Witam dzis walsczylem z infekcjami na lapku mialem problem z autorunem i wieloma innymi pomimo formata wczesniejszego załaczal log z programu combofix zaznacze jedynie ze po skanoawniu combofixem wylaczylem przywracanie systemu zresetowalem komp i przerpowadzilem skan systemu avastem..jest niby czysto
ComboFix 10-03-01.03 - J-N-X 2010-03-03 10:17:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.2046.1732 [GMT 1:00]
Uruchomiony z: c:\documents and settings\J-N-X\Pulpit\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\docume~1\J-N-X\USTAWI~1\Temp\cvasds0.dll
c:\docume~1\J-N-X\USTAWI~1\Temp\cvasds1.dll
c:\windows\AhnRpta.exe
c:\windows\system32\ieuinit.inf
c:\windows\system32\softqq0.dll
D:\autorun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.
2010-03-03 09:09 . 2010-03-03 09:09 -------- d-----w- c:\documents and settings\J-N-X\Ustawienia lokalne\Dane aplikacji\GHISLER
2010-03-03 09:06 . 2004-08-03 22:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-03-02 14:33 . 2010-03-02 14:33 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
2010-03-02 14:17 . 2010-03-02 14:17 -------- d-----w- c:\program files\uTorrent
2010-03-02 14:17 . 2010-03-02 14:44 -------- d-----w- c:\documents and settings\J-N-X\Dane aplikacji\uTorrent
2010-03-02 14:11 . 2010-03-02 14:11 -------- d-----w- C:\totalcmd
2010-03-02 14:11 . 2005-02-02 05:51 545 ----a-w- c:\windows\UC.PIF
2010-03-02 14:11 . 2005-02-02 05:51 545 ----a-w- c:\windows\RAR.PIF
2010-03-02 14:11 . 2005-02-02 05:51 545 ----a-w- c:\windows\PKZIP.PIF
2010-03-02 14:11 . 2005-02-02 05:51 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-03-02 14:11 . 2005-02-02 05:51 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-03-02 14:11 . 2005-02-02 05:51 545 ----a-w- c:\windows\LHA.PIF
2010-03-02 14:11 . 2005-02-02 05:51 545 ----a-w- c:\windows\ARJ.PIF
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 14:30 . 2010-03-02 14:28 -------- d-----w- c:\program files\Google
2010-03-02 14:28 . 2010-03-02 14:28 -------- d-----w- c:\program files\Alwil Software
2010-03-02 14:28 . 2010-03-02 14:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software
2010-03-02 13:59 . 2010-03-02 13:59 -------- d-----w- c:\program files\SubEdit-Player
2010-03-02 13:59 . 2010-03-02 13:58 -------- d-----w- c:\program files\Winamp
2010-03-02 13:57 . 2010-03-02 13:56 -------- d-----w- c:\program files\Java
2010-03-02 13:56 . 2010-03-02 13:55 -------- d-----w- c:\program files\Common Files\Java
2010-03-02 13:54 . 2010-03-02 13:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-02 13:39 . 2010-03-02 13:39 0 ----a-w- c:\windows\nsreg.dat
2010-03-02 13:26 . 2010-03-02 13:26 -------- d-----w- c:\program files\CONEXANT
2010-03-02 13:25 . 2006-03-02 12:00 49910 ----a-w- c:\windows\system32\perfc015.dat
2010-03-02 13:25 . 2006-03-02 12:00 356068 ----a-w- c:\windows\system32\perfh015.dat
2010-03-02 13:25 . 2010-03-02 13:23 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-02 13:24 . 2010-03-02 13:24 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-03-02 13:24 . 2010-03-02 13:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-02 13:24 . 2010-03-02 13:24 -------- d-----w- c:\program files\Atheros
2010-03-02 13:10 . 2010-03-02 13:10 -------- d-----w- c:\program files\microsoft frontpage
2010-03-02 13:09 . 2010-03-02 13:09 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-02 13:08 . 2010-03-02 13:08 -------- d-----w- c:\program files\Us³ugi online
2010-03-02 13:06 . 2010-03-02 13:06 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-11 18:53 . 2010-03-02 14:28 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2010-03-02 14:28 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2010-03-02 14:28 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2010-03-02 14:28 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2010-03-02 14:28 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2010-03-02 14:28 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2010-03-02 14:28 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2010-03-02 14:28 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2010-03-02 14:28 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-02 18:00 . 2010-03-02 13:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-12 14:15 . 2010-03-02 13:54 178176 ----a-w- c:\windows\system32\unrar.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" NvCplDaemon " = " c:\windows\system32\NvCpl.dll " [2005-12-15 7331840]
" nwiz " = " nwiz.exe " [2005-12-15 1519616]
" ACU " = " c:\program files\Atheros\ACU.exe " [2006-04-26 331776]
" High Definition Audio Property Page Shortcut " = " CHDAudPropShortcut.exe " [2006-02-03 61952]
" SunJavaUpdateSched " = " c:\program files\Java\jre1.5.0_06\bin\jusched.exe " [2005-11-10 36975]
" WinampAgent " = " c:\program files\Winamp\winampa.exe " [2003-12-13 33792]
" avast5 " = " c:\progra~1\ALWILS~1\Avast5\avastUI.exe " [2010-02-11 2756488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2006-03-02 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\uTorrent\\uTorrent.exe " =
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-03-02 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-03-02 19024]
S2 gupdate;Us³uga Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 133104]
.
Zawartoæ folderu 'Zaplanowane zadania'
2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 14:28]
2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 14:28]
.
.
------- Skan uzupe³niaj¹cy -------
.
FF - ProfilePath - c:\documents and settings\J-N-X\Dane aplikacji\Mozilla\Firefox\Profiles\4q797jz5.default\
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
---- FIREFOX - SPOSÓB POSTÊPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.use_native_colors " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.use_native_popup_windows " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.enable_click_image_resizing " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " accessibility.browsewithcaret_shortcut.enabled " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " javascript.options.mem.high_water_mark " , 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " javascript.options.mem.gc_frequency " , 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.auth.force-generic-ntlm " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " svg.smil.enabled " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.trackpoint_hack.enabled " , -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.debug " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.agedWeight " , 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.bucketSize " , 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.maxTimeGroupings " , 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.timeGroupingSize " , 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.boundaryWeight " , 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.prefixWeight " , 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " html5.enable " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " app.update.download.backgroundInterval " , 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " app.update.url.manual " , " http://www.firefox.com " );
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " browser.search.param.yahoo-fr-ja " , " mozff " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name " , " chrome://browser/locale/browser.properties " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description " , " chrome://browser/locale/browser.properties " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " xpinstall.whitelist.add " , " addons.mozilla.org " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " xpinstall.whitelist.add.36 " , " getpersonas.com " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " lightweightThemes.update.enabled " , true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.allTabs.previews " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " plugins.hide_infobar_for_outdated_plugin " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " plugins.update.notifyUser " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " toolbar.customization.usesheet " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.enable " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.max " , 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.cachetime " , 20);
.
- - - - USUNIÊTO PUSTE WPISY - - - -
ShellExecuteHooks-{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72} - c:\windows\system32\softqq0.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 10:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomylnie ukoñczone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ³adowane pod uruchomionymi procesami ---------------------
- - - - - - - & gt; 'winlogon.exe'(552)
c:\windows\system32\antiwpa.dll
.
Czas ukoñczenia: 2010-03-03 10:21:04
ComboFix-quarantined-files.txt 2010-03-03 09:21
Przed: 11 564 572 672 bajtów wolnych
Po: 11 550 781 440 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= " Microsoft Windows Recovery Console " /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= " Microsoft Windows XP Home Edition " /noexecute=optin /fastdetect
- - End Of File - - BA77649CA8361FEFC5F712CACD83ACDE