VIRY.CZ

Bohužiaľ nejde mi stiahnuť ten súbor wscntfy.exe (download error, 404 page not found, You cannot be access this file).

Nejak se mi blbe zkopiroval link, hodil jsem Vam ho sem tedy http://leteckaposta.cz/408296936

Počas toho ako Combofix pracoval mi vyhodilo Windows file protection a chcelo po mne CD Win XP SP 2, Combofix pokračoval, reštartoval a vyhodil log:


ComboFix 12-12-22.01 - Administrator . 12. 2012 22:46:51.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1422 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\wscntfy.exe --> c:\windows\System32\wscntfy.exe
.
((((((((((((((((((((((((( Files Created from 2012-11-23 to 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 21:46 . 2012-12-23 21:38 13824 ----a-w- c:\windows\system32\wscntfy.exe
2012-12-23 21:41 . 2012-12-23 21:38 13824 ------w- C:\wscntfy.exe
2012-12-22 15:21 . 2012-12-22 15:21 -------- d-----w- c:\windows\system32\xircom
2012-12-22 15:21 . 2012-12-22 15:21 -------- d-----w- c:\windows\system32\wbem\snmp
2012-12-22 15:21 . 2012-12-22 15:21 -------- d-----w- c:\program files\microsoft frontpage
2012-12-22 15:11 . 2004-08-03 21:15 451456 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-12-22 12:12 . 2012-12-22 12:57 -------- d-----w- c:\program files\trend micro
2012-12-22 12:12 . 2012-12-22 12:12 -------- d-----w- C:\rsit
2012-12-07 11:53 . 2012-12-07 11:53 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-11-26 20:31 . 2012-12-02 20:03 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-02 20:03 . 2011-09-10 13:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-04 20:45 . 2012-12-04 20:45 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2007-03-03 . 1745B00FC1141404B28F4B94F69A8871 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2012-12-23 . D0327BA990EDE5658781E433A4CD2388 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Windows Codecs]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-12-18 01:27 172032 ----a-w- c:\documents and settings\All Users\Application Data\Windows Codecs\MediaShellOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"Creative Launcher"="c:\program files\Creative\Launcher\CTLauncher.exe" [1999-07-21 257536]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [1999-04-12 203264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-11-22 2219184]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [7. 1. 2010 17:15 30808]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13. 1. 2010 17:03 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21. 11. 2011 7:16 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22. 11. 2011 10:46 814264]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [13. 3. 2012 18:44 99896]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11. 2. 2011 22:23 35088]
S2 gupdate1caedd8a96101ca;Služba Google Update (gupdate1caedd8a96101ca);c:\program files\Google\Update\GoogleUpdate.exe [7. 5. 2010 12:30 133104]
S3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [6. 2. 2011 19:01 21376]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [13. 1. 2010 18:53 29372]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [17. 6. 2011 18:33 237008]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [13. 3. 2012 18:43 17408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tmdvpehv.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-23 22:53
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\DEVCON32.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\DEVCON32.DLL
.
- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\DEVCON32.DLL
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\documents and settings\All Users\Application Data\Windows Codecs\MediaShellOverlays.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\MsPMSPSv.exe
.
**************************************************************************
.
Completion time: 2012-12-23 22:54:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-23 21:54
ComboFix2.txt 2012-12-23 10:57
ComboFix3.txt 2012-12-22 15:23
.
Pre-Run: 12 503 359 488 bytes free
Post-Run: 12 489 818 112 bytes free
.
- - End Of File - - 9385D0043E8715F80B1DFCB751485035

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :filefind
  tcpip.sys
  wscntfy.exe

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

SystemLook 30.07.11 by jpshortstuff
Log created at 23:07 on 23/12/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "tcpip.sys"
C:\WINDOWS\system32\drivers\tcpip.sys --a---- 359040 bytes [14:39 03/03/2007] [14:39 03/03/2007] 1745B00FC1141404B28F4B94F69A8871

Searching for "wscntfy.exe"
C:\wscntfy.exe ------- 13824 bytes [21:41 23/12/2012] [21:38 23/12/2012] D0327BA990EDE5658781E433A4CD2388
C:\WINDOWS\system32\wscntfy.exe --a---- 13824 bytes [21:46 23/12/2012] [21:38 23/12/2012] D0327BA990EDE5658781E433A4CD2388

-= EOF =-

Jak se chova PC?

Celý PC je o hodne rýchlejší, mal som ho pár minút teraz zase pripojený k netu a stále išiel, nevypadol, ale bohužiaľ stále mám rovnaký problém pri akomkoľvek videu. Otvorím súbor, ťuknem na video, video sa otvorí a následne na sekundu, dve celá obrazovka sčerná a keď znova nabehne, na spodnej konzole chýba otvorený priečinok (keď mám otvorený napr. internetový prehliadač, ten ostane otvorený) a video prehrávač neprehrá. Ale stále sa to chová nejak zvláštne, niekedy ho aj začne prehrávať ale obrazovka aj tak sčerná a priečinok zmizne, niekedy vypíše nejakú chybovú hlášku a až potom sekne.

Ono by to chtelo nainstalovat ServicePack 3 - resi mnoho chyb, problemu a bezpecnostnich der pro windows

Doteraz to v pohode fungovalo, myslel som, že to tiež robil ten vírus, keď spolu s tým začal štrajkovať internet. Po sviatkoch by mi mal prísť nový Windows, môžem ho tam nainštalovať? Vírus by mal byť mŕtvy, prípadne pri formátovaní disku zmizne? Antivírus už nič v operačnej pamäti nehlási.

Ten vir co tam byl jiz je v prac - formnatem byste se jej nezbavil (tedy pokud by nebyly odstraneny i particie), ale to je ted ji z minulosti...

Samozrejme novy Win nainstalovat muzete, ale doporucuji jej udelat na cisty dis k(= instalace s formatem)

Skvelé, ďakujem za ochotu a za Váš čas! Prajem príjemné sviatky

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat