Witam
Mam podobny problem z wyskakująca samoczynnie tapetą.
Żeby usunąć ten wirus należy za każdym razem osobny przypadek skany programem combofix.
czy jest zastoswane kody możne zastosować powtarzalnie.
Za podpowiedz dziękuje
skan z programu
ComboFix 08-02.05.1 - DOMINAT sp z o o 2008-02-05 22:59:18.4 - FAT32 x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.27 [GMT 1:00]
Running from: C:\Documents and Settings\DOMINAT sp z o o\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\dpvtporrfd.dll
C:\WINDOWS\elfwgps.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.
2008-01-25 17:48 . 1996-12-18 09:11 284,160 --a------ C:\WINDOWS\unin0415.exe
2008-01-25 17:29 . 2008-01-25 17:29 152 --a------ C:\WINDOWS\Aslan.INI
2008-01-25 17:28 . 2008-01-25 17:28
2008-01-25 16:28 . 2008-01-25 16:28
2008-01-25 16:28 . 2004-08-23 13:20 158,720 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-01-25 16:28 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-01-24 17:02 . 2008-01-24 15:54 278,528 --a------ C:\WINDOWS\aswmklt.dll
2008-01-24 17:02 . 2008-01-24 15:54 151,552 --a------ C:\WINDOWS\fvqkfsp.exe
2008-01-19 12:00 . 2008-01-19 12:00 221 --a------ C:\WINDOWS\NCLogConfig.ini
2008-01-15 17:50 . 2008-01-15 17:50
2008-01-15 09:02 . 2008-01-15 09:02
2008-01-15 09:02 . 2008-01-15 09:02
2008-01-15 09:02 . 2004-03-09 01:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-01-15 09:02 . 2008-01-15 09:02 264,097 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5968.exe
2008-01-15 09:02 . 1998-06-24 01:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-01-15 09:02 . 2001-10-28 17:42 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-01-15 09:02 . 1998-07-06 01:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-01-12 16:33 . 2008-01-12 16:33
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 17:00 --------- d-----w C:\Program Files\CCleaner
2008-01-02 16:37 --------- d-----w C:\Program Files\neostrada tp
2008-01-02 11:55 --------- d-----w C:\Program Files\Canon
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“OM2_Monitor”=“C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe” [2007-02-08 20:43 95800]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 20:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LaunchApp”=“Alaunch” []
“SiSPower”=“SiSPower.dll” [2005-02-25 04:35 49152 C:\WINDOWS\system32\SiSPower.dll]
“SiS Windows KeyHook”=“C:\WINDOWS\system32\keyhook.exe” [2005-03-04 13:13 32768]
“SoundMan”=“SOUNDMAN.EXE” [2005-02-23 03:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-07 23:44 98394]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-07 23:43 688218]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-07-15 01:07 32768]
“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2004-08-04 20:00 208952]
“MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-04 20:00 59392]
“PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 20:00 455168]
“PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 20:00 455168]
“LManager”=“C:\Program Files\Launch Manager\QtZgAcer.EXE” [2005-03-28 12:30 315392]
“eRecoveryService”=“C:\Acer\Empowering Technology\eRecovery\Monitor.exe” [2005-11-16 16:41 393216]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648]
“OBSWATCH”=“C:\PROGRA~1\ORANGEBS\Watch.exe” [2005-04-21 15:32 20480]
“OBSKIT”=“C:\PROGRA~1\ORANGEBS\TaskbarIcon.exe” [2005-03-18 16:11 32768]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 20:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-01-04 16:52:52 331776]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“bqxomdo”= {8823C47C-8A2F-4BED-B95F-B40F5B521831} - C:\WINDOWS\bqxomdo.dll []
“aswmklt”= {3DE2E534-3F09-4F99-B8DE-6272D8F00852} - C:\WINDOWS\aswmklt.dll [2008-01-24 15:54 278528]
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 01:14]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 00:18]
R3 SEM43XX;Sony Ericsson 802.11 sterownik sieciowego adaptera SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys [2005-01-03 00:05]
R3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2004-12-13 12:20]
R3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2004-12-13 12:20]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [2004-08-23 15:04]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-09-10 11:09]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 20:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8f5c7ec8-3122-11dc-a6c4-001636325321}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
*Newly Created Service* - INT15.SYS
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 23:02:49
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-05 23:03:41
ComboFix-quarantined-files.txt 2008-02-05 22:03:36
ComboFix2.txt 2008-02-05 17:42:18
.
2008-01-09 20:06:59 — E O F —