Witam!
Ja podobnie jak reszta obywateli mam problem z tym robalem. Próbowałem różnych metod, ale nie skutkują NIESTETY. BARDZO proszę o pomoc
Poniżej przesyłam LOG z ComboFix’a
ComboFix 08-05-20.5 - Adi 2008-05-21 20:39:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.316 [GMT 2:00]
Running from: C:\Documents and Settings\Adi\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.
2008-11-08 20:47 . 2008-11-08 20:47
2008-05-21 20:07 . 2008-05-21 20:07
2008-05-21 20:07 . 2008-05-21 20:07 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-05-21 20:06 . 2008-11-21 21:28
2008-05-19 16:07 . 2008-01-15 10:04 104,451 -r-hs---- C:\d.com
2008-05-11 00:04 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-11 00:04 . 2004-08-04 00:38 14,848 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-05-10 18:04 . 2008-05-10 18:04 27,224 --a------ C:\WINDOWS\desctemp.dat
2008-05-10 03:15 . 2008-05-10 03:15
2008-05-10 03:14 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-10 03:13 . 2008-05-10 03:38
2008-05-10 03:13 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-10 03:13 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-08 20:46 . 2008-05-08 20:46
2008-05-08 20:42 . 2001-10-26 19:29 74,240 --a–c— C:\WINDOWS\system32\dllcache\w3ext.dll
2008-05-08 20:41 . 2008-05-08 20:46
2008-05-04 14:05 . 2008-03-01 15:02 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-04 14:05 . 2007-04-17 11:32 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-04 14:05 . 2007-03-08 07:11 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-04 14:05 . 2008-03-01 15:02 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-04 14:05 . 2008-03-01 15:02 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-04 14:05 . 2008-03-01 15:02 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-04 14:05 . 2008-03-01 15:02 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-04 14:05 . 2008-03-01 15:02 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-04 14:05 . 2008-02-22 12:00 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-03 18:56 . 2008-05-04 15:15
2008-05-01 21:46 . 2007-11-08 20:41
2008-05-01 21:46 . 2008-05-01 21:46
2008-05-01 21:46 . 2008-05-01 21:46
2008-05-01 21:46 . 2007-09-17 13:38 22,528 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2008-05-01 21:46 . 2007-09-17 13:38 15,872 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2008-05-01 21:46 . 2007-09-17 13:38 15,872 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2008-04-24 20:28 . 2008-11-08 20:44
2008-04-21 19:15 . 2008-04-25 22:38
2008-04-21 18:52 . 2008-04-21 18:53
2008-04-21 18:52 . 2008-04-21 19:09
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 18:41 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Skype
2008-05-02 08:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-01 10:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\UDL
2008-05-01 10:21 --------- d-----w C:\Program Files\epson
2008-04-22 19:32 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Winamp
2008-04-21 16:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-21 16:45 --------- d-----w C:\Program Files\Ashampoo
2008-04-21 16:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-04-21 15:27 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\AdobeUM
2008-04-20 12:51 --------- d-----w C:\Program Files\Common Files\Real
2008-04-20 12:50 --------- d-----w C:\Program Files\SubEdit-Player
2008-04-19 16:23 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-19 15:26 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-04-19 15:26 --------- d-----w C:\Program Files\CyberLink
2008-04-19 14:57 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-15 10:14 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Ahead
2008-04-13 17:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
2008-04-13 17:00 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\ArcaBit
2008-04-13 16:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-04-13 16:35 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-13 16:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-03-30 19:10 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\SolidWorks
2008-03-30 14:00 --------- d-----w C:\Program Files\Winamp
2008-03-30 13:44 --------- d-----w C:\Program Files\Java
2008-03-29 22:22 --------- d-----w C:\Program Files\Common Files\Java
2008-03-23 23:30 --------- d-----w C:\Documents and Settings\Adi\Dane aplikacji\Desktop Sidebar
2008-03-22 20:57 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-22 19:57 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-03-21 12:02 --------- d-----w C:\Documents and Settings\Max\Dane aplikacji\Ahead
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360]
“CursorXP”=“C:\Program Files\CursorXP\CursorXP.exe” [2005-01-19 17:34 128000]
“RocketDock”=“C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe” [2007-03-19 00:05 630784]
“ccleaner”=“C:\Program Files\CCleaner\CCleaner.exe” [2008-04-23 18:19 1189104]
“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2007-12-19 22:13 486856]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]
“Skype”=“D:\Program Files Secondo\Skype\Phone\Skype.exe” [2006-07-21 14:16 19953192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“nForce Tray Options”=“sstray.exe” [2003-08-13 06:25 73728 C:\WINDOWS\system32\sstray.exe]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-08-25 13:52 339968]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2004-08-25 15:25 28672]
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 01:47 31016]
“DefragTaskBar”=“C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe” [2007-08-28 16:31 169312]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-01-16 00:54 37376]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57 153136]
“SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-06-25 08:47 1629480]
“InCD”=“C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [2007-06-25 08:47 1057064]
“PCTAVApp”=“C:\Program Files\PC Tools AntiVirus\PCTAV.exe” [2007-10-04 15:44 1082664]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2004-08-25 15:25 28672]
C:\Documents and Settings\Max\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
C:\Documents and Settings\Adi\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
Spis treci programu OneNote.onetoc2 [2008-02-05 01:01:58 3656]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]
Y’z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00 734872]
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-08-25 15:25:56 28672]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 11:28:16 1200128]
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-04-24 20:28:46 882176]
Wyszukiwanie z pulpitu systemu Windows.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“D:\Program Files Secondo\Skype\Phone\Skype.exe”=
“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-05-21 20:07]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys [2007-02-01 18:50]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2007-02-01 18:50]
R2 CSIScanner;CSIScanner;“C:\Program Files\PrevxCSI\prevxcsi.exe” /service []
S2 UMAXPCLS;Sterownik skanera portu drukowania;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 22:58]
S3 GVTDrv;GVTDrv;C:\WINDOWS\system32\drivers\GVTDrv.sys [2008-01-02 23:32]
S3 ps_drv;ps_drv;C:\Documents and Settings\Adi\ps_drv.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\d.com
\Shell\explore\Command - C:\d.com
\Shell\open\Command - C:\d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\d.com
\Shell\explore\Command - D:\d.com
\Shell\open\Command - D:\d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\Setup.exe
*Newly Created Service* - CSISCANNER
*Newly Created Service* - PXARK
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 20:42:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\Ati2evxx.dll
PROCESS: C:\WINDOWS\explorer.exe
-
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
Completion time: 2008-05-21 20:43:37
ComboFix-quarantined-files.txt 2008-05-21 18:43:30
ComboFix2.txt 2007-11-08 18:37:08
Pre-Run: 15,968,620,544 bajtów wolnych
Post-Run: 15,958,855,680 bajtów wolnych
186 — E O F — 2008-05-10 01:46:41