Ostatnio walcze z wirusem Win32.Trojan.GEN {Other} i innym badziewiem. Skanowalem roznymi antywirusami (min AVAST, Kaspersky) ale nie wiem czy calkiem wyczyscilem system i czy nie zagniezdzilo sie tam wiecej robali.
Prosze o pomoc w analizie loga i co ewentualnie powinienem jeszcze zrobic zeby wyczyscic system.
- Kod: Zaznacz wszystko
ComboFix 09-03-31.03 - Karol 2009-04-01 14:57:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.651 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Karol\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090331-0] *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-01 do 2009-04-01 )))))))))))))))))))))))))))))))
.
2009-04-01 13:30 . 2005-10-18 17:20 71,168 --a------ c:\windows\system32\drivers\ni_usb.sys
2009-04-01 13:30 . 2005-10-18 17:20 23,168 --a------ c:\windows\system32\drivers\NiBoot.sys
2009-04-01 13:30 . 2005-10-18 17:20 22,016 --a------ c:\windows\system32\drivers\ni_avs.sys
2009-04-01 13:26 . 2009-04-01 13:30 <DIR> d-------- c:\program files\Native Instruments
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-01 11:46 --------- d-----w c:\program files\FlashGet
2009-04-01 10:56 --------- d-----w c:\program files\Java
2009-04-01 10:20 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-31 15:55 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\Tlen.pl
2009-03-27 21:23 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\skypePM
2009-03-27 21:23 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\Skype
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-20 00:31 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\BESTplayer
2009-02-20 00:24 --------- d-----w c:\program files\ALLPlayer
2009-01-28 16:49 20 ---h--w c:\documents and settings\All Users\Dane aplikacji\PKP_DLdw.DAT
2009-01-07 10:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-24 19:21 20 ---h--w c:\documents and settings\All Users\Dane aplikacji\PKP_DLdu.DAT
2007-12-17 12:35 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2007-11-18 13:34 22,328 ----a-w c:\documents and settings\Karol\Dane aplikacji\PnkBstrK.sys
2007-10-08 10:16 604 ---ha-w c:\program files\STLL Notifier
2007-04-23 13:46 1 ----a-w c:\documents and settings\Karol\SI.bin
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-11-04 2502656]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-15 35328]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-11 241664]
"kX Mixer"="c:\windows\system32\kxmixer.exe" [2004-02-17 438784]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"TV Card Remote Control Device Monitor"="c:\windows\713xRMTMon.exe" [2008-06-17 352256]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\Karol\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Scheduler for OEM.lnk - c:\program files\honestech\honestech TVR\scheduleTV.exe [2008-10-06 307200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 16:55 32768 c:\progra~1\NEOSTR~1\GestMAJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 14:49 20480 c:\progra~1\NEOSTR~1\Watch.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\ProgMan\\Swiadectwa 6\\swiadectwa.exe"=
"c:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\karolkurek\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\karolkurek\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6667:TCP"= 6667:TCP:IRC
"3783:TCP"= 3783:TCP:Voice Chat Port
"27900:TCP"= 27900:TCP:Master Server UDP
"28900:TCP"= 28900:TCP:Master Server List
"29900:TCP"= 29900:TCP:GP Connection
"29901:TCP"= 29901:TCP:GP Search
"13139:TCP"= 13139:TCP:custom UDP
"6515:TCP"= 6515:TCP:Dplay UDP
"6500:TCP"= 6500:TCP:Query Port
"29920:TCP"= 29920:TCP:Gamestats Server
"5121:TCP"= 5121:TCP:port dodatkowy
"6881:TCP"= 6881:TCP:torrent
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 114768]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2008-10-06 279552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-06 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2008-10-06 25984]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-03-10 33792]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2004-02-17 571776]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2007-07-23 64000]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2008-10-06 906368]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-02-10 14336]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2007-07-23 116992]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2007-08-22 1527900]
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [2003-11-14 183680]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-03-10 16896]
.
Zawartość folderu 'Zaplanowane zadania'
2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://users.iptelecom.net.ua/~codecs/
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - c:\program files\Techland\Common\InternetTranslator\InternetTranslator.dll
TCP: {2825B27E-C5A4-47F0-A9C5-99144594A08A} = 192.168.0.1,195.204.152.34
TCP: {660F4FEC-E9FD-4B5A-BBB5-5D781CEC19EE} = 194.204.152.34,194.204.159.1
FF - ProfilePath - c:\documents and settings\Karol\Dane aplikacji\Mozilla\Firefox\Profiles\xmx1xdjq.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 14:59:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = c:\windows\713xRMTMon.exe???8t??????????T?a?0B8?x???????`t??????????????x???????????x?8?????????????????????????????????x?8?u???8B8?????????T?a?x?8?m?a?x??????????????|?B8?8t??????????????8t??????????????????????????????????0t??h???????????0t??(???8t????A????
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1390067357-1757981266-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c0,d9,d7,03,f8,32,ff,05,05,e8,72,63,0f,97,f2,8b,9d,7a,f3,56,d7,2a,52,
09,0c,09,a9,ca,87,df,c3,38,92,1f,e1,45,24,58,06,df,85,80,ae,d0,d4,30,f1,76,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
Czas ukończenia: 2009-04-01 15:00:58
ComboFix-quarantined-files.txt 2009-04-01 13:00:31
Przed: 8 631 099 392 bajtów wolnych
Po: 10,002,051,072 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
176
Bardzo prosze o pomoc
