program avast wykrył mi ze mam wirusa w c:\program files\spyware doctor\update.exe usunąłem całego doktora proszę o sprawdzenie loga
poniżej. ponadto pod koniec pracy combofixa avast powiedział ze jest jakiś plik nie taki w system32 ale jaki to niepamietam. prosze o pomoc. w czasie skanowania avasta wylaczylem a spyware doctora przed pracacombofixa usunalem. gdy sciagale mnowego doctora ponownie avast mi alarmowal ze jest tam wirus update.exe dziwne...
pozdrawia mczekam na odpowiedz... pozdrawiam
ComboFix 08-06-20.4 - Cezary Kielanowicz 2008-06-26 1:22:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1173 [GMT 2:00]
Running from: D:\Różne Programy, Informacje i Pliki Tymczasowe\Ważne Programy Chroniące System Windows\ComboFix\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.
2008-06-21 12:43 . 2008-06-21 12:44 <DIR> d---s---- C:\Program Files\ToniArts
2008-06-14 19:37 . 2008-06-15 16:35 <DIR> d---s---- C:\Program Files\NAPI-PROJEKT
2008-06-11 18:36 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 18:36 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-02 13:14 . 2008-06-03 19:42 <DIR> d---s---- C:\Program Files\CCleaner
2008-05-31 12:16 . 2008-06-01 10:13 <DIR> d---s---- C:\Program Files\Unlocker
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 23:15 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-15 14:17 --------- d-----w C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\TransRender
2008-06-11 16:47 --------- d-----r C:\Program Files\Microsoft Silverlight
2008-06-08 20:44 --------- d-----w C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\WinEdt
2008-05-29 18:53 --------- d-----w C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\Image Zone Express
2008-05-20 15:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-05-09 13:41 --------- d-----w C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\Printer Info Cache
2008-05-09 13:22 --------- d-s---w C:\Program Files\HP
2008-05-09 13:22 --------- d-s---w C:\Program Files\Hewlett-Packard
2008-05-09 13:13 --------- d-----w C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\HP
2008-05-09 13:03 --------- d-----w C:\Program Files\Common Files\HP
2008-05-09 13:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-05-09 13:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY
2008-05-08 21:09 --------- d-s---w C:\Program Files\EsetOnlineScanner
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 21:06 --------- d-----r C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 12:25 --------- d-s---w C:\Program Files\WinEdt Team
2008-04-30 14:28 --------- d-s---w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-26 18:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BlackPencil
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-22 11:17 167 --sha-w C:\Program Files\Common Files\Desktop.ini
2008-03-04 09:18 167 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-03-02 14:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl,CMICtrlWnd" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 10:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 10:50 921600 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 10:50 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
C:\Documents and Settings\Cezary Kielanowicz\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 22:41:18 C:\WINDOWS\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 01:25:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-26 1:26:39
ComboFix-quarantined-files.txt 2008-06-25 23:26:28
Pre-Run: 22,371,848,192 bajtów wolnych
Post-Run: 22,363,152,384 bajtów wolnych
107 --- E O F --- 2008-06-21 10:57:37


