty2009-02-16 10:05 . 2009-02-16 09:50	<DIR>	dr-------	c:\documents and settings\zxc\Menu Start2009-02-16 10:05 . 2009-02-16 09:50	<DIR>	dr-h-----	c:\documents and settings\zxc\Dane aplikacji2009-02-16 10:05 . 2009-02-16 10:05	<DIR>	d--------	c:\documents and settings\zxc2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d---s----	c:\windows\system32\Microsoft2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--h-----	c:\documents and settings\NetworkService\Ustawienia lokalne2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--------	c:\documents and settings\NetworkService\Dane aplikacji2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--hs----	c:\documents and settings\NetworkService2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--h-----	c:\documents and settings\LocalService\Ustawienia lokalne2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--------	c:\documents and settings\LocalService\Dane aplikacji2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--hs----	c:\documents and settings\LocalService2009-02-16 10:04 . 2009-02-16 10:04	8,192	--a------	c:\windows\REGLOCS.OLD2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	dr-h-----	c:\windows\system32\config\systemprofile\Ustawienia lokalne2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	d--------	c:\windows\system32\config\systemprofile\Ulubione2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	d--h-----	c:\windows\system32\config\systemprofile\Szablony2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	d--------	c:\windows\system32\config\systemprofile\Pulpit2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	d--------	c:\windows\system32\config\systemprofile\Moje dokumenty2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	dr-------	c:\windows\system32\config\systemprofile\Menu Start2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	dr-h-----	c:\windows\system32\config\systemprofile\Dane aplikacji2009-02-16 10:02 . 2001-07-21 23:23	1,875,968	--a------	c:\windows\system32\dllcache\msir3jp.lex2009-02-16 10:01 . 2001-10-26 18:28	13,463,552	--a------	c:\windows\system32\dllcache\hwxjpn.dll2009-02-16 10:00 . 2004-08-03 23:44	2,134,528	--a------	c:\windows\system32\dllcache\smtpsnap.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-16 08:59	---------	d-----w	c:\program files\microsoft frontpage2009-02-16 08:58	---------	d-----w	c:\program files\Usługi online.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PowerPoint]@="{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4}"[HKEY_CLASSES_ROOT\CLSID\{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4}]2001-01-01 15:37	90112	--a------	c:\windows\System32\java52e.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NAV Agent"="c:\progra~1\NORTON~1\navapw32.exe" [2001-08-16 74832]"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]"nwiz"="nwiz.exe" [2005-06-15 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Turbo Torrent\\ttorrent.exe"=[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc.Zawartość folderu 'Zaplanowane zadania'2009-02-16 c:\windows\Tasks\Symantec NetDetect.job- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 12:23]2009-02-16 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job- c:\progra~1\NORTON~1\NAVW32.exe [2001-08-16 18:15]..------- Skan uzupełniający -------.IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000TCP: {9292F7AB-894C-406E-8D83-50E3848F359B} = 194.204.159.1 194.204.152.34.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-16 16:56:03Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\SYSTEM32\ACS.EXEc:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\NORTON ANTIVIRUS\NAVAPSVC.EXEc:\windows\SYSTEM32\NVSVC32.EXEc:\windows\SYSTEM32\WSCNTFY.EXEc:\program files\NORTON ANTIVIRUS\NAVAPW32.EXEc:\windows\SYSTEM32\RUNDLL32.EXEc:\program files\HP\Digital Imaging\bin\hpqSTE08.exe.**************************************************************************.Czas ukończenia: 2009-02-16 16:58:29 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-02-16 15:58:28Przed: 16 306 176 000 bajtów wolnychPo: 16,597,549,056 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect234
Mateusz J.
komentarz
komentarz

Jeszcze takie pytanie gdzie wykrywa tego wirusa?

Do usunięcia postał folder: C:\Recycled

Poza tym czysto.

Usuń folder c:\QooBox.

Dodatkowo przeczyć katalogi TEMP programem ATF-cleaner.

pazzo
komentarz
komentarz

A jak mam ATF to mam zaznaczyć w nim te pliki z temp? np. windows temp? Bo on jes usunie nie?

Aha i teraz mi wyskakuje W32.wullik@mm

A i jeszcze: wykrywa mi to na E i D (w głownym folderze. D:/W32... bo C sformatowałem. Więcej partycji nie mam.

Mateusz J.
komentarz
komentarz

Ale w jakich plikach?

Wklej do notatnika:

Folder::C:\RecycledE:\RecycledD:\Recycled

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

cfscript10uc2su5.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

A jak mam ATF to mam zaznaczyć w nim te pliki z temp? np. windows temp? Bo on jes usunie nie?
tak...wczystko co ma w sobie slowo temp zaznacz...temporary itp.
pazzo
komentarz
komentarz
ComboFix 09-02-15.01 - zxc 2009-02-16 21:00:42.2 - [b]FAT32[/b]x86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.511.278 [GMT 1:00]Uruchomiony z: C:\ComboFix.exeUżyto następujących komend :: C:\CFScript.txt * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Recycledc:\recycled\desktop.inic:\recycled\INFO2D:\Recycledd:\recycled\desktop.inid:\recycled\INFO2E:\Recyclede:\recycled\desktop.inie:\recycled\INFO2.(((((((((((((((((((((((((   Pliki utworzone od 2009-01-16 do 2009-02-16  ))))))))))))))))))))))))))))))).2009-02-16 18:22 . 2009-02-16 18:22	<DIR>	d--------	c:\program files\uTorrent2009-02-16 18:22 . 2009-02-16 18:22	<DIR>	d--------	c:\documents and settings\zxc\Dane aplikacji\uTorrent2009-02-16 18:20 . 2009-02-16 18:20	50,688	--a------	C:\ATF-Cleaner.exe2009-02-16 16:47 . 2009-02-16 16:47	2,923,783	-ra------	C:\ComboFix.exe2009-02-16 16:14 . 2009-02-16 16:14	<DIR>	d--------	c:\program files\Turbo Torrent2009-02-16 16:13 . 2009-02-16 16:13	3,426,711	--a------	C:\turbo-1.1.6.exe2009-02-16 15:42 . 2009-02-16 15:42	<DIR>	d--------	c:\program files\Gadu-Gadu2009-02-16 15:42 . 2009-02-16 15:42	<DIR>	d--------	c:\documents and settings\zxc\Gadu-Gadu2009-02-16 13:48 . 2009-02-16 13:48	<DIR>	d--------	c:\documents and settings\zxc\Dane aplikacji\HP2009-02-16 13:47 . 2009-02-16 13:47	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\WEBREG2009-02-16 13:45 . 2007-03-08 05:20	16,496	-ra------	c:\windows\system32\drivers\HPZipr12.sys2009-02-16 13:44 . 2009-02-16 13:44	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard2009-02-16 13:44 . 2007-05-02 11:03	267,864	-ra------	c:\windows\system32\hpzids01.dll2009-02-16 13:44 . 2007-03-15 15:32	118,272	--a------	c:\windows\system32\hpz3l5ha.dll2009-02-16 13:44 . 2007-03-08 05:20	49,920	-ra------	c:\windows\system32\drivers\HPZid412.sys2009-02-16 13:44 . 2007-03-08 05:20	21,568	-ra------	c:\windows\system32\drivers\HPZius12.sys2009-02-16 13:43 . 2007-05-02 09:56	954,368	-ra------	c:\windows\system32\hpotiop5.dll2009-02-16 13:43 . 2007-05-02 10:01	675,840	-ra------	c:\windows\system32\hpowiax5.dll2009-02-16 13:43 . 2007-03-08 05:20	364,544	-ra------	c:\windows\system32\hppldcoi.dll2009-02-16 13:43 . 2007-03-08 05:20	309,760	-ra------	c:\windows\system32\difxapi.dll2009-02-16 13:43 . 2007-05-02 10:00	303,104	-ra------	c:\windows\system32\hpovst12.dll2009-02-16 13:43 . 2004-08-03 22:58	15,104	--a------	c:\windows\system32\drivers\usbscan.sys2009-02-16 13:43 . 2004-08-03 22:58	15,104	--a------	c:\windows\system32\dllcache\usbscan.sys2009-02-16 13:42 . 2009-02-16 13:42	<DIR>	d--------	c:\documents and settings\zxc\Dane aplikacji\HPAppData2009-02-16 13:42 . 2009-02-16 13:42	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY2009-02-16 13:41 . 2009-02-16 13:41	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant2009-02-16 13:41 . 2009-02-16 13:41	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\HP2009-02-16 13:40 . 2009-02-16 13:40	<DIR>	d--------	c:\program files\Hewlett-Packard2009-02-16 13:40 . 2009-02-16 13:40	<DIR>	d--------	c:\program files\Common Files\HP2009-02-16 13:40 . 2009-02-16 13:40	<DIR>	d--------	c:\program files\Common Files\Hewlett-Packard2009-02-16 13:39 . 2009-02-16 13:39	<DIR>	d--------	c:\windows\system32\DRVSTORE2009-02-16 13:38 . 2009-02-16 13:38	<DIR>	d--------	c:\program files\HP2009-02-16 13:38 . 2004-08-03 23:08	31,616	--a------	c:\windows\system32\drivers\usbccgp.sys2009-02-16 13:38 . 2004-08-03 23:08	31,616	--a------	c:\windows\system32\dllcache\usbccgp.sys2009-02-16 13:38 . 2004-08-03 23:08	26,496	--a------	c:\windows\system32\dllcache\usbstor.sys2009-02-16 13:38 . 2004-08-03 23:01	25,856	--a------	c:\windows\system32\drivers\usbprint.sys2009-02-16 13:38 . 2004-08-03 23:01	25,856	--a------	c:\windows\system32\dllcache\usbprint.sys2009-02-16 13:37 . 2009-02-16 13:46	159,941	--a------	c:\windows\hpoins21.dat2009-02-16 13:37 . 2007-05-15 11:13	8,138	---------	c:\windows\hpomdl21.dat2009-02-16 13:34 . 2003-06-19 01:31	17,920	--a------	c:\windows\system32\mdimon.dll2009-02-16 13:34 . 2009-02-16 13:34	421	--a------	c:\windows\ODBC.INI2009-02-16 13:33 . 2009-02-16 13:33	<DIR>	d--------	c:\program files\Microsoft.NET2009-02-16 13:33 . 2009-02-16 13:33	<DIR>	d--------	c:\program files\Microsoft Works2009-02-16 13:32 . 2009-02-16 13:32	<DIR>	d--------	c:\windows\SHELLNEW2009-02-16 11:31 . 2009-02-16 11:31	<DIR>	d--------	c:\program files\IrfanView2009-02-16 11:25 . 2009-02-16 11:25	<DIR>	d--------	C:\Nowy folder2009-02-16 10:31 . 2009-02-16 10:31	<DIR>	d--------	c:\windows\nview2009-02-16 10:31 . 2005-06-15 10:20	176,128	--a------	c:\windows\system32\nvudisp.exe2009-02-16 10:31 . 2009-02-16 16:56	26,682	--a------	c:\windows\system32\nvapps.xml2009-02-16 10:31 . 2005-06-15 10:20	14,757	--a------	c:\windows\system32\nvdisp.nvu2009-02-16 10:29 . 2004-05-02 09:47	23,040	-ra------	c:\windows\system32\drivers\GVCplDrv.sys2009-02-16 10:26 . 2005-05-17 10:45	300,032	-ra------	c:\windows\system32\idecoi.dll2009-02-16 10:26 . 2005-05-17 10:45	92,800	-ra------	c:\windows\system32\drivers\nvata.sys2009-02-16 10:25 . 2009-02-16 10:25	<DIR>	d--------	c:\program files\Realtek Sound Manager2009-02-16 10:25 . 2009-02-16 10:25	<DIR>	d--------	c:\program files\AvRack2009-02-16 10:24 . 2009-02-16 10:24	<DIR>	d--------	c:\program files\AMD2009-02-16 10:24 . 2004-12-22 10:06	17,584,128	--a------	c:\windows\system32\ALSNDMGR.CPL2009-02-16 10:24 . 2004-11-05 09:29	208,896	---------	c:\windows\alcupd.exe2009-02-16 10:24 . 2004-09-01 13:04	139,264	---------	c:\windows\alcrmv.exe2009-02-16 10:24 . 2005-03-09 15:53	43,008	--a------	c:\windows\system32\drivers\AmdK8.sys2009-02-16 10:17 . 2009-02-16 10:17	<DIR>	d--------	c:\program files\TP-LINK2009-02-16 10:17 . 2005-12-30 08:04	1,396,835	--a------	c:\windows\system32\AegisE5.dll2009-02-16 10:17 . 2005-12-21 10:16	470,048	--a------	c:\windows\system32\drivers\ar5211.sys2009-02-16 10:17 . 2005-12-21 10:16	470,048	--a------	c:\windows\system32\ar5211.sys2009-02-16 10:17 . 2005-12-30 08:15	385,024	--a------	c:\windows\system32\athcfg11.dll2009-02-16 10:17 . 2005-12-30 08:04	315,392	--a------	c:\windows\system32\AegisI5.exe2009-02-16 10:17 . 2006-03-21 09:52	249,856	--a------	c:\windows\system32\wgapi.dll2009-02-16 10:17 . 2005-12-30 08:10	237,568	--a------	c:\windows\system32\wcapi.dll2009-02-16 10:17 . 2005-12-30 08:14	77,824	--a------	c:\windows\system32\athcfg11res.dll2009-02-16 10:17 . 2006-03-29 16:04	42,484	--a------	c:\windows\system32\net5211.inf2009-02-16 10:17 . 2005-12-30 08:15	36,864	--a------	c:\windows\system32\acs.exe2009-02-16 10:17 . 2009-02-16 10:17	21,275	--a------	c:\windows\system32\drivers\AegisP.sys2009-02-16 10:17 . 2005-12-21 10:15	26	--a------	c:\windows\system32\net5211.cat2009-02-16 10:16 . 2009-02-16 10:16	<DIR>	d--------	C:\temp2009-02-16 10:14 . 2009-02-16 10:14	<DIR>	d--------	c:\program files\Wireless 11Mbps Network2009-02-16 10:14 . 2009-02-16 10:14	<DIR>	d--h-----	c:\program files\InstallShield Installation Information2009-02-16 10:14 . 2009-02-16 10:14	<DIR>	d--------	c:\program files\Common Files\InstallShield2009-02-16 10:14 . 2002-12-04 16:09	81,920	--a------	c:\windows\W32N50.dll2009-02-16 10:14 . 2003-04-08 14:43	40,960	--a------	c:\windows\system32\_IsUser.dll2009-02-16 10:14 . 2002-12-04 16:09	32,768	--a------	c:\windows\PCARmDrv.exe2009-02-16 10:14 . 2002-12-04 16:09	18,189	--a------	c:\windows\PCAMPR5.SYS2009-02-16 10:14 . 2002-12-04 16:09	17,936	--a------	c:\windows\PCAMPR4.SYS2009-02-16 10:14 . 2002-12-04 16:09	17,134	--a------	c:\windows\PCANDIS5.SYS2009-02-16 10:14 . 2002-12-04 16:09	16,848	--a------	c:\windows\PCANDIS4.SYS2009-02-16 10:14 . 2002-12-04 16:09	16,580	--a------	c:\windows\PCAMPR3.VXD2009-02-16 10:14 . 2002-12-04 16:09	16,073	--a------	c:\windows\PCANDIS3.VXD2009-02-16 10:11 . 2009-02-16 10:11	<DIR>	d--------	c:\program files\Symantec2009-02-16 10:11 . 2009-02-16 10:11	<DIR>	d--------	c:\program files\Norton AntiVirus2009-02-16 10:11 . 2009-02-16 10:11	<DIR>	d--------	c:\program files\Common Files\Symantec Shared2009-02-16 10:11 . 2009-02-16 10:11	<DIR>	d--------	c:\documents and settings\zxc\Dane aplikacji\Symantec2009-02-16 10:11 . 2009-02-16 10:11	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Symantec2009-02-16 10:11 . 2001-08-15 15:20	120,379	--a------	c:\windows\system32\SYMEVNT.3862009-02-16 10:11 . 2001-08-15 15:20	57,696	--a------	c:\windows\system32\drivers\SYMEVENT.SYS2009-02-16 10:11 . 2001-08-15 15:20	36,864	--a------	c:\windows\system32\S32EVNT1.DLL2009-02-16 10:11 . 2001-08-15 15:20	4,032	--a------	c:\windows\system32\SYMEVNT1.DLL2009-02-16 10:05 . 2009-02-16 09:50	<DIR>	d--h-----	c:\documents and settings\zxc\Ustawienia lokalne2009-02-16 10:05 . 2009-02-16 10:05	<DIR>	dr-------	c:\documents and settings\zxc\Ulubione2009-02-16 10:05 . 2009-02-16 09:50	<DIR>	d--h-----	c:\documents and settings\zxc\Szablony2009-02-16 10:05 . 2009-02-16 09:50	<DIR>	d--------	c:\documents and settings\zxc\Pulpit2009-02-16 10:05 . 2009-02-16 10:05	<DIR>	dr-------	c:\documents and settings\zxc\Moje dokumenty2009-02-16 10:05 . 2009-02-16 09:50	<DIR>	dr-------	c:\documents and settings\zxc\Menu Start2009-02-16 10:05 . 2009-02-16 09:50	<DIR>	dr-h-----	c:\documents and settings\zxc\Dane aplikacji2009-02-16 10:05 . 2009-02-16 10:05	<DIR>	d--------	c:\documents and settings\zxc2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d---s----	c:\windows\system32\Microsoft2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--h-----	c:\documents and settings\NetworkService\Ustawienia lokalne2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--------	c:\documents and settings\NetworkService\Dane aplikacji2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--hs----	c:\documents and settings\NetworkService2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--h-----	c:\documents and settings\LocalService\Ustawienia lokalne2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--------	c:\documents and settings\LocalService\Dane aplikacji2009-02-16 10:04 . 2009-02-16 10:04	<DIR>	d--hs----	c:\documents and settings\LocalService2009-02-16 10:04 . 2009-02-16 10:04	8,192	--a------	c:\windows\REGLOCS.OLD2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	dr-h-----	c:\windows\system32\config\systemprofile\Ustawienia lokalne2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	d--------	c:\windows\system32\config\systemprofile\Ulubione2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	d--h-----	c:\windows\system32\config\systemprofile\Szablony2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	d--------	c:\windows\system32\config\systemprofile\Pulpit2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	d--------	c:\windows\system32\config\systemprofile\Moje dokumenty2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	dr-------	c:\windows\system32\config\systemprofile\Menu Start2009-02-16 10:03 . 2009-02-16 09:50	<DIR>	dr-h-----	c:\windows\system32\config\systemprofile\Dane aplikacji2009-02-16 10:02 . 2001-07-21 23:23	1,875,968	--a------	c:\windows\system32\dllcache\msir3jp.lex2009-02-16 10:01 . 2001-10-26 18:28	13,463,552	--a------	c:\windows\system32\dllcache\hwxjpn.dll2009-02-16 10:00 . 2004-08-03 23:44	2,134,528	--a------	c:\windows\system32\dllcache\smtpsnap.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-16 08:59	---------	d-----w	c:\program files\microsoft frontpage2009-02-16 08:58	---------	d-----w	c:\program files\Usługi online.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PowerPoint]@="{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4}"[HKEY_CLASSES_ROOT\CLSID\{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4}]2001-01-01 15:37	90112	--a------	c:\windows\System32\java52e.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NAV Agent"="c:\progra~1\NORTON~1\navapw32.exe" [2001-08-16 74832]"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]"nwiz"="nwiz.exe" [2005-06-15 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Turbo Torrent\\ttorrent.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="d:\\Program Files\\uTorrent\\uTorrent.exe"=[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc.Zawartość folderu 'Zaplanowane zadania'2009-02-16 c:\windows\Tasks\Symantec NetDetect.job- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 12:23]2009-02-16 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job- c:\progra~1\NORTON~1\NAVW32.exe [2001-08-16 18:15]..------- Skan uzupełniający -------.IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000TCP: {9292F7AB-894C-406E-8D83-50E3848F359B} = 194.204.159.1 194.204.152.34.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-16 21:01:48Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2009-02-16 21:02:29ComboFix2.txt  2009-02-16 15:58:32ComboFix-quarantined-files.txt  2009-02-16 20:02:28Przed: 16 340 451 328 bajtów wolnychPo: 16,561,242,112 bajtów wolnych219
Mateusz J.
komentarz
komentarz

Czysto.

Usuń folder c:\QooBox.

pazzo
komentarz
komentarz

Ok. Dzięki wielkie za pomoc :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.