Właśnie avast przy starcie systemu wykrywa mi jakieś wirusy i naciskam usuń i problem z wirusem pojawia się na nowo spróbuję ręczne usunąć ten plik Dodam że po zakończeniu działania programu combofix użycie procesora przez explorer.exe wróciło do normy lecz do momentu uruchomienia Firefoxa
ComboFix 08-10-25.01 - Sebastian 2008-10-27 14:26:48.3 - NTFSx86
Uruchomiony z: C:\Documents and Settings\Sebastian\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-27 do 2008-10-27 )))))))))))))))))))))))))))))))
.
2008-10-26 18:32 . 2007-04-27 21:42 144,800 --a------ C:\WINDOWS\system32\VMNetSrv.dll
2008-10-26 18:32 . 2007-04-27 21:42 59,280 --a------ C:\WINDOWS\system32\drivers\VMNetSrv.sys
2008-10-26 11:38 . 2008-10-26 11:38 & lt; DIR & gt; d-------- C:\WINDOWS\system32\LogFiles
2008-10-26 11:38 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-10-26 11:38 . 2008-10-26 17:22 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-10-26 11:38 . 2008-10-26 12:00 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-10-26 11:38 . 2008-10-26 17:22 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-26 11:38 . 2008-10-26 11:38 22,328 --a------ C:\Documents and Settings\Sebastian\Dane aplikacji\PnkBstrK.sys
2008-10-26 11:37 . 2008-10-26 11:37 294 --a------ C:\WINDOWS\game.ini
2008-10-26 11:06 . 2008-10-26 11:06 & lt; DIR & gt; d--hs---- C:\WINDOWS\ftpcache
2008-10-26 09:49 . 2008-10-26 09:49 244 --a------ C:\WINDOWS\gerevniw.Dvw
2008-10-26 09:48 . 2008-10-26 09:48 & lt; DIR & gt; d--h----- C:\WINDOWS\PIF
2008-10-25 23:14 . 2008-10-27 13:29 & lt; DIR & gt; d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-10-25 11:12 . 2008-10-25 11:12 & lt; DIR & gt; d-------- C:\Program Files\Sun
2008-10-25 11:12 . 2008-10-25 11:12 & lt; DIR & gt; d-------- C:\Program Files\Java
2008-10-25 11:12 . 2008-10-25 11:12 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-25 11:12 . 2008-10-25 11:12 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-24 16:03 . 2008-10-24 16:03 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\Media Player Classic
2008-10-24 13:54 . 2008-10-24 13:54 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\SpeedSim
2008-10-24 11:31 . 2008-10-24 11:31 & lt; DIR & gt; d-------- C:\Program Files\Common Files\EZB Systems
2008-10-24 11:16 . 2008-10-24 11:16 & lt; DIR & gt; d--h----- C:\WINDOWS\system32\GroupPolicy
2008-10-24 11:05 . 2008-10-24 11:04 127 --a------ C:\lll.reg
2008-10-23 17:19 . 2008-10-26 10:03 & lt; DIR & gt; d-------- C:\Downloads
2008-10-22 20:54 . 2004-05-10 11:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-10-22 20:54 . 2008-03-09 15:02 81,632 --a------ C:\WINDOWS\system32\FLKill.exe
2008-10-22 20:54 . 2008-10-22 20:55 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-10-22 20:49 . 2008-10-22 20:49 & lt; DIR & gt; d--hs---- C:\Diskeeper
2008-10-22 15:10 . 2008-10-22 15:10 & lt; DIR & gt; d-------- C:\Program Files\Google
2008-10-22 14:59 . 2008-10-22 14:59 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-22 14:58 . 2008-10-22 14:58 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Adobe
2008-10-22 14:34 . 2008-10-22 14:34 & lt; DIR & gt; d-------- C:\Program Files\Diskeeper Corporation
2008-10-22 14:34 . 2008-10-22 14:34 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
2008-10-22 06:44 . 2008-10-22 06:44 & lt; DIR & gt; d-------- C:\WINDOWS\system32\pl-PL
2008-10-22 06:43 . 2008-10-22 06:44 & lt; DIR & gt; d-------- C:\WINDOWS\system32\XPSViewer
2008-10-22 06:43 . 2008-10-22 06:43 & lt; DIR & gt; d-------- C:\Program Files\Reference Assemblies
2008-10-22 06:43 . 2008-10-22 06:43 & lt; DIR & gt; d-------- C:\Program Files\MSBuild
2008-10-22 06:42 . 2006-06-29 12:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-10-22 06:41 . 2008-10-22 06:41 & lt; DIR & gt; d-------- C:\Program Files\MSXML 6.0
2008-10-22 06:41 . 2006-10-16 15:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-22 06:15 . 2008-10-22 06:15 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-10-22 06:14 . 2008-10-22 06:15 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\Nero
2008-10-21 21:55 . 2008-10-21 21:55 4,767 --a------ C:\WINDOWS\Irremote.ini
2008-10-21 21:53 . 2008-10-21 21:53 & lt; DIR & gt; d-------- C:\Program Files\Windows Sidebar
2008-10-21 21:44 . 2008-10-21 21:54 & lt; DIR & gt; d-------- C:\Program Files\Nero
2008-10-21 21:44 . 2008-10-21 22:04 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Nero
2008-10-21 21:44 . 2008-10-21 21:49 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-10-21 21:43 . 2008-10-21 21:43 & lt; DIR & gt; d-------- C:\Program Files\Common Files\LightScribe
2008-10-21 21:40 . 2008-10-27 13:29 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\skypePM
2008-10-21 21:40 . 2008-10-27 14:23 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\Skype
2008-10-21 21:40 . 2008-10-21 21:40 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-21 21:39 . 2008-10-21 21:39 & lt; DIR & gt; d-------- C:\Program Files\Skype
2008-10-21 21:39 . 2008-10-21 21:39 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Skype
2008-10-21 21:36 . 2008-10-21 21:39 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-10-21 21:30 . 2008-10-21 21:30 & lt; DIR & gt; d-------- C:\Program Files\Real Alternative
2008-10-21 21:30 . 2008-10-21 21:30 & lt; DIR & gt; d-------- C:\Program Files\Media Player Classic
2008-10-21 21:30 . 2008-10-21 21:30 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-10-21 21:29 . 2002-01-05 12:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-10-21 21:29 . 2003-04-21 14:09 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2008-10-21 21:29 . 2001-09-17 12:20 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-10-21 20:04 . 2008-10-21 20:04 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Stellarium
2008-10-21 20:03 . 2003-03-18 20:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-21 20:03 . 2003-03-18 19:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-10-21 20:03 . 2003-02-21 03:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-10-21 20:00 . 2008-10-21 20:00 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\Gadu-Gadu
2008-10-21 19:59 . 2008-10-21 20:00 & lt; DIR & gt; d-------- C:\Program Files\Gadu-Gadu
2008-10-21 19:59 . 2008-10-21 20:01 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Gadu-Gadu
2008-10-21 18:25 . 2008-10-21 18:25 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-10-21 18:25 . 2008-10-21 18:25 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-10-21 18:25 . 2008-10-23 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-10-21 18:25 . 2008-10-21 18:25 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-10-21 18:24 . 2008-10-21 18:24 & lt; DIR & gt; d-------- C:\WINDOWS\system32\Lang
2008-10-21 18:22 . 2008-10-21 18:26 & lt; DIR & gt; d-------- C:\Program Files\Winamp
2008-10-21 17:22 . 2008-10-21 17:22 & lt; DIR & gt; d-------- C:\Program Files\My Company Name
2008-10-21 17:21 . 2008-10-21 17:23 & lt; DIR & gt; d-------- C:\WINDOWS\nview
2008-10-21 17:19 . 2008-10-21 17:19 & lt; DIR & gt; d-------- C:\Program Files\DIFX
2008-10-21 17:19 . 2006-06-14 06:56 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2008-10-21 17:18 . 2008-10-21 17:18 & lt; DIR & gt; d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-21 17:18 . 2006-05-10 10:33 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-10-21 17:14 . 2008-10-21 17:14 & lt; DIR & gt; d-------- C:\Program Files\Realtek AC97
2008-10-21 17:12 . 2008-10-21 17:20 & lt; DIR & gt; d-------- C:\Program Files\Common Files\InstallShield
2008-10-21 17:11 . 2008-10-21 17:11 20,194 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-10-21 17:11 . 2004-04-27 08:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-10-21 17:11 . 2004-08-13 03:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-10-21 17:06 . 2008-10-21 17:06 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-21 16:59 . 2008-10-21 16:59 & lt; DIR & gt; d-------- C:\Program Files\SAGEM
2008-10-21 16:59 . 2008-10-26 12:07 & lt; DIR & gt; d--h----- C:\Program Files\InstallShield Installation Information
2008-10-21 16:59 . 2008-10-21 16:59 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Dane aplikacji\InstallShield
2008-10-21 14:00 . 2008-10-27 14:32 & lt; DIR & gt; d--h----- C:\Documents and Settings\Sebastian\Ustawienia lokalne
2008-10-21 14:00 . 2008-10-21 14:01 & lt; DIR & gt; dr------- C:\Documents and Settings\Sebastian\Ulubione
2008-10-21 14:00 . 2008-10-21 13:51 & lt; DIR & gt; d--h----- C:\Documents and Settings\Sebastian\Szablony
2008-10-21 14:00 . 2008-10-27 13:44 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Pulpit
2008-10-21 14:00 . 2008-10-21 19:58 & lt; DIR & gt; d-------- C:\Documents and Settings\Sebastian\Moje dokumenty
2008-10-21 14:00 . 2008-10-21 19:59 & lt; DIR & gt; dr------- C:\Documents and Settings\Sebastian\Menu Start
2008-10-21 14:00 . 2008-10-27 14:07 & lt; DIR & gt; dr-h----- C:\Documents and Settings\Sebastian\Dane aplikacji
2008-10-21 14:00 . 2008-10-27 14:32 & lt; DIR & gt; d--h----- C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-10-21 14:00 . 2008-10-21 14:00 & lt; DIR & gt; d-------- C:\Documents and Settings\LocalService\Dane aplikacji
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 15:59 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-10-21 12:55 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-21 12:53 --------- d-----w C:\Program Files\Us³ugi online
.
((((((((((((((((((((((((((((( snapshot(ma³pa)2008-10-27_14.07.34.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-27 13:20:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1c0.dat
- 2008-10-26 21:00:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat
+ 2008-10-27 13:20:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat
+ 2008-10-27 13:20:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7f0.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\ctfmon.exe " [2004-08-03 15360]
" Gadu-Gadu " = " C:\Program Files\Gadu-Gadu\gg.exe " [2007-07-09 2119104]
" Skype " = " C:\Program Files\Skype\Phone\Skype.exe " [2008-09-29 21755688]
" LightScribe Control Panel " = " C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe " [2008-06-09 2363392]
" USDownloader " = " H:\USDownloader_14.10.08_For_www.All-4u.pl\USDownloader.exe " [2008-10-06 529920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" NvCplDaemon " = " C:\WINDOWS\system32\NvCpl.dll " [2006-06-01 7618560]
" WinampAgent " = " C:\Program Files\Winamp\winampa.exe " [2006-11-27 35328]
" avast! " = " H:\avast\ashDisp.exe " [2008-07-19 78008]
" kalendarz XP " = " H:\Kalendarz XP\Kalendarz XP\Kalendarz.exe " [2006-03-04 882176]
" Adobe Reader Speed Launcher " = " H:\Adobe Reader 9.0\Reader\Reader_sl.exe " [2008-06-12 34672]
" SunJavaUpdateSched " = " C:\Program Files\Java\jre6\bin\jusched.exe " [2008-10-25 136600]
" UnlockerAssistant " = " H:\Unlocker\UnlockerAssistant.exe " [2008-05-02 15872]
" BearShare " = " H:\BearShare\BearShare.exe " [2006-08-01 3313664]
" SoundMan " = " SOUNDMAN.EXE " [2006-06-20 C:\WINDOWS\soundman.exe]
" nwiz " = " nwiz.exe " [2006-06-01 C:\WINDOWS\system32\nwiz.exe]
" NvMediaCenter " = " NvMCTray.dll " [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]
" loaddll " = " loaddll.exe " [2005-05-20 C:\WINDOWS\loaddll.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\CTFMON.EXE " [2004-08-03 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F(ma³pa)st 800-840\dslmon.exe [2008-10-21 1205840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
" VIDC.X264 " = x264vfw.dll
" VIDC.DIV3 " = DivXc32.dll
" VIDC.DIV4 " = DivXc32f.dll
" VIDC.3iv2 " = 3ivxVfWCodec.dll
" VIDC.HFYU " = huffyuv.dll
" vidc.i263 " = i263_32.drv
" VIDC.VP31 " = vp31vfw.dll
" VIDC.MPG4 " = msmpeg4.dll
" VIDC.MP42 " = msmpeg4.dll
" VIDC.MP43 " = msmpeg4.dll
" msacm.l3fhg " = mp3fhg.acm
" msacm.divxa32 " = divxa32.acm
" msacm.imc " = imc32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" C:\\Program Files\\Gadu-Gadu\\gg.exe " =
" H:\\BearShare\\BearShare.exe " =
" C:\\WINDOWS\\system32\\PnkBstrA.exe " =
" C:\\WINDOWS\\system32\\PnkBstrB.exe " =
" G:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe " =
" C:\\Program Files\\Skype\\Phone\\Skype.exe " =
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 69656]
S3 VMMDriver;VMM Driver;C:\Documents and Settings\Sebastian\Pulpit\Microsoft Virtual PC 2007 portable\Appdata\bin\VMM\VMM.sys [2007-02-18 232816]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
" C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "
.
.
------- Skan uzupe³niaj¹cy -------
.
FireFox -: Profile - C:\Documents and Settings\Sebastian\Dane aplikacji\Mozilla\Firefox\Profiles\5pq98mjd.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.pl
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - H:\Adobe Reader 9.0\Reader\browser\nppdf32.dll
FF -: plugin - H:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - H:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 14:32:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
C:\sccfg.sys 86 bytes
skanowanie pomylnie ukoñczone
ukryte pliki: 1
**************************************************************************
.
Czas ukoñczenia: 2008-10-27 14:34:05
ComboFix-quarantined-files.txt 2008-10-27 13:33:59
ComboFix2.txt 2008-10-27 13:08:03
Przed: 1 736 499 200 bajtów wolnych
Po: 1,726,464,000 bajtów wolnych
216