Witam.
Wirusa znalazł kolega programem antywirusowym Awast kiedy zgrywał instalke aplikacji na swoj dysk.Program zainstalowałem jakiś 4-5 dniu mój NOD32 ani Kasperski nie wykrył nic. Nazwa wirusa to
Win32:Ardamax-gen [Tool]
Wkleja Logi Z Programu ComboFix
2007-07-06 17:36 352 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
Zmienna PATH folderu
Numer seryjny woluminu: F46A-0944
C:\QOOBOX
\---Quarantine
\---Registry_backups
services_nm.reg.cf
I Drugi Log
"Wampir" - 2007-07-06 17:35:57 - ComboFix 07-07-04.4 - Dodatek Service Pack 2
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))
2007-07-06 17:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-06 15:42
Oraz Logi
[code]Logfile of HijackThis v1.99.1 Scan saved at 18:28:32, on 2007-07-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Cobian Backup 8\Cobian.exe C:\Program Files\FlashGet\FlashGet.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Konnekt\konnekt.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Cobian Backup 8\cbInterface.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\The Bat!\thebat.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft Ad-aware\Ad-aware.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\DOCUME~1\Wampir\USTAWI~1\Temp\Rar$EX00.406\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [Cobian Backup 8] “C:\Program Files\Cobian Backup 8\Cobian.exe” O4 - HKLM…\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKCU…\Run: [Konnekt] “C:\Program Files\Konnekt\konnekt.exe” /autostart O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{792E36D0-9533-4DEF-A2F8-72F59972D676}: NameServer = 194.204.159.1 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Logfile of HijackThis v1.99.1 Scan saved at 18:28:32, on 2007-07-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Cobian Backup 8\Cobian.exe C:\Program Files\FlashGet\FlashGet.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Konnekt\konnekt.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Cobian Backup 8\cbInterface.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\The Bat!\thebat.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft Ad-aware\Ad-aware.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\DOCUME~1\Wampir\USTAWI~1\Temp\Rar$EX00.406\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [Cobian Backup 8] “C:\Program Files\Cobian Backup 8\Cobian.exe” O4 - HKLM…\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKCU…\Run: [Konnekt] “C:\Program Files\Konnekt\konnekt.exe” /autostart O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{792E36D0-9533-4DEF-A2F8-72F59972D676}: NameServer = 194.204.159.1 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Skanowanie wykonano: 2007-07-06 18:19:42.
(AAW release 5.6, referencefile 081-02.09.2001)
================================================
Skanowanie pamięci
===================
Uruchomione procesy:
#:1 (smss.exe)
Path:\SystemRoot\System32\
ThreadCreationTime:2007-07-06 16:06:38
BasePriority :Normal
#:2 (winlogon.exe)
Path:\??\C:\WINDOWS\system32\
ThreadCreationTime:2007-07-06 16:06:44
BasePriority :High
#:3 (services.exe)
Path:C:\WINDOWS\system32\
ThreadCreationTime:2007-07-06 16:06:44
BasePriority :Normal
#:4 (lsass.exe)
Path:C:\WINDOWS\system32\
ThreadCreationTime:2007-07-06 16:06:44
BasePriority :Normal
#:5 (svchost.exe)
Path:C:\WINDOWS\system32\
ThreadCreationTime:2007-07-06 16:06:45
BasePriority :Normal
#:6 (svchost.exe)
Path:C:\WINDOWS\System32\
ThreadCreationTime:2007-07-06 16:06:45
BasePriority :Normal
#:7 (spoolsv.exe)
Path:C:\WINDOWS\system32\
ThreadCreationTime:2007-07-06 16:06:46
BasePriority :Normal
#:8 (explorer.exe)
Path:C:\WINDOWS\
ThreadCreationTime:2007-07-06 16:06:49
BasePriority :Normal
#:9 (rthdcpl.exe)
Path:C:\WINDOWS\
ThreadCreationTime:2007-07-06 16:06:50
BasePriority :Normal
#:10 (jusched.exe)
Path:C:\Program Files\Java\jre1.6.0_01\bin\
ThreadCreationTime:2007-07-06 16:06:50
BasePriority :Normal
#:11 (daemon.exe)
Path:C:\Program Files\D-Tools\
ThreadCreationTime:2007-07-06 16:06:50
BasePriority :Normal
#:12 (cobian.exe)
Path:C:\Program Files\Cobian Backup 8\
ThreadCreationTime:2007-07-06 16:06:50
BasePriority :Normal
#:13 (flashget.exe)
Path:C:\Program Files\FlashGet\
ThreadCreationTime:2007-07-06 16:06:51
BasePriority :Normal
#:14 (avp.exe)
Path:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\
ThreadCreationTime:2007-07-06 16:06:51
BasePriority :Normal
#:15 (konnekt.exe)
Path:C:\Program Files\Konnekt\
ThreadCreationTime:2007-07-06 16:06:51
BasePriority :Normal
#:16 (atkkbservice.exe)
Path:C:\WINDOWS\
ThreadCreationTime:2007-07-06 16:06:52
BasePriority :Normal
#:17 (cbinterface.exe)
Path:C:\Program Files\Cobian Backup 8\
ThreadCreationTime:2007-07-06 16:06:52
BasePriority :Normal
#:18 (avp.exe)
Path:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\
ThreadCreationTime:2007-07-06 16:06:52
BasePriority :Normal
#:19 (nvsvc32.exe)
Path:C:\WINDOWS\system32\
ThreadCreationTime:2007-07-06 16:06:52
BasePriority :Normal
#:20 (wuauclt.exe)
Path:C:\WINDOWS\system32\
ThreadCreationTime:2007-07-06 16:08:02
BasePriority :Normal
#:21 (thebat.exe)
Path:C:\Program Files\The Bat!\
ThreadCreationTime:2007-07-06 16:11:14
BasePriority :Normal
#:22 (firefox.exe)
Path:C:\Program Files\Mozilla Firefox\
ThreadCreationTime:2007-07-06 16:14:08
BasePriority :Normal
#:23 (ad-aware.exe)
Path:C:\Program Files\Lavasoft Ad-aware\
ThreadCreationTime:2007-07-06 16:19:24
BasePriority :Normal
Wynik skanowania pamięci:
Całkowita ilość znalezionych modułów:23
Odnalezione podejrzane moduły:0
Skanowanie rejstru
===================
Dokładne skanowanie rejestru
=============================
Rezultat skanowania rejestru:
Odnalezione podejrzane wpisy w rejestrze:0
Skanowanie folderu
===================
Analizuje dysk (D), 5 pozostaje.
Zakończono analizowanie dysku(D), 11585 Wszyskie foldery
Uwaga, brak dysku w napędzie (A)
Analizuje dysk (C), 3 pozostaje.
CometCursor folder:C:\download\www.gajdaw.pl\html\40-artykul\przyklady\11\comet
CometCursor folder:C:\download\www.gajdaw.pl\html\html\jules_verne\comet
CometCursor folder:C:\download\www.gajdaw.pl\php\7-artykul\przyklady\4-verne\comet
Zakończono analizowanie dysku(C), 18013 Wszyskie foldery
Analizuje dysk (D), 2 pozostaje.
Zakończono analizowanie dysku(D), 29598 Wszyskie foldery
Analizuje dysk (E), 1 pozostaje.
Zakończono analizowanie dysku(E), 30397 Wszyskie foldery
Analizuje dysk (F), 0 pozostaje.
Zakończono analizowanie dysku(F), 31327 Wszyskie foldery
Wynik skanowania folderu:
Analizowane foldery:120920
Odnalezione podejrzane foldery:3
Skanowanie pliku
=================
Wynik skanowania pliku:
Odnalezione podejrzane pliki:0
Podsumowanie skanowania
========================
Odnalezione podejrzane moduły:0
Odnalezione podejrzane wpisy w rejestrze:0
Odnalezione podejrzane foldery:3
Odnalezione podejrzane pliki:0
===============================
Pominięte szpiegujące komponenty:0
Odnalezione podejrzane komponenty szpiegujące:3