Mam problem. ściągnąłem z internetu jakiś badziew i przy uruchamianiu IE czy też po prostu explorera (np "mój komputer", foldery) wyskakuje mi jakiś "virus alert" zachęcający do pbrania oprogramowania... arcavir nie znalazl tego wirusa.
Błagam, pomocy! co robić?
oto mój log z combofixa:
- Kod: Zaznacz wszystko
ComboFix 08-09-27.01 - User 2008-09-27 23:42:32.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.509 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\User\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dane aplikacji\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Dane aplikacji\ZangoSA
C:\Documents and Settings\All Users\Dane aplikacji\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Dane aplikacji\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Dane aplikacji\ZangoSA\ZangoSAAbout.mht
C:\Documents and Settings\All Users\Dane aplikacji\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\All Users\Dane aplikacji\ZangoSA\ZangoSAEula.mht
C:\Documents and Settings\User\Cookies\user@metrics.adobe[1].txt
C:\Documents and Settings\User\Dane aplikacji\.#
C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\baidu
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\sosuo.col
C:\WINDOWS\system32\AdCache
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-27 do 2008-09-27 )))))))))))))))))))))))))))))))
.
2008-09-27 18:59 . 2008-09-27 18:59 53,248 --a------ C:\WINDOWS\system32\vaddes.dll
2008-09-27 18:59 . 2008-09-27 18:59 13,942 --a------ C:\WINDOWS\system32\c.ico
2008-09-27 18:59 . 2008-09-27 18:59 4,286 --a------ C:\WINDOWS\system32\s.ico
2008-09-27 18:59 . 2008-09-27 18:59 4,286 --a------ C:\WINDOWS\system32\m.ico
2008-09-27 18:59 . 2008-09-27 18:59 2,238 --a------ C:\WINDOWS\system32\p.ico
2008-09-27 17:27 . 2008-09-27 17:27 0 --a------ C:\WINDOWS\MusicEditor.INI
2008-09-27 14:07 . 2008-09-27 17:28 28 --a------ C:\WINDOWS\Robota.INI
2008-09-27 13:57 . 2007-04-27 10:43 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll
2008-09-27 12:34 . 2008-09-27 14:08 75 --a------ C:\WINDOWS\musicmaker.INI
2008-09-27 12:33 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-09-27 12:33 . 2004-08-11 19:53 38,912 --a------ C:\WINDOWS\system32\mgxasio.dll
2008-09-23 07:20 . 2008-09-23 07:20 <DIR> d-------- C:\Program Files\sina
2008-09-22 20:08 . 2008-09-22 20:08 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-09-22 17:20 . 2008-09-22 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks
2008-09-20 12:33 . 2008-09-20 12:33 <DIR> d-------- C:\WINDOWS\system32\pl
2008-09-20 12:33 . 2008-09-20 12:33 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-18 12:47 . 2008-04-14 19:20 196,608 --------- C:\WINDOWS\system32\napmontr.dll
2008-09-18 12:45 . 2004-08-04 06:29 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2008-09-18 12:45 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\[u]0[/u]05443_.tmp
2008-09-18 12:45 . 2008-04-14 18:35 2,524 --------- C:\WINDOWS\system32\pid.inf
2008-09-16 08:30 . 2008-09-16 08:30 <DIR> d--hs---- C:\FOUND.005
2008-09-10 17:46 . 2008-09-10 17:46 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-09-10 06:20 . 2008-09-10 06:20 <DIR> d--hs---- C:\FOUND.004
2008-09-09 19:20 . 2008-09-09 19:20 <DIR> d-------- C:\Program Files\Real Alternative
2008-09-05 15:34 . 2008-09-27 20:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-05 15:34 . 2008-09-05 15:34 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 16:48 2,368 ----a-w C:\WINDOWS\system32\SVKP.sys
2008-08-17 16:48 --------- d-----w C:\Program Files\Ultra RM Converter
2008-08-17 13:07 --------- d-----w C:\Program Files\RM Converter
2008-08-13 11:07 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\n-Track Studio5
2008-07-29 19:28 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Publish Providers
2008-07-29 19:28 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\NetMedia Providers
2008-07-29 19:16 --------- d-----w C:\Program Files\Sonic Foundry Setup
2008-07-28 10:35 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-27 17:05 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-27 17:05 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-25 16:32 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:29 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-27 11:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2005-03-31 20:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E402C66A-D5CB-441E-9F12-A5A864430AA2}]
2008-09-27 18:59 53248 --a------ C:\WINDOWS\system32\vaddes.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2004-12-16 987136]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Octoshape Streaming Services"="C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 156944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-06-10 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-08 282624]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\User\Menu Start\Programy\Autostart\
WordWeb.lnk - F:\WordWeb\wweb32.exe [2007-01-28 20992]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2006-02-14 2301952]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Uruchamianie pakietu Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-10-06 51984]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-10-06 111376]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-06 113664]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-03-21 925696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.asv2"= asusasv2.dll
"msacm.dvacm"= dvacm.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mks_Scan]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mks_Scan\Service]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"F:\\FileZilla\\FileZilla.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\Gadu-Gadu\\ggphone\\ggphone.exe"=
"D:\\AOE2CONQ\\empires2.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\FlashGet\\FLASHGET.EXE"=
"D:\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\User\\Dane aplikacji\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\TC PowerPack\\totalcmd.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Documents and Settings\\User\\Ustawienia lokalne\\Dane aplikacji\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-08-17 2368]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 44544]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36dc96a6-8ab9-11dc-93af-0060b30a1a0b}]
\Shell\Auto\command - activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe e
\Shell\explore\Command - activexdebugger32.exe f
\Shell\open\Command - activexdebugger32.exe f
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbdb731f-9bd3-11da-87e7-806d6172696f}]
\Shell\AutoRun\command - J:\AkademiaPJ.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-MailScanner - C:\Program Files\MKS_VIR_2006\Mks_mail.exe
HKCU-Run-RayV - C:\Program Files\RayV\RayV\RayV.exe
HKCU-Run-DANT - (no file)
HKCU-Run-PowerBar - (no file)
HKLM-Run-ISUSPM Startup - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
HKLM-Run-MKS_VIR_2006 - C:\Program Files\MKS_VIR_2006\mks2006.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\4hsbxv9g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://onet.pl/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 23:44:49
Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????<???D??sh??????w????h???Z??w(???*??wt?@?l?@??ib???????????????????????????7????????????????????w????g??w0??w????*??w???w????D??s???????????w????l?@????????w????t?@? ?b?????????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-09-27 23:45:36
ComboFix-quarantined-files.txt 2008-09-27 21:45:32
Przed: 1˙720˙909˙824 bajt˘w wolnych
Po: 2,042,298,368 bajt˘w wolnych
197 --- E O F --- 2008-09-21 09:04:55
