Problem z alertem antivirgear

Dla specjalistów Bezpieczeństwo
#1

…hi…mam podobny problem…z tym alertem antivirgear…

…w/g wskazówek zrobiłem tak jak nalezy…czyli przeciągłem CFScript do ComboFix-a…ikonka dalej jest…co mnie irytuje…prosze o pomoc! !!

:frowning: :frowning: :frowning: :frowning: :frowning: :frowning:

ComboFix 07-11-01.1 - Właściciel 2007-11-03 20:05:51.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.1.1250.1.1045.18.68 [GMT 1:00]

Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Właściciel\Pulpit\CFScript.txt

* Created a new restore point

FILE::

C:\WINDOWS\system32\swqzdtj.dll

.

((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))

.

2007-11-03 20:05 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-23 21:31 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-10-23 21:31 50,688 --a–c— C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2007-10-23 21:31 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll

2007-10-23 21:31 45,568 --a–c— C:\WINDOWS\system32\dllcache\iyuv_32.dll

2007-10-23 21:31 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll

2007-10-23 21:31 8,192 --a–c— C:\WINDOWS\system32\dllcache\tsbyuv.dll

2007-10-23 21:21 61,440 --a------ C:\WINDOWS\VM303_STI.exe

2007-10-23 21:04 390,849 --a------ C:\WINDOWS\system32\drivers\usbVM303.sys

2007-10-23 21:04 102,400 --a------ C:\WINDOWS\VM303Cap.exe

2007-10-23 21:04 81,920 --a------ C:\WINDOWS\system32\VM303STI.dll

2007-10-23 18:16

2007-10-23 18:16

2007-10-23 18:16

2007-10-23 18:16 53,248 --a------ C:\WINDOWS\Sti303.exe

2007-10-23 18:16 32,768 --a------ C:\WINDOWS\VMZoom.exe

2007-10-23 18:16 24,576 --a------ C:\WINDOWS\VMPipe.dll

2007-10-21 10:35 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll

2007-10-21 10:35 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll

2007-10-21 10:35 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL

2007-10-21 10:35 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL

2007-10-21 10:35 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll

2007-10-21 10:35 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL

2007-10-21 10:35 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL

2007-10-21 10:35 20,992 --a------ C:\WINDOWS\system32\CMCT2FR.DLL

2007-10-21 10:35 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL

2007-10-20 10:22

2007-10-19 13:35 129,784 --------- C:\WINDOWS\system32\pxafs.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-03 18:28 --------- d-----w C:\Program Files\Neostrada TP

2007-11-03 18:27 --------- d-----w C:\Program Files\lg_fwupdate

2007-11-03 18:27 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Skype

2007-11-03 18:26 6,520 ----a-w C:\WINDOWS\system32\drivers\ghstwall.sys

2007-11-02 22:23 --------- d-----w C:\Program Files\ArcaMicroScanPro

2007-11-02 22:21 --------- d-----w C:\Program Files\Google

2007-10-28 12:42 12,800 --s-a-w C:\WINDOWS\system32\yneid.dll

2007-10-25 20:16 --------- d–h--w C:\Program Files\InstallShield Installation Information

2007-10-23 17:16 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-10-20 09:36 --------- d-----w C:\Program Files\BearShare

2007-10-19 12:56 --------- d-----w C:\Program Files\Winamp

2007-10-18 08:32 --------- d-----w C:\Program Files\Quintessential Player

2007-09-20 11:46 --------- d-----w C:\Program Files\Common Files\Adobe

2007-09-17 11:40 --------- d-----w C:\Program Files\BitSpirit

2007-09-17 11:35 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\BitSpirit

2006-11-24 19:51 774,144 ----a-w C:\Program Files\RngInterstitial.dll

2005-03-31 20:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

2006-09-25 06:59:09 2,048 --sh–w C:\WINDOWS\system32\helperlrsys1.exe

2006-08-31 21:23:43 2,048 --sh–w C:\WINDOWS\system32\helpermnew1winc.exe

2006-09-30 08:02:48 2,048 --sh–w C:\WINDOWS\system32\helpermnewwinc1.exe

2006-08-31 21:23:43 143,360 --sh–w C:\WINDOWS\system32\mnew1winc.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

#2

log jest obcięty daj go drugi raz ale w całości

#3

ComboFix 07-11-01.1 - Właściciel 2007-11-03 22:18:39.6 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.1.1250.1.1045.18.66 [GMT 1:00]

Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Właściciel\Pulpit\CFScript.txt

* Created a new restore point

FILE::

C:\WINDOWS\system32\swqzdtj.dll

.

((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))

.

2007-11-03 20:59

2007-11-03 20:55

2007-11-03 20:52

2007-11-03 20:49

2007-11-03 20:45

2007-11-03 20:05 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-23 21:31 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-10-23 21:31 50,688 --a–c— C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2007-10-23 21:31 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll

2007-10-23 21:31 45,568 --a–c— C:\WINDOWS\system32\dllcache\iyuv_32.dll

2007-10-23 21:31 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll

2007-10-23 21:31 8,192 --a–c— C:\WINDOWS\system32\dllcache\tsbyuv.dll

2007-10-23 21:21 61,440 --a------ C:\WINDOWS\VM303_STI.exe

2007-10-23 21:04 390,849 --a------ C:\WINDOWS\system32\drivers\usbVM303.sys

2007-10-23 21:04 102,400 --a------ C:\WINDOWS\VM303Cap.exe

2007-10-23 21:04 81,920 --a------ C:\WINDOWS\system32\VM303STI.dll

2007-10-23 18:16

2007-10-23 18:16

2007-10-23 18:16

2007-10-23 18:16 53,248 --a------ C:\WINDOWS\Sti303.exe

2007-10-23 18:16 32,768 --a------ C:\WINDOWS\VMZoom.exe

2007-10-23 18:16 24,576 --a------ C:\WINDOWS\VMPipe.dll

2007-10-21 10:35 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll

2007-10-21 10:35 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL

2007-10-21 10:35 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL

2007-10-21 10:35 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll

2007-10-21 10:35 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL

2007-10-21 10:35 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL

2007-10-21 10:35 20,992 --a------ C:\WINDOWS\system32\CMCT2FR.DLL

2007-10-21 10:35 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL

2007-10-20 10:22

2007-10-19 13:35 129,784 --------- C:\WINDOWS\system32\pxafs.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-03 21:09 --------- d-----w C:\Program Files\Neostrada TP

2007-11-03 21:02 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Skype

2007-11-03 21:01 6,520 ----a-w C:\WINDOWS\system32\drivers\ghstwall.sys

2007-11-03 21:01 --------- d-----w C:\Program Files\lg_fwupdate

2007-11-03 19:53 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\ArcaBit

2007-11-02 22:23 --------- d-----w C:\Program Files\ArcaMicroScanPro

2007-11-02 22:21 --------- d-----w C:\Program Files\Google

2007-10-28 12:42 12,800 --s-a-w C:\WINDOWS\system32\yneid.dll

2007-10-25 20:16 --------- d–h--w C:\Program Files\InstallShield Installation Information

2007-10-23 17:16 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-10-20 09:36 --------- d-----w C:\Program Files\BearShare

2007-10-19 12:56 --------- d-----w C:\Program Files\Winamp

2007-09-20 11:46 --------- d-----w C:\Program Files\Common Files\Adobe

2007-09-17 11:40 --------- d-----w C:\Program Files\BitSpirit

2007-09-17 11:35 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\BitSpirit

2006-11-24 19:51 774,144 ----a-w C:\Program Files\RngInterstitial.dll

2005-03-31 20:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

2006-09-25 06:59:09 2,048 --sh–w C:\WINDOWS\system32\helperlrsys1.exe

2006-08-31 21:23:43 2,048 --sh–w C:\WINDOWS\system32\helpermnew1winc.exe

2006-09-30 08:02:48 2,048 --sh–w C:\WINDOWS\system32\helpermnewwinc1.exe

.

((((((((((((((((((((((((((((( snapshot@2007-11-03_20.08.14,07 )))))))))))))))))))))))))))))))))))))))))

.

  • 2007-11-03 19:50:55 28,672 ----a-r C:\WINDOWS\Installer{BF6F11F5-EC16-4F78-A65F-C892FE97EECC}\IconBF6F11F5.exe

  • 2007-11-03 19:50:55 13,312 ----a-r C:\WINDOWS\Installer{BF6F11F5-EC16-4F78-A65F-C892FE97EECC}\IconBF6F11F51.exe

  • 2005-10-10 09:05:04 503,808 ----a-w C:\WINDOWS\system32\ABCP.dll

  • 2005-10-10 09:05:18 774,144 ----a-w C:\WINDOWS\system32\ABCPD.dll

  • 2005-10-10 09:04:56 352,256 ----a-w C:\WINDOWS\system32\ABCR.dll

  • 2005-10-10 09:05:14 557,056 ----a-w C:\WINDOWS\system32\ABCRD.dll

  • 2005-10-10 09:56:38 1,056,768 ----a-w C:\WINDOWS\system32\ABGUI.DLL

  • 2005-10-10 09:57:14 2,187,264 ----a-w C:\WINDOWS\system32\ABGUID.DLL

  • 2005-10-10 09:58:02 1,045,504 ----a-w C:\WINDOWS\system32\ABGUIU.DLL

  • 2005-10-10 09:58:46 2,187,264 ----a-w C:\WINDOWS\system32\ABGUIUD.DLL

  • 2007-11-03 19:05:40 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
  • 2007-11-03 21:18:29 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
  • 2005-05-14 19:09:30 2,179,072 ----a-w C:\WINDOWS\system32\mfc71d.dll

  • 2003-03-19 05:28:40 2,179,072 ----a-w C:\WINDOWS\system32\mfc71d.dll

  • 2003-03-19 04:04:24 765,952 ----a-w C:\WINDOWS\system32\msvcp71d.dll

  • 2005-10-24 14:10:52 139,264 ----a-w C:\WINDOWS\system32\TS_LogonListener.dll

  • 2003-04-21 13:09:50 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
  • 2004-12-07 09:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{43BF8E0C-886D-4103-8DDB-2DFE0E8A0168}]

C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}”= C:\Program Files\Video Add-on\ictmdl.dll []

[HKEY_CLASSES_ROOT\CLSID{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}”= C:\Program Files\Video Add-on\ictmdl.dll []

[HKEY_CLASSES_ROOT\CLSID{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“VTTimer”=“VTTimer.exe” [2005-03-08 02:33 C:\WINDOWS\system32\VTTimer.exe]

“VTTrayp”=“VTtrayp.exe” [2005-11-01 03:15 C:\WINDOWS\system32\VTTrayp.exe]

“LGODDFU”=“C:\Program Files\lg_fwupdate\fwupdate.exe” [2005-04-12 09:11]

“RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 16:35]

“InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2005-06-10 15:20]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50]

“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 17:07]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 17:07]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 17:07]

“GhostWall”=“C:\Program Files\GhostWall\ghostwall.exe” [2005-09-29 15:28]

“ArcaMicroScanPro”=“C:\Program Files\ArcaMicroScanPro\arcamicroscanpro.exe” [2006-09-16 20:09]

“BigDog303”=“C:\WINDOWS\VM303_STI.exe” [2005-10-25 11:56]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” [2006-11-09 15:07]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” []

“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 15:17]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-10-10 06:28]

“AVMenu”=“C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe” [2006-10-30 15:44]

“abregmon”=“C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe” [2006-02-22 12:09]

“ArcaCheck”=“C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe” [2005-12-19 16:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-06-12 16:33]

“Gadu-Gadu”=“C:\PROGRA~1\GADU-G~1\gg.exe” [2007-07-09 08:39]

“mlrnew1c”=“C:\WINDOWS\system32\mnew1winc.exe” []

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-29 21:55:34]

AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2006-06-18 19:32:59]

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-07-05 11:13:28]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

“{41591d7f-9e25-4bd0-af53-9908fcf3a738}”= C:\WINDOWS\System32\yneid.dll [2007-10-28 13:42 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TS_LogonListener]

TS_LogonListener.dll 2005-10-24 15:10 139264 C:\WINDOWS\system32\TS_LogonListener.dll

R1 ABTDI;ABTDI;??\C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys

R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;C:\Program Files\ArcaBit\Common\TaskScheduler.exe

R2 ArcaVirMonitor;ArcaVir Antivirus Monitor Service;C:\Program Files\ArcaBit\ArcaVir\AvMon.exe

R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\System32\DRIVERS\DLPortIO.sys

R2 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\System32\FreezeScreenSaver.exe

R2 ghstwall;ghstwall;??\C:\WINDOWS\system32\drivers\ghstwall.sys

R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;“C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe”

R3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;“C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe”

R3 arcaen;ArcaVir Monitor Kernel Engine Driver;??\C:\Program Files\ArcaMicroScanPro\arcaen.sys

R3 arcaev;ArcaVir Monitor Kernel Events Driver;??\C:\Program Files\ArcaMicroScanPro\arcaev.sys

R3 arcafd;ArcaVir Monitor Kernel Filter Driver;??\C:\Program Files\ArcaMicroScanPro\arcafd.sys

R3 Cap7134;Cinergy 400 TV Capture;C:\WINDOWS\System32\DRIVERS\Cap7134.sys

R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\System32\DRIVERS\PhTVTune.sys

S2 ProtectedContentSvc;Windows Protected Content Restoration Service;C:\WINDOWS\etc\services.exe

S2 RadPciNT;RadPciNT;??\C:\WINDOWS\System32\Drivers\RadPciNT.sys

S2 Win32Kernel;Win32 Kernel Update;“C:\WINDOWS\win32host.exe”

S3 BTNetFilter;Bluetooth Network Filter;??\C:\WINDOWS\system32\drivers\BTNetFilter.sys

S3 DCamUSBPremier;DC E30;C:\WINDOWS\System32\Drivers\mpixvid.sys

S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\System32\drivers\srs_sscfilter.sys

S3 Vsp;Vsp;??\C:\WINDOWS\System32\drivers\Vsp.sys

S3 ZSMC303;A4 TECH PC Camera H;C:\WINDOWS\System32\Drivers\usbVM303.sys

.

Contents of the ‘Scheduled Tasks’ folder

“2007-10-19 15:15:01 C:\WINDOWS\Tasks\1-Click Maintenance.job”

  • C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-03 22:21:15

Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)???

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-03 22:22:30

C:\ComboFix2.txt … 2007-11-03 22:08

C:\ComboFix3.txt … 2007-11-03 21:58

.

— E O F —