Pomimo użycia programu Combofix, system nadal jest zawirusowany. Przesyłam skan systemu. Proszę o pomoc, co z tym zrobić.
ComboFix 10-08-25.01 - ania 2010-08-26 20:55:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.152 [GMT 2:00]
Uruchomiony z: D:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
((((((((((((((((((((((((( Pliki utworzone od 2010-07-26 do 2010-08-26 )))))))))))))))))))))))))))))))
.
2010-08-26 14:31 . 2010-08-26 14:45 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-08-26 14:28 . 2010-08-26 14:28 -------- d-----w- c:\windows\ServicePackFiles
2010-08-26 14:25 . 2010-08-26 14:26 -------- d-----w- c:\documents and settings\dzieci\Dane aplikacji\Media Player Classic
2010-08-25 21:09 . 2010-02-16 19:35 2182656 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-25 21:09 . 2010-02-16 19:35 2138624 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-25 21:09 . 2010-02-16 19:35 2059648 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-25 21:09 . 2010-02-16 19:35 2018304 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-25 19:38 . 2010-02-12 10:03 371200 ------w- c:\windows\system32\browserchoice.exe
2010-08-25 19:09 . 2008-06-14 18:01 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-25 19:09 . 2008-06-14 18:01 273024 ------w- c:\windows\system32\drivers\bthport.sys
2010-08-25 18:06 . 2007-07-27 21:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-08-25 17:37 . 2010-08-25 17:37 -------- d-----w- c:\windows\system32\NtmsData
2010-08-25 15:17 . 2010-08-25 17:55 -------- d-sh--w- C:\DrWeb Quarantine
2010-08-25 15:09 . 2010-08-25 15:17 -------- d-----w- c:\documents and settings\ania\DoctorWeb
2010-08-25 15:09 . 2010-08-25 17:57 -------- d-----w- c:\program files\DrWeb
2010-08-25 14:53 . 2010-08-25 14:53 -------- d-----w- c:\program files\Alwil Software
2010-08-25 14:53 . 2010-08-25 14:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Alwil Software
2010-08-25 14:23 . 2010-08-25 15:05 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP
2010-08-24 20:30 . 2010-08-24 20:30 0 ----a-w- c:\windows\nsreg.dat
2010-08-24 20:30 . 2010-08-24 20:30 -------- d-----w- c:\documents and settings\ania\Ustawienia lokalne\Dane aplikacji\Mozilla
2010-08-24 14:41 . 2010-08-24 14:41 -------- d-----w- c:\documents and settings\ania\Ustawienia lokalne\Dane aplikacji\Identities
2010-08-24 10:57 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-24 10:05 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-08-24 10:04 . 2004-08-04 00:35 58624 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-08-24 10:04 . 2005-02-24 05:32 3454144 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-08-24 10:04 . 2005-02-24 05:32 3454144 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-08-24 10:04 . 2005-02-24 05:32 3973888 ----a-w- c:\windows\system32\nv4_disp.dll
2010-08-24 10:04 . 2004-08-03 23:07 41088 ----a-w- c:\windows\system32\drivers\SISAGP.SYS
2010-08-24 10:04 . 2004-08-04 00:44 77312 ----a-w- c:\windows\system32\usbui.dll
2010-08-24 10:03 . 2004-08-03 22:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-08-24 09:58 . 2010-08-24 08:15 -------- d--h--r- c:\documents and settings\Default User.WINDOWS\Dane aplikacji
2010-08-24 09:58 . 2010-08-25 17:55 -------- d--h--r- c:\documents and settings\All Users.WINDOWS\Dane aplikacji
2010-08-24 09:58 . 2010-08-24 08:15 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2010-08-24 09:58 . 2010-08-24 08:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2010-08-24 09:37 . 2010-08-24 09:37 -------- d-----w- c:\documents and settings\ania\Dane aplikacji\Media Player Classic
2010-08-24 09:20 . 2010-08-24 09:20 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-08-24 09:20 . 2010-08-24 09:20 -------- d-----w- c:\program files\ABBYY FineReader 6.0
2010-08-24 09:19 . 2002-05-14 14:50 11264 ------w- c:\windows\system32\Spool\prtprocs\w32x86\wfxprint2000.dll
2010-08-24 09:18 . 2010-08-24 09:19 -------- d-----w- c:\program files\FaxTools
2010-08-24 09:18 . 2010-08-24 09:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\BVRP Software
2010-08-24 09:16 . 2010-08-26 16:24 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-08-24 09:16 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-24 09:16 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-24 09:16 . 2001-10-26 15:29 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-08-24 09:16 . 2001-10-26 15:29 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-08-24 09:14 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-08-24 09:14 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-08-24 09:11 . 2010-08-24 09:11 -------- d-----w- c:\documents and settings\ania\WINDOWS
2010-08-24 09:05 . 2004-08-03 21:07 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2010-08-24 09:04 . 2004-08-03 20:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-08-24 09:00 . 2005-02-24 05:32 176128 ----a-w- c:\windows\system32\nvudisp.exe
2010-08-24 08:27 . 2010-08-24 08:27 12328 ----a-w- c:\documents and settings\ania\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-08-24 08:20 . 2010-08-24 08:20 -------- d-sh--w- c:\documents and settings\LocalService.ZARZĄDZANIE NT
2010-08-24 08:20 . 2010-08-24 08:20 -------- d-sh--w- c:\documents and settings\NetworkService.ZARZĄDZANIE NT
2010-08-24 08:18 . 2004-08-03 20:32 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2010-08-24 08:17 . 2004-08-03 22:44 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2010-08-24 08:16 . 2001-10-26 18:29 33792 -c--a-w- c:\windows\system32\dllcache\controt.dll
2010-08-24 08:14 . 2010-08-24 08:15 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
2010-08-24 08:11 . 2010-08-24 08:11 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-24 08:11 . 2001-10-26 18:30 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2010-08-24 08:11 . 2001-10-26 18:30 5632 ----a-w- c:\windows\system32\write.exe
2010-08-22 07:28 . 2010-08-22 07:28 -------- d-----w- c:\documents and settings\mati\Dane aplikacji\Media Player Classic
2010-08-20 22:27 . 2010-08-20 22:27 -------- d-----w- c:\documents and settings\mati\Ustawienia lokalne\Dane aplikacji\Mozilla
2010-08-20 20:18 . 2010-08-20 20:18 -------- d-----w- c:\documents and settings\ala\WINDOWS
2010-08-20 20:16 . 2010-08-20 20:16 -------- d-----w- c:\program files\Psxpad Drivers
2010-08-20 20:14 . 2010-08-20 20:14 -------- d-----w- c:\program files\IrfanView
2010-08-20 20:05 . 2010-08-20 20:05 -------- d-----w- c:\program files\HWDoctor
2010-08-20 19:44 . 2010-08-20 19:44 -------- d-----w- c:\documents and settings\ala\Ustawienia lokalne\Dane aplikacji\Mozilla
2010-08-20 19:19 . 2010-08-24 09:13 -------- d-----w- c:\windows\nview
2010-08-20 19:18 . 2010-08-20 19:18 -------- d-----w- C:\NVIDIA
2010-08-20 19:13 . 2010-08-20 19:13 -------- d-----w- c:\windows\OPTIONS
2010-08-20 15:33 . 2010-08-20 15:33 -------- d-----w- c:\program files\Netropa
2010-08-20 15:28 . 2010-08-20 15:28 12328 ----a-w- c:\documents and settings\ala\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-08-20 15:21 . 2010-08-20 15:21 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-08-20 15:17 . 2010-08-20 15:17 -------- d-----w- c:\program files\C-Media
2010-08-20 15:17 . 2010-08-24 09:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 15:17 . 2010-08-20 19:29 -------- d-----w- c:\program files\sisagp
2010-08-20 15:17 . 2010-08-20 15:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-20 15:15 . 2010-08-26 18:37 -------- d-----w- c:\program files\DScaler
2010-08-20 15:11 . 2010-08-20 15:11 -------- d-----w- c:\documents and settings\ala\Dane aplikacji\Media Player Classic
2010-08-20 15:10 . 2010-08-24 09:07 -------- d-----w- c:\program files\Real Alternative
2010-08-20 15:10 . 2010-08-24 09:07 -------- d-----w- c:\program files\Media Player Classic
2010-08-20 15:00 . 2010-08-20 15:00 -------- d-----w- c:\program files\XviD
2010-08-20 14:59 . 2010-08-20 14:59 -------- d-----w- c:\program files\DivX
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 09:08 . 2010-08-24 09:07 -------- d-----w- c:\program files\ffdshow
2010-08-24 09:07 . 2010-08-24 09:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-24 08:58 . 2010-08-24 08:14 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-24 08:23 . 2001-10-26 17:15 49492 ----a-w- c:\windows\system32\perfc015.dat
2010-08-24 08:23 . 2001-10-26 17:15 355486 ----a-w- c:\windows\system32\perfh015.dat
2010-08-20 10:59 . 2010-08-20 10:59 -------- d-----w- c:\program files\microsoft frontpage
2010-08-20 10:57 . 2010-08-20 10:57 -------- d-----w- c:\program files\Usługi online
2010-06-14 14:30 . 2010-08-24 08:12 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2004-08-03 22:44 . 2004-08-03 22:44 166693 --sha-r- c:\windows\system32\xtoucpp.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"nwiz"="nwiz.exe" [2005-02-24 1667072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"C-Media Mixer"="Mixer.exe" [2001-09-12 1236992]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=
"c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Engine\\6\\INTEL3~1\\IKernel.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\Mixer.exe"=
"c:\\Program Files\\DScaler\\DScaler.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5090:TCP"= 5090:TCP:ikwktkz
S2 qpxuisvq;Windows Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - ABP470N5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qpxuisvq
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.amnezja.org/
FF - ProfilePath - c:\documents and settings\ania\Dane aplikacji\Mozilla\Firefox\Profiles\vxnndt69.default\
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 21:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qpxuisvq]
"ServiceDll"="c:\windows\system32\xtoucpp.dll"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\Mixer.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Czas ukończenia: 2010-08-26 21:01:49 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-08-26 19:01
Przed: 5Â 258Â 989Â 568 bajtów wolnych
Po: 5Â 315Â 260Â 416 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - F1F4926954A874AED0A48F16ABC8EA25