przez Devilek 14 Lut 2009, 11:03
Nijak nie wiem jak je usunać. Ponizej zamieszczam raport:
- Kod: Zaznacz wszystko
Typ bazy danych użytej do skanowania rozszerzona
Skanuj archiwa tak
Skanuj pocztowe bazy danych tak
Obszar skanowania Folder
C:\
Statystyki skanowania
Przeskanowanych plików 66056
Nazwa zagrożenia 2
Zainfekowanych obiektów 2
Podejrzanych obiektów 0
Czas skanowania 10:26:20
Nazwa pliku Nazwa zagrożenia Liczba zagrożeń
C:\opgde.exe Zainfekowany: Trojan-Dropper.Win32.Agent.agza 1
C:\pagefile.sys.vbs Zainfekowany: Worm.VBS.Solow.b 1
Wybrany obszar został przeskanowany.
- Kod: Zaznacz wszystko
ComboFix 09-02-12.03 - Welcome 2009-02-13 14:40:37.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2046.1577 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Welcome\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-13 do 2009-02-13 )))))))))))))))))))))))))))))))
.
2009-02-12 15:25 . 2009-02-12 18:45 3,478 -rahs---- C:\pagefile.sys.vbs
2009-02-12 10:37 . 2009-02-12 10:37 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-11 09:06 . 2009-02-12 06:31 108,067 -r-hs---- C:\opgde.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 14:17 --------- d-----w c:\documents and settings\Welcome\Dane aplikacji\mIRC
2009-02-12 09:46 --------- d-----w c:\program files\mIRC
2009-02-11 17:44 --------- d-----w c:\documents and settings\Welcome\Dane aplikacji\uTorrent
2009-02-11 17:43 --------- d-----w c:\program files\FlashGet
2009-01-05 18:54 --------- d-----w c:\program files\SkanerOnline
2009-01-05 15:22 --------- d-----w c:\documents and settings\Welcome\Dane aplikacji\Winamp
2009-01-05 15:10 --------- d-----w c:\program files\Winamp
2008-12-14 20:42 --------- d-----w c:\documents and settings\Welcome\Dane aplikacji\Ventrilo
2008-12-14 20:41 --------- d-----w c:\program files\Ventrilo
2008-12-14 20:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-24 15:42 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-24 15:42 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2008-12-20 09:01 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 09:01 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 09:01 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 09:01 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 09:01 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-10-12 17:56 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-10-12 17:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2008-10-12 17:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008101220081013\index.dat
2008-10-12 17:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-09-20 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-19 13680640]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-09-20 c:\windows\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 10:29 2007088 c:\program files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-11-19 01:28 1657376 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-04-10 15:52 16861184 c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Gry\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Gry\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Gry\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Gry\\Heroes of Might and Magic V - Dzikie Hordy\\bin\\H5_Game.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Gry\\Spring\\SpringDownloader.exe"=
"c:\\Program Files\\NX Client for Windows\\nxclient.exe"=
"c:\\Program Files\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Gry\\Władca Pierścieni® - Podbój™\\Conquest.exe"=
"c:\\Gry\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9accf94-b27e-11dd-a21d-00508db0b0b2}]
\Shell\AutoRun\command - H:\2u.com
\Shell\explore\Command - H:\2u.com
\Shell\open\Command - H:\2u.com
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.nvidia.com/content/drivers/redirect.asp?language=PLK&page=sysutility
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D677C574-B488-4858-A185-B350FDA7399A} = 80.51.68.242
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 14:41:33
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-02-13 14:42:16
ComboFix-quarantined-files.txt 2009-02-13 13:42:15
Przed: 3 805 863 936 bajtów wolnych
Po: 3,876,773,888 bajtów wolnych
126 --- E O F --- 2009-02-11 23:28:46
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44:01, on 2009-02-13
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Programy\Bezpieczenstwo\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nvidia.com/content/drivers/redirect.asp?language=PLK&page=sysutility
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D677C574-B488-4858-A185-B350FDA7399A}: NameServer = 80.51.68.242
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4692 bytes
Nie polemizuj z idiotą - najpierw sprowadzi Cię do swojego poziomu, a później pobije doświadczeniem.
