Wła¶nie avast przy starcie systemu wykrywa mi jakie¶ wirusy i naciskam usuń i problem z wirusem pojawia się na nowo spróbuję ręczne usun±ć ten plik Dodam że po zakończeniu działania programu combofix użycie procesora przez explorer.exe wróciło do normy lecz do momentu uruchomienia Firefoxa
ComboFix 08-10-25.01 - Sebastian 2008-10-27 14:26:48.3 - NTFSx86
Uruchomiony z: C:\Documents and Settings\Sebastian\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-27 do 2008-10-27 )))))))))))))))))))))))))))))))
.
2008-10-26 18:32 . 2007-04-27 21:42 144,800 --a------ C:\WINDOWS\system32\VMNetSrv.dll
2008-10-26 18:32 . 2007-04-27 21:42 59,280 --a------ C:\WINDOWS\system32\drivers\VMNetSrv.sys
2008-10-26 11:38 . 2008-10-26 11:38 & lt; DIR & gt; d-------- C:\WINDOWS\system32\LogFiles
2008-10-26 11:38 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-10-26 11:38 . 2008-10-26 17:22 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-10-26 11:38 . 2008-10-26 12:00 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-10-26 11:38 . 2008-10-26 17:22 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-26 11:38 . 2008-10-26 11:38 22,328 --a------ C:\Documents and Settings\Sebastian\Dane aplikacji\PnkBstrK.sys
2008-10-26 11:37 . 2008-10-26 11:37 294 --a------ C:\WINDOWS\game.ini
2008-10-26 11:06 . 2008-10-26 11:06 & lt; DIR & gt; d--hs---- C:\WINDOWS\ftpcache
2008-10-26 09:49 . 2008-10-26 09:49 244 --a------ C:\WINDOWS\gerevniw.Dvw
2008-10-26 09:48 . 2008-10-26 09:48 & lt; DIR & gt; d--h----- C:\WINDOWS\PIF
2008-10-25 23:14 . 2008-10-27 13:29 & lt; DIR & gt; d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-10-25 11:12 . 2008-10-25 11:12 & lt; DIR & gt; d-------- C:\Program Files\Sun
2008-10-25 11:12 . 2008-10-25 11:12 & lt; DIR & gt; d-------- C:\Program Files\Java
2008-10-25 11:12 . 2008-10-25 11:12 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-25 11:12 . 2008-10-25 11:12 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-24 16:03 . 2008-10-24 16:03 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\Media Player Classic
2008-10-24 13:54 . 2008-10-24 13:54 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\SpeedSim
2008-10-24 11:31 . 2008-10-24 11:31 & lt; DIR & gt; d-------- C:\Program Files\Common Files\EZB Systems
2008-10-24 11:16 . 2008-10-24 11:16 & lt; DIR & gt; d--h----- C:\WINDOWS\system32\GroupPolicy
2008-10-24 11:05 . 2008-10-24 11:04 127 --a------ C:\lll.reg
2008-10-23 17:19 . 2008-10-26 10:03 & lt; DIR & gt; d-------- C:\Downloads
2008-10-22 20:54 . 2004-05-10 11:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-10-22 20:54 . 2008-03-09 15:02 81,632 --a------ C:\WINDOWS\system32\FLKill.exe
2008-10-22 20:54 . 2008-10-22 20:55 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-10-22 20:49 . 2008-10-22 20:49 & lt; DIR & gt; d--hs---- C:\Diskeeper
2008-10-22 15:10 . 2008-10-22 15:10 & lt; DIR & gt; d-------- C:\Program Files\Google
2008-10-22 14:59 . 2008-10-22 14:59 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-22 14:58 . 2008-10-22 14:58 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Adobe
2008-10-22 14:34 . 2008-10-22 14:34 & lt; DIR & gt; d-------- C:\Program Files\Diskeeper Corporation
2008-10-22 14:34 . 2008-10-22 14:34 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
2008-10-22 06:44 . 2008-10-22 06:44 & lt; DIR & gt; d-------- C:\WINDOWS\system32\pl-PL
2008-10-22 06:43 . 2008-10-22 06:44 & lt; DIR & gt; d-------- C:\WINDOWS\system32\XPSViewer
2008-10-22 06:43 . 2008-10-22 06:43 & lt; DIR & gt; d-------- C:\Program Files\Reference Assemblies
2008-10-22 06:43 . 2008-10-22 06:43 & lt; DIR & gt; d-------- C:\Program Files\MSBuild
2008-10-22 06:42 . 2006-06-29 12:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-10-22 06:41 . 2008-10-22 06:41 & lt; DIR & gt; d-------- C:\Program Files\MSXML 6.0
2008-10-22 06:41 . 2006-10-16 15:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-22 06:15 . 2008-10-22 06:15 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-10-22 06:14 . 2008-10-22 06:15 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\Nero
2008-10-21 21:55 . 2008-10-21 21:55 4,767 --a------ C:\WINDOWS\Irremote.ini
2008-10-21 21:53 . 2008-10-21 21:53 & lt; DIR & gt; d-------- C:\Program Files\Windows Sidebar
2008-10-21 21:44 . 2008-10-21 21:54 & lt; DIR & gt; d-------- C:\Program Files\Nero
2008-10-21 21:44 . 2008-10-21 22:04 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Nero
2008-10-21 21:44 . 2008-10-21 21:49 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-10-21 21:43 . 2008-10-21 21:43 & lt; DIR & gt; d-------- C:\Program Files\Common Files\LightScribe
2008-10-21 21:40 . 2008-10-27 13:29 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\skypePM
2008-10-21 21:40 . 2008-10-27 14:23 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\Skype
2008-10-21 21:40 . 2008-10-21 21:40 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-21 21:39 . 2008-10-21 21:39 & lt; DIR & gt; d-------- C:\Program Files\Skype
2008-10-21 21:39 . 2008-10-21 21:39 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Skype
2008-10-21 21:36 . 2008-10-21 21:39 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-10-21 21:30 . 2008-10-21 21:30 & lt; DIR & gt; d-------- C:\Program Files\Real Alternative
2008-10-21 21:30 . 2008-10-21 21:30 & lt; DIR & gt; d-------- C:\Program Files\Media Player Classic
2008-10-21 21:30 . 2008-10-21 21:30 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-10-21 21:29 . 2002-01-05 12:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-10-21 21:29 . 2003-04-21 14:09 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2008-10-21 21:29 . 2001-09-17 12:20 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-10-21 20:04 . 2008-10-21 20:04 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Stellarium
2008-10-21 20:03 . 2003-03-18 20:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-21 20:03 . 2003-03-18 19:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-10-21 20:03 . 2003-02-21 03:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-10-21 20:00 . 2008-10-21 20:00 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\Gadu-Gadu
2008-10-21 19:59 . 2008-10-21 20:00 & lt; DIR & gt; d-------- C:\Program Files\Gadu-Gadu
2008-10-21 19:59 . 2008-10-21 20:01 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Gadu-Gadu
2008-10-21 18:25 . 2008-10-21 18:25 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-10-21 18:25 . 2008-10-21 18:25 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-10-21 18:25 . 2008-10-23 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-10-21 18:25 . 2008-10-21 18:25 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-10-21 18:24 . 2008-10-21 18:24 & lt; DIR & gt; d-------- C:\WINDOWS\system32\Lang
2008-10-21 18:22 . 2008-10-21 18:26 & lt; DIR & gt; d-------- C:\Program Files\Winamp
2008-10-21 17:22 . 2008-10-21 17:22 & lt; DIR & gt; d-------- C:\Program Files\My Company Name
2008-10-21 17:21 . 2008-10-21 17:23 & lt; DIR & gt; d-------- C:\WINDOWS\nview
2008-10-21 17:19 . 2008-10-21 17:19 & lt; DIR & gt; d-------- C:\Program Files\DIFX
2008-10-21 17:19 . 2006-06-14 06:56 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2008-10-21 17:18 . 2008-10-21 17:18 & lt; DIR & gt; d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-21 17:18 . 2006-05-10 10:33 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-10-21 17:14 . 2008-10-21 17:14 & lt; DIR & gt; d-------- C:\Program Files\Realtek AC97
2008-10-21 17:12 . 2008-10-21 17:20 & lt; DIR & gt; d-------- C:\Program Files\Common Files\InstallShield
2008-10-21 17:11 . 2008-10-21 17:11 20,194 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-10-21 17:11 . 2004-04-27 08:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-10-21 17:11 . 2004-08-13 03:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-10-21 17:06 . 2008-10-21 17:06 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-21 16:59 . 2008-10-21 16:59 & lt; DIR & gt; d-------- C:\Program Files\SAGEM
2008-10-21 16:59 . 2008-10-26 12:07 & lt; DIR & gt; d--h----- C:\Program Files\InstallShield Installation Information
2008-10-21 16:59 . 2008-10-21 16:59 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\InstallShield
2008-10-21 14:00 . 2008-10-27 14:32 & lt; DIR & gt; d--h----- C:\Documents and Settings\Sebastian\Ustawienia lokalne
2008-10-21 14:00 . 2008-10-21 14:01 & lt; DIR & gt; dr------- C:\Documents and Settings\Sebastian\Ulubione
2008-10-21 14:00 . 2008-10-21 13:51 & lt; DIR & gt; d--h----- C:\Documents and Settings\Sebastian\Szablony
2008-10-21 14:00 . 2008-10-27 13:44 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Pulpit
2008-10-21 14:00 . 2008-10-21 19:58 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Moje dokumenty
2008-10-21 14:00 . 2008-10-21 19:59 & lt; DIR & gt; dr------- C:\Documents and Settings\Sebastian\Menu Start
2008-10-21 14:00 . 2008-10-27 14:07 & lt; DIR & gt; dr-h----- C:\Documents and Settings\Sebastian\Dane aplikacji
2008-10-21 14:00 . 2008-10-27 14:32 & lt; DIR & gt; d--h----- C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-10-21 14:00 . 2008-10-21 14:00 & lt; DIR & gt; d-------- C:\Documents and Settings\LocalService\Dane aplikacji
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 15:59 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-10-21 12:55 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-21 12:53 --------- d-----w C:\Program Files\Us?ugi online
.
((((((((((((((((((((((((((((( snapshot(ma?pa)2008-10-27_14.07.34.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-27 13:20:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1c0.dat
- 2008-10-26 21:00:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat
+ 2008-10-27 13:20:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat
+ 2008-10-27 13:20:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7f0.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawid?owe wpisy nie s? pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\ctfmon.exe " [2004-08-03 15360]
" Gadu-Gadu " = " C:\Program Files\Gadu-Gadu\gg.exe " [2007-07-09 2119104]
" Skype " = " C:\Program Files\Skype\Phone\Skype.exe " [2008-09-29 21755688]
" LightScribe Control Panel " = " C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe " [2008-06-09 2363392]
" USDownloader " = " H:\USDownloader_14.10.08_For_www.All-4u.pl\USDownloader.exe " [2008-10-06 529920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" NvCplDaemon " = " C:\WINDOWS\system32\NvCpl.dll " [2006-06-01 7618560]
" WinampAgent " = " C:\Program Files\Winamp\winampa.exe " [2006-11-27 35328]
" avast! " = " H:\avast\ashDisp.exe " [2008-07-19 78008]
" kalendarz XP " = " H:\Kalendarz XP\Kalendarz XP\Kalendarz.exe " [2006-03-04 882176]
" Adobe Reader Speed Launcher " = " H:\Adobe Reader 9.0\Reader\Reader_sl.exe " [2008-06-12 34672]
" SunJavaUpdateSched " = " C:\Program Files\Java\jre6\bin\jusched.exe " [2008-10-25 136600]
" UnlockerAssistant " = " H:\Unlocker\UnlockerAssistant.exe " [2008-05-02 15872]
" BearShare " = " H:\BearShare\BearShare.exe " [2006-08-01 3313664]
" SoundMan " = " SOUNDMAN.EXE " [2006-06-20 C:\WINDOWS\soundman.exe]
" nwiz " = " nwiz.exe " [2006-06-01 C:\WINDOWS\system32\nwiz.exe]
" NvMediaCenter " = " NvMCTray.dll " [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]
" loaddll " = " loaddll.exe " [2005-05-20 C:\WINDOWS\loaddll.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\CTFMON.EXE " [2004-08-03 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F(ma?pa)st 800-840\dslmon.exe [2008-10-21 1205840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
" VIDC.X264 " = x264vfw.dll
" VIDC.DIV3 " = DivXc32.dll
" VIDC.DIV4 " = DivXc32f.dll
" VIDC.3iv2 " = 3ivxVfWCodec.dll
" VIDC.HFYU " = huffyuv.dll
" vidc.i263 " = i263_32.drv
" VIDC.VP31 " = vp31vfw.dll
" VIDC.MPG4 " = msmpeg4.dll
" VIDC.MP42 " = msmpeg4.dll
" VIDC.MP43 " = msmpeg4.dll
" msacm.l3fhg " = mp3fhg.acm
" msacm.divxa32 " = divxa32.acm
" msacm.imc " = imc32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" C:\\Program Files\\Gadu-Gadu\\gg.exe " =
" H:\\BearShare\\BearShare.exe " =
" C:\\WINDOWS\\system32\\PnkBstrA.exe " =
" C:\\WINDOWS\\system32\\PnkBstrB.exe " =
" G:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe " =
" C:\\Program Files\\Skype\\Phone\\Skype.exe " =
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 69656]
S3 VMMDriver;VMM Driver;C:\Documents and Settings\Sebastian\Pulpit\Microsoft Virtual PC 2007 portable\Appdata\bin\VMM\VMM.sys [2007-02-18 232816]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
" C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "
.
.
------- Skan uzupe?niaj?cy -------
.
FireFox -: Profile - C:\Documents and Settings\Sebastian\Dane aplikacji\Mozilla\Firefox\Profiles\5pq98mjd.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.pl
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - H:\Adobe Reader 9.0\Reader\browser\nppdf32.dll
FF -: plugin - H:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - H:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 14:32:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
C:\sccfg.sys 86 bytes
skanowanie pomyślnie uko?czone
ukryte pliki: 1
**************************************************************************
.
Czas uko?czenia: 2008-10-27 14:34:05
ComboFix-quarantined-files.txt 2008-10-27 13:33:59
ComboFix2.txt 2008-10-27 13:08:03
Przed: 1 736 499 200 bajtów wolnych
Po: 1,726,464,000 bajtów wolnych
216