na kazdym dysku widzi pliki awda2.exe. usunalem amvo przez CFScripty z ktoregos tam wczesniejszego posta, ktos mial tego samego trojana. teraz mi go nie widzi, ale problem jest z tymi awdami. Nie znam sie kompletnie na niczym, wiec jak wyjdzie ze komp sam sie zjada to sie nie smiac prosze tu log z combo fixa.
ComboFix 08-04-18.3 - Logan 2008-04-20 16:09:38.4 - FAT32 x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.504 [GMT 2:00]
Running from: C:\Documents and Settings\Logan\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.
2008-04-20 15:03 . 2008-04-20 15:03
2008-04-20 15:03 . 2008-04-20 15:03
2008-04-20 14:32 . 2008-04-20 14:32
2008-04-20 14:32 . 2008-04-20 14:32
2008-04-20 14:32 . 2008-04-20 15:10 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-04-16 11:56 . 2008-01-23 18:43 107,528 -r-hs---- C:\awda2.exe
2008-04-15 14:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-12 12:17 . 2008-04-12 12:17 63,880 --a------ C:\WINDOWS\system32{46a6d792-4adc-cb61-1a73-a0fee555ff4d}.dll-uninst.exe
2008-04-07 14:39 . 2008-04-07 14:39 329,728 --a------ C:\WINDOWS\system32{46a6d792-4adc-cb61-1a73-a0fee555ff4d}.dll
2008-04-05 10:37 . 2008-04-05 10:37
2008-04-02 20:05 . 2008-04-02 20:05
2008-03-30 13:16 . 2008-03-30 13:16
2008-03-29 12:52 . 2008-03-29 12:52
2008-03-20 17:16 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 22:56 --------- d-----w C:\Program Files\Common Files\DAZ
2008-03-09 10:05 --------- d-----w C:\Program Files\AnswerWorks 4.0
2008-03-09 10:01 --------- d-----w C:\Documents and Settings\Logan\Dane aplikacji\Autodesk
2008-03-09 10:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-03-09 10:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-09 10:00 --------- d-----w C:\Program Files\Autodesk
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:35 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-01-21 15:26 679,936 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-01-21 15:26 155,648 ----a-w C:\WINDOWS\system32\xvidvfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{efcc8272-3b7a-2836-17a5-8355e0d05e5f}]
2008-04-07 14:39 329728 --a------ C:\WINDOWS\system32{46a6d792-4adc-cb61-1a73-a0fee555ff4d}.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]
“Gadu-Gadu”=“C:\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-09-08 11:06 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2006-10-31 08:35 7634944]
“nwiz”=“nwiz.exe” [2006-10-31 08:35 1622016 C:\WINDOWS\system32\nwiz.exe]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-22 22:19 52840]
“CorelDRAW Graphics Suite 11b”="" []
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-07-21 15:39 77824]
“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2006-10-31 08:35 86016]
“RTHDCPL”=“RTHDCPL.EXE” [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]
“SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 18:30 517768]
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 23:46 57344]
“NWEReboot”="" []
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-15 14:30:18 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\LimeWire\LimeWire.exe”=
“D:\BitSpirit\BitSpirit.exe”=
“G:\3d\monitor.exe”=
“G:\3d\manager.exe”=
“G:\3d\server.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“19150:TCP”= 19150:TCP:BitComet 19150 TCP
“19150:UDP”= 19150:UDP:BitComet 19150 UDP
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-20 15:10]
R2 CSIScanner;CSIScanner;“C:\Program Files\PrevxCSI\PrevxCSI.exe” /service []
S3 autorun;autorun;c:\huadio.tmp []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-07-23 18:56]
*Newly Created Service* - CSISCANNER
*Newly Created Service* - ERASERUTILDRV10741
.
Contents of the ‘Scheduled Tasks’ folder
“2008-04-18 18:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Logan.job”
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exef/TASK:
“2008-04-20 12:58:10 C:\WINDOWS\Tasks\Norton Security Scan.job”
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 16:10:38
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
“ImagePath”="??\G:\L]
[\system\npkcrypt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\autorun]
“ImagePath”="??\c:\huadio.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npkcrypt]
“ImagePath”="??\G:\L]
.
Completion time: 2008-04-20 16:10:59
ComboFix2.txt 2008-04-20 13:03:16
ComboFix-quarantined-files.txt 2008-04-20 14:10:56
Pre-Run: 3,347,357,696 bajtów wolnych
Post-Run: 3,495,583,744 bajtów wolnych
127 — E O F — 2008-04-09 15:27:54