Proszę niech ktoś mi pomorze mam nowego kompa i nowego wirusa
C:\WINDOWS\SYSTEM32\VBSDFE0.DLL
Proszę niech ktoś mi pomorze mam nowego kompa i nowego wirusa
C:\WINDOWS\SYSTEM32\VBSDFE0.DLL
Zainstaluj antywirusa, lub skorzystaj z któregoś skanera online.
ComboFix 08-12-20.05 - Ciszmek 2008-12-22 19:45:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2046.1538 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Ciszmek\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\system32\gasretyw0.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-22 do 2008-12-22 )))))))))))))))))))))))))))))))
.
2008-12-22 15:20 . 2008-12-22 19:25 85,504 -r-hs---- c:\windows\system32\vbsdfe0.dll
2008-12-22 14:53 . 2008-12-22 14:53
2008-12-22 14:03 . 2008-12-22 14:04
2008-12-22 14:03 . 2008-12-22 14:03
2008-12-22 12:34 . 2008-12-22 12:34 85,504 -r-hs---- c:\windows\system32\vbsdfe1.dll
2008-12-22 12:02 . 2001-10-26 20:28 13,463,552 --a–c— c:\windows\system32\dllcache\hwxjpn.dll
2008-12-22 12:01 . 2004-08-03 23:44 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-22 12:01 . 2008-12-22 12:01 749 -rah----- c:\windows\WindowsShell.Manifest
2008-12-22 12:01 . 2008-12-22 12:01 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-22 12:01 . 2008-12-22 12:01 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-12-22 12:01 . 2008-12-22 12:01 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-12-22 12:01 . 2008-12-22 12:01 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-12-22 12:01 . 2008-12-22 12:01 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-12-22 11:48 . 2008-11-13 16:20 203,540 --a------ c:\windows\system32\nvapps.nvb
2008-12-22 11:24 . 2008-12-22 11:24 84 --a------ c:\windows\system32\ikhcore.cfg
2008-12-21 23:51 . 2008-12-22 11:25
2008-12-21 23:34 . 2008-12-21 23:34 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-21 23:09 . 2008-12-21 23:09 0 --a------ c:\windows\nsreg.dat
2008-12-21 22:29 . 2008-12-21 22:29
2008-12-21 22:29 . 2008-12-21 22:29 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-21 22:27 . 2008-12-21 22:27
2008-12-21 22:27 . 2008-12-21 22:27
2008-12-21 22:25 . 2008-12-21 22:33
2008-12-21 22:25 . 2008-12-22 12:34 118,267 -r-hs---- c:\windows\system32\vamsoft.exe
2008-12-21 22:25 . 2008-12-09 05:44 107,045 -r-hs---- C:\m9ma.exe
2008-12-21 22:23 . 2008-12-22 16:00
2008-12-21 22:15 . 2008-12-21 22:16
2008-12-21 22:14 . 2008-12-21 22:14
2008-12-21 22:14 . 2008-12-21 22:14
2008-12-21 22:01 . 2008-12-21 22:01
2008-12-21 22:01 . 2008-12-21 22:01
2008-12-21 22:01 . 2004-07-20 17:24 1,568,768 --a------ c:\windows\system32\ImagX7.dll
2008-12-21 22:01 . 2004-07-20 17:24 476,320 --a------ c:\windows\system32\ImagXpr7.dll
2008-12-21 22:01 . 2004-07-20 17:24 471,040 --a------ c:\windows\system32\ImagXRA7.dll
2008-12-21 22:01 . 2004-07-09 09:43 364,544 --a------ c:\windows\system32\TwnLib4.dll
2008-12-21 22:01 . 2004-07-20 17:24 262,144 --a------ c:\windows\system32\ImagXR7.dll
2008-12-21 22:01 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-12-21 22:01 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-12-21 22:01 . 2001-06-26 08:15 38,912 --a------ c:\windows\system32\picn20.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 18:45 --------- d-----w c:\program files\Neostrada TP
2008-12-22 18:25 16,608 ----a-w c:\windows\gdrv.sys
2008-12-21 22:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-21 22:15 --------- d–h--w c:\program files\InstallShield Installation Information
2008-12-21 21:03 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2008-12-21 20:56 --------- d-----w c:\program files\AGEIA Technologies
2008-12-21 20:55 --------- d-----w c:\program files\Canon
2008-12-21 20:17 --------- d-----w c:\program files\Thomson
2008-12-21 20:16 --------- d-----w c:\program files\Java
2008-12-21 20:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-21 20:12 --------- d-----w c:\program files\Kaspersky Lab
2008-12-21 20:10 --------- d-----w c:\program files\Realtek
2008-12-21 20:10 --------- d-----w c:\documents and settings\Ciszmek\Dane aplikacji\InstallShield
2008-12-21 20:08 315,392 ----a-w c:\windows\HideWin.exe
2008-12-21 20:06 --------- d-----w c:\program files\Intel
2008-12-21 20:05 --------- d-----w c:\program files\GIGABYTE
2008-12-21 20:01 --------- d-----w c:\program files\microsoft frontpage
2008-12-21 20:00 --------- d-----w c:\program files\Usługi online
2008-11-12 12:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-10-13 08:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “c:\program files\Winamp Toolbar\winamptb.dll” [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-03 15360]
“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“vamsoft”=“c:\windows\system32\vamsoft.exe” [2008-12-22 118267]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“GEST”=“m‘|\ü” [X]
“WooCnxMon”=“c:\progra~1\NEOSTR~1\CnxMon.exe” [2003-10-16 24576]
“SpeedTouch USB Diagnostics”=“c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 866816]
“WOOWATCH”=“c:\progra~1\NEOSTR~1\Watch.exe” [2003-10-16 20480]
“WOOTASKBARICON”=“c:\progra~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 53248]
“Easy-PrintToolBox”=“c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE” [2004-01-14 409600]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-11-12 13672448]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2008-08-04 36352]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-11-12 86016]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-26 81000]
“nwiz”=“nwiz.exe” [2008-11-12 c:\windows\system32\nwiz.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2008-05-07 c:\windows\RTHDCPL.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360]
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\WINDOWS\system32\usmt\migwiz.exe”=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-22 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-22 20560]
R2 GEST Service;GEST Service for program management.;“c:\program files\GIGABYTE\EnergySaver\GSvr.exe” [2008-12-21 80392]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{50c75f99-cfa4-11dd-af69-000e50afedc8}]
\Shell\AutoRun\command - E:\iky.bat
\Shell\explore\Command - E:\iky.bat
\Shell\open\Command - E:\iky.bat
*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.neostrada.pl
IE: Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {c:\program files\Messenger\msmsgs.exe - -
FF - ProfilePath - c:\documents and settings\Ciszmek\Dane aplikacji\Mozilla\Firefox\Profiles\hu2x4a0h.default\
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 19:45:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-12-22 19:46:14
ComboFix-quarantined-files.txt 2008-12-22 18:46:07
Przed: 238 782 963 712 bajtów wolnych
Po: 239,067,811,840 bajtów wolnych
153