Logi - Uporczywy wirus - wyświetla napis

Załapałem wirusa, gdzie wyskakuje napis your privacy is in danger :/ Przy okazji mam pytanie, jakiego antywira polecacie?

Log


ComboFix 08-07-19.1 - Mateusz 2008-07-27 11:06:03.5 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.88 [GMT 2:00]
Running from: H:\Dysk D\System\Walka\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mateusz\Ulubione\Error Cleaner.url
C:\Documents and Settings\Mateusz\Ulubione\Privacy Protector.url
C:\Documents and Settings\Mateusz\Ulubione\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm

.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-27 10:57 . 2008-07-27 10:57 294 ---hs---- C:\WINDOWS\system32\xxgosata.ini
2008-07-27 10:53 . 2008-07-27 10:53 95,360 --a------ C:\WINDOWS\system32\atasogxx.dll
2008-07-27 10:50 . 2008-07-27 10:50 294 ---hs---- C:\WINDOWS\system32\rynjcmek.ini
2008-07-27 10:44 . 2008-07-27 10:44 323,584 --a------ C:\WINDOWS\system32\ddcDwvSi.dll
2008-07-27 10:35 . 2008-07-27 09:57 356,352 --a------ C:\WINDOWS\nfavxwdbsxb.dll
2008-07-27 10:35 . 2008-07-27 09:57 229,376 --a------ C:\WINDOWS\wnslvxtf.dll
2008-07-27 10:35 . 2008-07-27 09:57 188,416 --a------ C:\WINDOWS\fdkowvbp.dll
2008-07-27 10:35 . 2008-07-27 09:57 180,224 --a------ C:\WINDOWS\eqvwamkl.dll
2008-07-27 10:35 . 2008-07-27 09:57 86,016 --a------ C:\WINDOWS\grswptdl.exe
2008-07-25 16:24 . 2008-07-25 23:48 192 --a------ C:\WINDOWS\wcx_ftp.ini
2008-07-20 17:07 . 2008-07-20 17:07 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-20 16:30 . 2008-07-20 16:30 <DIR> d-------- C:\Program Files\SkanerOnline
2008-07-20 11:29 . 2008-07-20 11:29 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-07-15 19:00 . 2008-07-15 19:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Ulubione
2008-07-06 18:17 . 2008-07-06 18:17 <DIR> d-------- C:\Program Files\Fast Break Basketball

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

2006-04-20 13:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
2002-08-28 23:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 08:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2004-08-04 08:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\SoftwareDistribution\Download\908074217de9c0a4d4d2d573db7b5e8f\sp2qfe\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\SoftwareDistribution\Download\908074217de9c0a4d4d2d573db7b5e8f\sp2gdr\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\SoftwareDistribution\Download\908074217de9c0a4d4d2d573db7b5e8f\sp3gdr\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\SoftwareDistribution\Download\908074217de9c0a4d4d2d573db7b5e8f\sp3qfe\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{425CE662-D175-4A9D-A30D-949F8A2E9665}]
2008-07-27 10:44 323584 --a------ C:\WINDOWS\system32\ddcDwvSi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEFFF7D6-917C-4D8D-A780-7C2D69F1B01A}]
2008-07-27 09:57 356352 --a------ C:\WINDOWS\nfavxwdbsxb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BF53502D-3BEF-4273-9925-89D7526A5F87}"= "C:\WINDOWS\fdkowvbp.dll" [2008-07-27 09:57 188416]

[HKEY_CLASSES_ROOT\clsid\{bf53502d-3bef-4273-9925-89d7526a5f87}]
[HKEY_CLASSES_ROOT\fdkowvbp.1]
[HKEY_CLASSES_ROOT\TypeLib\{F0A426BC-CB51-4D2B-B720-F959540B0AB2}]
[HKEY_CLASSES_ROOT\fdkowvbp]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 09:10 2007088]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]
"84c3394e"="C:\WINDOWS\system32\atasogxx.dll" [2008-07-27 10:53 95360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eqvwamkl"= {5DE10BB4-A273-4B5E-BB34-E855D671A196} - C:\WINDOWS\eqvwamkl.dll [2008-07-27 09:57 180224]
"wnslvxtf"= {4FABBD84-4EB4-4BB4-8D15-E381522BB80B} - C:\WINDOWS\wnslvxtf.dll [2008-07-27 09:57 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"vidc.VSPX"= vspxvfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mateusz^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Mateusz\Menu Start\Programy\Autostart\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 09:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 09:10 2007088 C:\Program Files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-07-15 11:42 4112384 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-07-15 11:42 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 F:\BitComet\Nokia 6500\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-06 12:43 23165736 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Gadu-Gadu\\GG.EXE"=
"C:\\Program Files\\FlashGet\\FLASHGET.EXE"=
"C:\\Program Files\\Wincmd\\TOTALCMD.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-02-15 19:48]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 00:39]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-lphc1vtj0e7c3 - C:\WINDOWS\system32\lphc1vtj0e7c3.exe
HKLM-Run-SMrhc5vtj0e7c3 - C:\Program Files\rhc5vtj0e7c3\rhc5vtj0e7c3.exe
Notify-wingko32 - wingko32.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 11:06:58
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-27 11:07:18
ComboFix-quarantined-files.txt 2008-07-27 09:07:18

Pre-Run: 865,693,696 bajtów wolnych
Post-Run: 853,782,528 bajtów wolnych

147



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:14: VIRUS ALERT!, on 2008-07-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Wincmd\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Games\Fast Break Basketball\getserial.exe
H:\Dysk D\System\Walka\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.58.205.61:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {425CE662-D175-4A9D-A30D-949F8A2E9665} - C:\WINDOWS\system32\ddcDwvSi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: QXK Olive - {AEFFF7D6-917C-4D8D-A780-7C2D69F1B01A} - C:\WINDOWS\nfavxwdbsxb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: fdkowvbp - {BF53502D-3BEF-4273-9925-89D7526A5F87} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [84c3394e] rundll32.exe "C:\WINDOWS\system32\atasogxx.dll",b
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O15 - Trusted Zone: http://skaner.mks.com.pl
O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: eqvwamkl - {5DE10BB4-A273-4B5E-BB34-E855D671A196} - C:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {4FABBD84-4EB4-4BB4-8D15-E381522BB80B} - C:\WINDOWS\wnslvxtf.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5573 bytes

Wklej do Notatnika:

File::
C:\WINDOWS\system32\xxgosata.ini
C:\WINDOWS\system32\atasogxx.dll
C:\WINDOWS\system32\rynjcmek.ini
C:\WINDOWS\system32\ddcDwvSi.dll
C:\WINDOWS\nfavxwdbsxb.dll
C:\WINDOWS\wnslvxtf.dll
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\grswptdl.exe

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\*0]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{425CE662-D175-4A9D-A30D-949F8A2E9665}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEFFF7D6-917C-4D8D-A780-7C2D69F1B01A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BF53502D-3BEF-4273-9925-89D7526A5F87}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf53502d-3bef-4273-9925-89d7526a5f87}]
[-HKEY_CLASSES_ROOT\fdkowvbp.1]
[-HKEY_CLASSES_ROOT\TypeLib\{F0A426BC-CB51-4D2B-B720-F959540B0AB2}]
[-HKEY_CLASSES_ROOT\fdkowvbp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"84c3394e"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eqvwamkl"=-
"wnslvxtf"=-

Uwaga: Po wklejeniu do Notatnika usuń *gwiazdkę z tekstu!

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.
Po restarcie usuń ręcznie folder C:\Qoobox.

ordynat

done


ComboFix 08-07-26.1 - Mateusz 2008-07-27 12:35:20.7 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.63 [GMT 2:00]
Running from: D:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mateusz\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\nfavxwdbsxb.dll
C:\WINDOWS\system32\atasogxx.dll
C:\WINDOWS\system32\ddcDwvSi.dll
C:\WINDOWS\system32\rynjcmek.ini
C:\WINDOWS\system32\xxgosata.ini
C:\WINDOWS\wnslvxtf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mateusz\Dane aplikacji\macromedia\Flash Player\#SharedObjects\DTS9XFGR\interclick.com
C:\Documents and Settings\Mateusz\Dane aplikacji\macromedia\Flash Player\#SharedObjects\DTS9XFGR\interclick.com\ud.sol
C:\Documents and Settings\Mateusz\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Mateusz\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Mateusz\Pulpit\Error Cleaner.url
C:\Documents and Settings\Mateusz\Pulpit\Privacy Protector.url
C:\Documents and Settings\Mateusz\Pulpit\Spyware&Malware Protection.url
C:\Documents and Settings\Mateusz\Ulubione\Error Cleaner.url
C:\Documents and Settings\Mateusz\Ulubione\Privacy Protector.url
C:\Documents and Settings\Mateusz\Ulubione\Spyware&Malware Protection.url
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\nfavxwdbsxb.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\atasogxx.dll
C:\WINDOWS\system32\ddcDwvSi.dll
C:\WINDOWS\system32\rynjcmek.ini
C:\WINDOWS\system32\xxgosata.ini
C:\WINDOWS\wnslvxtf.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-25 16:24 . 2008-07-25 23:48 192 --a------ C:\WINDOWS\wcx_ftp.ini
2008-07-20 17:07 . 2008-07-20 17:07 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-20 16:30 . 2008-07-20 16:30 <DIR> d-------- C:\Program Files\SkanerOnline
2008-07-20 11:29 . 2008-07-20 11:29 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-07-15 19:00 . 2008-07-15 19:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Ulubione
2008-07-06 18:17 . 2008-07-06 18:17 <DIR> d-------- C:\Program Files\Fast Break Basketball

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

2006-04-20 13:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
2002-08-28 23:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 08:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2004-08-04 08:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\SoftwareDistribution\Download\908074217de9c0a4d4d2d573db7b5e8f\sp2qfe\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\SoftwareDistribution\Download\908074217de9c0a4d4d2d573db7b5e8f\sp2gdr\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\SoftwareDistribution\Download\908074217de9c0a4d4d2d573db7b5e8f\sp3gdr\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\SoftwareDistribution\Download\908074217de9c0a4d4d2d573db7b5e8f\sp3qfe\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 09:10 2007088]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"vidc.VSPX"= vspxvfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mateusz^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Mateusz\Menu Start\Programy\Autostart\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 09:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 09:10 2007088 C:\Program Files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-07-15 11:42 4112384 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-07-15 11:42 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 F:\BitComet\Nokia 6500\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-06 12:43 23165736 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Gadu-Gadu\\GG.EXE"=
"C:\\Program Files\\FlashGet\\FLASHGET.EXE"=
"C:\\Program Files\\Wincmd\\TOTALCMD.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-02-15 19:48]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 00:39]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 12:36:29
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-27 12:37:04
ComboFix-quarantined-files.txt 2008-07-27 10:37:02
ComboFix2.txt 2008-07-27 09:26:00

Pre-Run: 812,736,512 bajtów wolnych
Post-Run: 799,444,992 bajtów wolnych

149

Ten log jest już czysty.

ordynat

Merci