Od jakiegoś czasu pojawia sie okienko z komunikatem Your system is infected with dangerous virus! i po kliknieciu na przucisk “ok” instaluje sie jakiś program atywirusowy nie mogę sobie dać z tym rady. I przeszkada w pracy oraz przęglądaniu różnych folderów
To jest log z Combofix
ComboFix 08-05-01.3 - user 2008-05-06 12:56:14.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.135 [GMT 2:00]
Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.
2008-05-06 10:47 . 2006-08-21 11:14 128,896 -----c— C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-05-06 10:47 . 2006-08-21 11:14 23,040 -----c— C:\WINDOWS\system32\dllcache\fltmc.exe
2008-05-06 10:47 . 2006-08-21 14:28 16,896 -----c— C:\WINDOWS\system32\dllcache\fltlib.dll
2008-05-06 10:25 . 2007-10-25 18:44 8,488,960 --a–c— C:\WINDOWS\system32\dllcache\shell32.dll
2008-05-06 10:25 . 2007-06-26 08:10 1,104,896 -----c— C:\WINDOWS\system32\dllcache\msxml3.dll
2008-05-06 10:25 . 2007-06-13 15:23 1,034,752 -----c— C:\WINDOWS\system32\dllcache\explorer.exe
2008-05-06 10:25 . 2006-12-26 15:09 536,576 -----c— C:\WINDOWS\system32\dllcache\msado15.dll
2008-05-06 10:25 . 2006-08-14 12:34 332,928 -----c— C:\WINDOWS\system32\dllcache\srv.sys
2008-05-06 10:25 . 2006-12-26 15:09 200,704 -----c— C:\WINDOWS\system32\dllcache\msadox.dll
2008-05-06 10:25 . 2006-12-26 15:09 180,224 -----c— C:\WINDOWS\system32\dllcache\msadomd.dll
2008-05-06 10:25 . 2006-10-13 14:41 143,872 -----c— C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-05-06 10:25 . 2006-12-19 23:51 135,168 -----c— C:\WINDOWS\system32\dllcache\shsvcs.dll
2008-05-06 10:25 . 2006-12-26 15:09 102,400 -----c— C:\WINDOWS\system32\dllcache\msjro.dll
2008-05-06 10:23 . 2007-11-07 11:29 723,968 -----c— C:\WINDOWS\system32\dllcache\lsasrv.dll
2008-05-06 10:23 . 2007-12-04 20:42 550,912 -----c— C:\WINDOWS\system32\dllcache\oleaut32.dll
2008-05-06 10:23 . 2006-03-17 02:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-05-06 10:21 . 2007-07-09 15:20 582,656 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-06 10:21 . 2007-04-02 07:59 546,304 -----c— C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-05-06 10:21 . 2006-05-05 11:41 453,120 -----c— C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-06 10:21 . 2006-05-05 11:47 174,592 -----c— C:\WINDOWS\system32\dllcache\rdbss.sys
2008-05-06 09:42 . 2008-05-06 09:45
2008-05-06 09:42 . 2008-05-06 09:43
2008-05-06 09:42 . 2008-05-06 09:45
2008-05-06 09:42 . 2008-05-06 09:42 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-05 10:32 . 2008-05-05 10:32
2008-04-09 20:06 . 2008-05-05 11:48
2008-04-09 20:05 . 2008-04-09 20:05
2008-04-09 20:05 . 2008-04-09 20:05
2008-04-07 22:44 . 2008-04-07 22:45 211,456 --a------ C:\WINDOWS\cndr32a.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 17:59 --------- d-----w C:\Program Files\ESET
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{1CF50F68-ECAD-45C6-AFC1-B5DC4B95B15E}]
2008-04-07 22:45 211456 --a------ C:\WINDOWS\cndr32a.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00 15360]
“TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2005-04-12 12:04 65536]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]
“LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [2007-03-18 20:19 67128]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-04-11 22:26 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2006-03-17 15:37 344064]
“RTHDCPL”=“RTHDCPL.EXE” [2006-04-18 06:34 16143872 C:\WINDOWS\RTHDCPL.exe]
“Apoint”=“C:\Program Files\Apoint2K\Apoint.exe” [2004-03-23 22:40 196608]
“AGRSMMSG”=“AGRSMMSG.exe” [2006-03-18 08:22 89541 C:\WINDOWS\agrsmmsg.exe]
“PadTouch”=“C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe” [2005-12-22 15:34 1077329]
“CeEKEY”=“C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe” [2006-03-16 13:27 634880]
“HWSetup”=“C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe” [2004-05-01 13:45 28672]
“SVPWUTIL”=“C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe” [2004-05-01 13:45 65536]
“TPNF”=“C:\Program Files\TOSHIBA\TouchPad\TPTray.exe” [2006-04-04 14:57 53248]
“Zooming”=“ZoomingHook.exe” [2005-06-06 09:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
“TPSMain”=“TPSMain.exe” [2005-09-13 10:01 266240 C:\WINDOWS\system32\TPSMain.exe]
“SmoothView”=“C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe” [2005-05-13 11:03 118784]
“Tvs”=“C:\Program Files\TOSHIBA\Tvs\TvsTray.exe” [2006-02-02 13:11 73728]
“DDWMon”=“C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe” [2006-04-28 11:49 262144]
“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2005-03-10 14:01 28160 C:\WINDOWS\KHALMNPR.Exe]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50 155648]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-18 20:19:31 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-01 16:21:43 438272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“SENTINEL”= snti386.dll
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-04-18 15:12]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 18:49]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\system32{DEF85C80-216A-43ab-AF70-1665EDBE2780} []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c66cce32-c502-11db-86fe-0016e3a0f3d2}]
\Shell\AutoRun\command - E:\SETUP.EXE
\Shell\configure\command - E:\SETUP.EXE
\Shell\install\command - E:\SETUP.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 12:57:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
“ImagePath”="??\C:\WINDOWS\system32{DEF85C80-216A-43ab-AF70-1665EDBE2780}"
.
Completion time: 2008-05-06 12:58:11
ComboFix-quarantined-files.txt 2008-05-06 10:58:07
Pre-Run: 70,747,787,264 bajtów wolnych
Post-Run: 70,737,174,528 bajtów wolnych
112 — E O F — 2008-05-06 08:52:45