Witam, proszę o szczegółową pomoc bo jestem totalnie zielony jeżeli chodzi o usuwanie wirusów. Z góry dziękuje!
log:
ComboFix 08-04-17.1 - kubusnik 2008-04-18 18:55:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.669 [GMT 2:00]
Running from: D:\Instalki\Programy\antywiry\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.
2008-04-18 18:52 . 2008-04-18 18:52
2008-04-18 18:52 . 2008-04-18 18:52
2008-04-18 18:52 . 2008-04-18 18:52 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-04-17 23:52 . 2008-04-17 23:53
2008-04-17 23:50 . 2008-04-17 23:50 70,656 -r-hs---- C:\WINDOWS\system32\amvo2.dll
2008-04-17 15:29 . 2008-04-06 18:54 103,268 -r-hs---- C:\pa39xth.cmd
2008-04-14 12:01 . 2008-04-14 12:01
2008-04-14 11:50 . 2008-04-14 11:50
2008-04-05 14:44 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-05 14:44 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-05 11:06 . 2008-04-05 11:32
2008-03-25 12:30 . 2008-03-25 12:30
2008-03-20 17:44 . 2008-03-20 21:37 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 15:22 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-17 19:41 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-04-17 08:30 --------- d-----w C:\Documents and Settings\kubusnik\Dane aplikacji\Tlen.pl
2008-04-14 09:49 --------- d-----w C:\Program Files\MediaCoder
2008-04-13 18:53 --------- d-----w C:\Program Files\Audacity
2008-04-13 17:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 17:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-15 14:15 --------- d-----w C:\Program Files\PuzzleOnline
2008-03-15 11:42 --------- d-----w C:\Program Files\Java
2008-03-10 20:54 --------- d-----w C:\Documents and Settings\kubusnik\Dane aplikacji\Sony
2008-03-10 20:54 --------- d-----w C:\Documents and Settings\kubusnik\Dane aplikacji\Publish Providers
2008-03-10 20:54 --------- d-----w C:\Documents and Settings\kubusnik\Dane aplikacji\NetMedia Providers
2008-03-10 20:51 --------- d-----w C:\Program Files\Sony
2008-03-10 20:50 --------- d-----w C:\Program Files\Sony Setup
2008-03-06 11:00 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-04 19:13 --------- d-----w C:\Documents and Settings\kubusnik\Dane aplikacji\Tibia
2008-03-02 20:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\River Past G3
2008-03-02 20:45 --------- d-----w C:\Documents and Settings\kubusnik\Dane aplikacji\River Past G3
2008-03-01 21:45 --------- d-----w C:\Program Files\VirtualDubMod
2008-02-27 14:22 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-25 21:33 --------- d-----w C:\Program Files\Vietcong
2008-02-13 11:23 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-02-13 11:23 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-02-13 11:23 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-02-13 11:17 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-13 11:00 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-02-13 11:00 139,264 ----a-w C:\WINDOWS\War3Unin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-10-04 22:06 1135968]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00 15360]
“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\Wcescomm.exe” [2006-11-13 16:57 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NVMixerTray”=“C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” [2004-06-03 20:51 131072]
“AtiPTA”=“atiptaxx.exe” [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]
“PowerS”=“C:\WINDOWS\PowerS.exe” []
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 16:40 155648]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Tlen.pl\tlen.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“C:\Program Files\Veoh Networks\Veoh\VeohClient.exe”=
“D:\Games\Twierdza\Stronghold.EXE”=
“C:\Program Files\Opera\Opera.exe”=
“C:\Program Files\Vietcong\vietcong.exe”=
“D:\Games\Wesnoth 1.3.15a\wesnoth.exe”=
“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
“C:\WINDOWS\system32\dpvsetup.exe”=
“C:\WINDOWS\system32\rundll32.exe”=
“C:\Program Files\PuzzleOnline\DiceOnline.exe”=
“D:\Games\Dawn of War\W40k.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-18 18:52]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys [2007-09-26 22:53]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2007-09-26 22:53]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 CSIScanner;CSIScanner;“C:\Program Files\PrevxCSI\PrevxCSI.exe” /service []
S2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS []
S2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS []
S2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS []
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys []
S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-07-28 16:20]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0db2ed04-6c7e-11dc-a55e-806d6172696f}]
\Shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3224310c-6d93-11dc-afbf-00508de1a2a0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{63b4c503-f694-11dc-b2a6-0010b5c5661f}]
\Shell\AutoRun\command - I:\pa39xth.cmd
\Shell\explore\Command - I:\pa39xth.cmd
\Shell\open\Command - I:\pa39xth.cmd
*Newly Created Service* - CATCHME
*Newly Created Service* - CSISCANNER
*Newly Created Service* - PXARK
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 18:56:33
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-18 18:57:27
ComboFix-quarantined-files.txt 2008-04-18 16:57:21
Pre-Run: 3,631,833,088 bajtów wolnych
Post-Run: 3,842,838,528 bajtów wolnych
.
2007-10-13 14:20:54 — E O F —