Niestety nie mogę sobie poradzić z trojanem.
Log z ComboFix wygląd następująco:
ComboFix 08-11-09.01 - Hilda 2008-11-09 23:57:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.138 [GMT 1:00]
Uruchomiony z: d:\documents and settings\Hilda\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
d:\windows\system32\amvo0.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-09 do 2008-11-09 )))))))))))))))))))))))))))))))
.
2008-11-09 23:49 . 2008-11-09 23:49
2008-11-09 11:48 . 2008-11-09 11:48
2008-11-09 11:48 . 2008-11-09 11:48
2008-11-09 11:48 . 2008-11-09 23:22 25,400 --a------ d:\windows\system32\drivers\pxark.sys
2008-11-09 11:41 . 2008-11-09 11:41
2008-11-09 11:40 . 2008-11-09 11:40
2008-11-09 10:48 . 2008-11-09 10:48
2008-11-09 10:47 . 2008-11-09 10:47
2008-11-09 10:42 . 2008-11-09 10:42
2008-11-09 10:42 . 2008-11-09 10:42
2008-11-09 10:42 . 2008-11-09 10:42
2008-11-09 10:42 . 2008-11-09 10:42 499,712 --a------ d:\windows\system32\msvcp71.dll
2008-11-09 10:38 . 2008-11-09 10:38 316,640 --a------ d:\windows\WMSysPr9.prx
2008-11-09 10:36 . 2008-11-09 10:38
2008-11-09 10:36 . 2008-11-09 10:41
2008-11-09 10:35 . 2008-11-09 10:36
2008-11-09 10:35 . 2008-09-16 01:14 3,596,288 --a------ d:\windows\system32\qt-dx331.dll
2008-11-09 10:35 . 2008-09-16 01:11 683,520 --a------ d:\windows\system32\divx.dll
2008-11-09 10:35 . 2008-11-09 10:42 348,160 --a------ d:\windows\system32\msvcr71.dll
2008-11-09 10:35 . 2008-09-16 01:12 81,920 --a------ d:\windows\system32\dpl100.dll
2008-11-09 10:35 . 2008-06-12 19:36 7,680 --a------ d:\windows\system32\ff_vfw.dll
2008-11-09 10:35 . 2007-07-10 17:10 547 --a------ d:\windows\system32\ff_vfw.dll.manifest
2008-11-09 10:27 . 2008-11-09 10:31
2008-11-09 01:01 . 2008-11-09 01:03
2008-11-09 00:57 . 2005-04-26 04:22 60,928 -ra------ d:\windows\system32\drivers\viamraid.sys
2008-11-09 00:57 . 2003-07-01 21:42 27,904 -ra------ d:\windows\system32\drivers\VIAAGP1.SYS
2008-11-09 00:56 . 2001-10-26 16:47 36,224 --a------ d:\windows\system32\drivers\isapnp.sys
2008-11-09 00:56 . 2001-10-26 16:47 36,224 --a–c— d:\windows\system32\dllcache\isapnp.sys
2008-11-09 00:52 . 2008-11-09 00:52 2,450 --a------ d:\windows\Ascd_tmp.ini
2008-11-09 00:44 . 2008-11-10 00:01
2008-11-09 00:44 . 2006-01-01 03:24
2008-11-09 00:44 . 2006-01-01 03:30
2008-11-09 00:44 . 2006-01-01 03:24
2008-11-09 00:44 . 2006-01-01 03:24
2008-11-09 00:44 . 2006-01-01 03:24
2008-11-09 00:44 . 2006-01-01 03:24
2008-11-09 00:44 . 2008-11-09 00:44
2008-11-08 23:59 . 2008-11-08 23:59
2008-11-08 23:59 . 2008-11-08 23:59
2008-11-08 23:59 . 2008-11-08 23:59
2008-11-08 23:59 . 2008-11-09 00:02
2008-11-08 23:32 . 2001-08-18 06:24 79,616 --a------ d:\windows\system32\drivers\wdmaud.sys
2008-11-08 23:32 . 2001-08-18 06:24 79,616 --a–c— d:\windows\system32\dllcache\wdmaud.sys
2008-11-08 23:32 . 2001-08-17 22:00 54,272 --a------ d:\windows\system32\drivers\swmidi.sys
2008-11-08 23:32 . 2001-08-17 22:00 54,272 --a–c— d:\windows\system32\dllcache\swmidi.sys
2008-11-08 23:32 . 2001-08-17 21:59 50,048 --a------ d:\windows\system32\drivers\DMusic.sys
2008-11-08 23:32 . 2001-08-17 21:59 50,048 --a–c— d:\windows\system32\dllcache\dmusic.sys
2008-11-08 23:32 . 2001-08-17 22:00 5,632 --a------ d:\windows\system32\drivers\splitter.sys
2008-11-08 23:32 . 2001-08-17 22:00 5,632 --a–c— d:\windows\system32\dllcache\splitter.sys
2008-11-08 23:30 . 2008-11-09 10:38
2008-11-08 23:30 . 2008-11-08 23:30
2008-11-08 23:30 . 2008-11-08 23:30
2008-11-08 23:30 . 2008-11-08 23:30
2008-11-08 23:30 . 2001-07-05 17:19 164 -r------- d:\windows\avrack.ini
2008-11-08 23:29 . 2005-08-12 11:40 307,200 -r------- d:\windows\alcupd.exe
2008-11-08 23:29 . 2005-09-09 09:39 212,992 -r------- d:\windows\alcrmv.exe
2008-11-08 23:25 . 2008-11-08 23:25
2008-11-08 23:25 . 2008-11-09 00:57
2008-11-08 23:24 . 2000-03-29 15:17 5,824 --a------ d:\windows\system32\drivers\ASUSHWIO.SYS
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 22:57 --------- d-----w d:\program files\Neostrada TP
2008-11-08 22:29 --------- d–h--w d:\program files\InstallShield Installation Information
2008-11-08 22:29 --------- d-----w d:\program files\Common Files\InstallShield
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“d:\windows\System32\ctfmon.exe” [2001-10-26 13312]
“Gadu-Gadu”=“d:\program files\Gadu-Gadu\gg.exe” [2007-07-09 2119104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WooCnxMon”=“d:\progra~1\NEOSTR~1\CnxMon.exe” [2003-10-16 24576]
“SpeedTouch USB Diagnostics”=“d:\program files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 866816]
“WOOWATCH”=“d:\progra~1\NEOSTR~1\Watch.exe” [2003-10-16 20480]
“WOOTASKBARICON”=“d:\progra~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 53248]
“ATIPTA”=“d:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2003-06-25 335872]
“RaidTool”=“d:\program files\VIA\RAID\raid_tool.exe” [2005-04-26 589824]
“TkBellExe”=“d:\program files\Common Files\Real\Update_OB\realsched.exe” [2008-11-09 185872]
“SoundMan”=“SOUNDMAN.EXE” [2005-09-22 d:\windows\soundman.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“d:\windows\System32\CTFMON.EXE” [2001-10-26 13312]
R1 fwdrv;Firewall Driver;d:\windows\System32\drivers\fwdrv.sys [2005-03-21 270336]
R2 CSIScanner;CSIScanner;d:\program files\PrevxCSI\prevxcsi.exe [2008-11-09 880696]
S0 pxark;pxark;d:\windows\System32\drivers\pxark.sys [2008-11-09 25400]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{29cfad31-7a72-11da-8ce4-806d6172696f}]
\Shell\AutoRun\command - u.bat
\Shell\explore\Command - u.bat
\Shell\open\Command - u.bat
*Newly Created Service* - PROCEXP90
*Newly Created Service* - UMWDF
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKLM-Run-WinampAgent - d:\program files\Winamp\winampa.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - d:\documents and settings\Hilda\Dane aplikacji\Mozilla\Firefox\Profiles\82mervfz.default\
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [http]
Rootkit scan 2008-11-10 00:01:38
Windows 5.1.2600 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
**************************************************************************
.
Czas ukończenia: 2008-11-10 0:02:23
ComboFix-quarantined-files.txt 2008-11-09 23:02:20
Przed: 34 128 343 040 bajtów wolnych
Po: 34,138,214,400 bajtów wolnych
WinXP_PL_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Windows XP Professional” /Fastdetect
Co dalej?
Z góry dziękuję za pomoc