siemanko, od wczoraj wyje mi avast ze znalazł wirusa Win32: Rootkit-gen w pliku którego nie ma na dysku. komputer działa stabilnie tylko co chwile wyje mi o tym wirusie. bardzo prosze o pomoc
ComboFix 09-02-12.03 - Administrator 2009-02-14 12:23:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.293 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090213-0] *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\peyfrf2.cmd
D:\Autorun.inf
D:\peyfrf2.cmd
E:\Autorun.inf
E:\peyfrf2.cmd
F:\Autorun.inf
F:\peyfrf2.cmd
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-14 do 2009-02-14 )))))))))))))))))))))))))))))))
.
2009-02-14 11:54 . 2009-02-14 12:00 <DIR> d-------- C:\syf
2009-02-11 20:48 . 2009-02-11 20:48 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Media Player Classic
2009-02-11 20:47 . 2009-02-11 20:47 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-02-11 19:29 . 2009-02-11 19:30 <DIR> d-------- c:\program files\ALLPlayer
2009-02-11 14:28 . 2009-02-11 14:28 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-11 14:27 . 2009-02-11 14:28 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-11 13:24 . 2004-08-03 23:10 19,328 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2009-02-11 13:24 . 2004-08-04 00:44 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-11 13:24 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-11 13:24 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-11 13:24 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-02-11 13:24 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-02-11 13:23 . 2004-08-04 00:44 91,136 --a------ c:\windows\system32\kswdmcap.ax
2009-02-11 13:23 . 2004-08-03 23:10 85,376 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2009-02-11 13:23 . 2004-08-04 00:44 61,952 --a------ c:\windows\system32\kstvtune.ax
2009-02-11 13:23 . 2004-08-04 00:44 54,784 --a------ c:\windows\system32\vfwwdm32.dll
2009-02-11 13:23 . 2004-08-04 00:44 43,008 --a------ c:\windows\system32\ksxbar.ax
2009-02-11 13:23 . 2004-08-04 00:44 28,672 --a------ c:\windows\system32\vidcap.ax
2009-02-11 13:23 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2009-02-11 13:09 . 2009-02-11 13:09 109,568 -r-hs---- c:\windows\system32\uweyiwe1.dll
2009-02-11 13:08 . 2009-02-11 13:09 174,038 -r-hs---- c:\windows\system32\kva8wr.exe
2009-02-11 13:08 . 2009-02-14 11:54 109,568 -r-hs---- c:\windows\system32\uweyiwe0.dll
2009-02-08 12:41 . 2009-02-11 10:05 <DIR> d-------- c:\program files\Aspell
2009-02-08 12:41 . 2009-02-08 12:45 <DIR> d-------- c:\documents and settings\Administrator\TmpInstall
2009-02-07 18:30 . 2009-02-07 18:30 248 --a------ c:\windows\RomeTW.ini
2009-02-07 18:20 . 2009-02-07 18:20 <DIR> d-------- c:\program files\Activision
2009-02-07 07:28 . 2009-02-07 07:28 <DIR> d-------- c:\program files\Sony Ericsson
2009-02-07 07:28 . 2009-02-07 07:38 <DIR> d-------- c:\program files\Avanquest update
2009-02-07 07:28 . 2009-02-07 07:28 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson
2009-02-07 07:28 . 2009-02-07 07:28 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\BVRP Software
2009-02-07 07:27 . 2009-02-07 07:27 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\InstallShield
2009-02-06 17:01 . 2009-02-06 17:01 <DIR> d-------- c:\program files\EA SPORTS
2009-02-06 13:00 . 2009-02-06 13:02 <DIR> d-------- c:\program files\RegCleaner
2009-02-06 12:26 . 2009-02-06 12:26 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools
2009-02-05 22:51 . 2009-02-13 11:06 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\skypePM
2009-02-05 22:51 . 2009-02-05 22:51 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-05 22:49 . 2009-02-05 22:49 <DIR> dr------- c:\program files\Skype
2009-02-05 22:49 . 2009-02-05 22:49 <DIR> d-------- c:\program files\Google
2009-02-05 22:49 . 2009-02-05 22:49 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-05 22:49 . 2009-02-05 22:49 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-05 22:49 . 2009-02-13 11:08 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Skype
2009-02-05 21:54 . 2009-02-05 21:54 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\OpenOffice.org
2009-02-05 21:52 . 2009-02-05 21:52 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-02-05 21:51 . 2009-02-05 21:51 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-02-05 21:47 . 2009-02-05 21:47 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-02-05 21:46 . 2009-02-05 21:47 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-05 21:46 . 2009-02-06 16:56 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools Lite
2009-02-05 13:19 . 2009-02-05 13:19 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-02-04 22:35 . 2009-02-04 22:41 <DIR> d-------- c:\program files\Winamp
2009-02-04 22:35 . 2009-02-04 22:45 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Winamp
2009-02-04 20:52 . 2009-02-04 20:52 <DIR> d-------- c:\program files\MSN Messenger
2009-02-04 20:43 . 2009-02-04 20:43 <DIR> d-------- c:\program files\Microsoft Works
2009-02-04 20:38 . 2009-02-04 20:38 <DIR> d-------- c:\windows\SHELLNEW
2009-02-04 20:36 . 2009-02-04 20:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-02-04 20:35 . 2009-02-04 20:35 <DIR> dr-h----- C:\MSOCache
2009-02-04 20:03 . 2004-08-04 01:35 58,624 --a------ c:\windows\system32\drivers\redbook.sys
2009-02-04 20:03 . 2001-10-26 17:48 9,600 --a------ c:\windows\system32\drivers\NtApm.sys
2009-02-04 20:03 . 2001-08-17 22:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-02-04 20:02 . 2004-08-04 01:43 1,888,992 --a------ c:\windows\system32\ati3duag.dll
2009-02-04 20:02 . 2004-08-04 01:43 870,784 --a------ c:\windows\system32\ati3d1ag.dll
2009-02-04 20:02 . 2004-08-04 01:35 701,440 --a------ c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 20:02 . 2004-08-04 01:43 516,768 --a------ c:\windows\system32\ativvaxx.dll
2009-02-04 20:02 . 2004-08-04 01:43 229,376 --a------ c:\windows\system32\ati2cqag.dll
2009-02-04 20:02 . 2004-08-04 01:43 201,728 --a------ c:\windows\system32\ati2dvag.dll
2009-02-04 20:02 . 2004-08-04 01:44 77,312 --a------ c:\windows\system32\usbui.dll
2009-02-04 20:02 . 2004-08-04 00:07 42,368 --a------ c:\windows\system32\drivers\AGP440.SYS
2009-02-04 20:02 . 2004-08-03 23:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys
2009-02-04 20:02 . 2004-08-04 00:08 10,624 --a------ c:\windows\system32\drivers\gameenum.sys
2009-02-04 20:02 . 2001-08-17 22:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 00:45 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\uTorrent
2009-02-07 17:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 17:19 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-06 11:26 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools Pro
2009-02-04 19:09 --------- d-----w c:\program files\DAEMON Tools Pro
2009-02-04 18:59 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-02-04 18:56 --------- d-----w c:\program files\Creative
2009-02-04 18:55 86,016 ----a-w c:\windows\system32\OpenAL32.dll
2009-02-04 18:55 409,600 ----a-w c:\windows\system32\wrap_oal.dll
2009-02-04 18:55 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Creative
2009-02-04 18:54 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-04 18:42 --------- d-----w c:\program files\uTorrent
2009-02-04 18:25 --------- d-----w c:\program files\WapSter
2009-02-04 18:22 --------- d-----w c:\program files\Opera
2009-02-04 18:15 --------- d-----w c:\program files\Sygate
2009-02-04 18:15 --------- d-----w c:\program files\Alwil Software
2009-02-04 18:10 --------- d-----w c:\program files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2008-12-22 1656832]
"kvasoft"="c:\windows\system32\kva8wr.exe" [2009-02-11 174038]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="c:\progra~1\Sygate\SPF\Smc.exe" [2003-01-21 2015303]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-04 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-04 20560]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2002-12-30 12160]
R3 NtApm;Sterownik interfejsu NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [2009-02-04 9600]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-02-07 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-02-07 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-02-07 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-02-07 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-02-07 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-02-07 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-02-07 115752]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2009-02-11 178913]
--- Inne Usługi/Sterowniki w Pamięci ---
*Deregistered* - DwShield00002073
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9b63920-f834-11dd-ba3b-0022b0bc8a78}]
\Shell\AutoRun\command - I:\peyfrf2.cmd
\Shell\open\Command - I:\peyfrf2.cmd
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://onet.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {BB2F189C-55D3-4616-ADBB-E339855E11A3} = 217.30.129.149 217.30.137.200
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-14 12:25:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-02-14 12:26:16
ComboFix-quarantined-files.txt 2009-02-14 11:26:14
Przed: 62 119 481 344 bajtów wolnych
Po: 62,303,080,448 bajtów wolnych
173
Dolnośląskie Forum Paintballowe
Autor
