piekarz

Avast wykrył u mnie rootkita, usuniecie nic nie daje co robic ?? Oto log z ComboFix : » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - " " ComboFix 09-02-17.02 - Krzysiek 2009-02-18 20:32:34.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.511.235 [GMT 1:00] Running from: C:\Documents and Settings\Krzysiek\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Krzysiek\Pulpit\WinXP_PL_PRO_BF.EXE AV: avast! antivirus 4.8.1229 [VPS 090207-0] *On-access scanning enabled* (Outdated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1utbfd.bat C:\autorun.inf C:\WINDOWS\system32\nmdfgds0.dll C:\WINDOWS\system32\olhrwef.exe D:\1utbfd.bat D:\Autorun.inf E:\1utbfd.bat E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 ))))))))))))))))))))))))))))))) . 2009-02-18 20:30 . 2009-02-18 20:31 <DIR> d-------- C:\32788R22FWJFW 2009-02-14 19:46 . 2009-02-14 19:46 7,680 --a------ C:\WINDOWS\system32\drivers\RKL15.tmp.sys 2009-02-14 16:28 . 2009-02-14 16:28 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu 2009-02-14 08:19 . 2009-02-14 08:19 <DIR> d-------- C:\Documents and Settings\LocalService\Pulpit 2009-02-14 08:08 . 2009-02-14 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2009-02-03 18:13 . 2009-02-03 18:13 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2009-02-03 15:41 . 2005-03-03 20:32 86,094 --a------ C:\WINDOWS\system32\ImageDrive.cpl 2009-01-20 12:48 . 2009-01-20 12:48 <DIR> d--h----- C:\Documents and Settings\All Users\Dane aplikacji\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-18 19:38 --------- d-----w C:\Documents and Settings\Krzysiek\Dane aplikacji\Skype 2009-02-18 19:37 --------- d-----w C:\Program Files\neostrada tp 2009-02-18 17:14 --------- d-----w C:\Documents and Settings\Krzysiek\Dane aplikacji\skypePM 2009-02-08 08:12 --------- d-----w C:\Documents and Settings\Krzysiek\Dane aplikacji\Azureus 2009-02-05 19:21 --------- d-----w C:\Documents and Settings\Krzysiek\Dane aplikacji\Hamachi 2009-02-03 17:13 --------- d-----w C:\Program Files\DAEMON Tools Toolbar 2008-12-23 07:10 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-12-23 07:09 --------- d-----w C:\Documents and Settings\Krzysiek\Dane aplikacji\DAEMON Tools 2008-12-22 11:56 --------- d-----w C:\Program Files\Skype 2008-12-22 11:55 --------- d-----w C:\Program Files\Common Files\Skype 2008-12-22 11:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-12-21 18:13 --------- d-----w C:\Program Files\ivo 2008-12-09 18:46 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll 2008-04-02 18:14 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-10-10 06:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008101020081011\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:21 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-18 14:14 68856] "Skype"="E:\Program Files\Skype\Phone\Skype.exe" [2008-11-07 14:31 21633320] "Eraser"="E:\Program Files\Eraser\eraser.exe" [2007-12-23 00:03 916240] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 16:02 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38 78008] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768] "AdslTaskBar"="stmctrl.dll" [2006-06-02 10:01 151552 C:\WINDOWS\system32\stmctrl.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:21 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-26 15:27:32 113664] Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll "vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll "VIDC.FFDS"= ffdshow.ax [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "E:\\Program Files\\Azureus\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "D:\\Program Files\\Counter Strike 1.6 - www.lagownia.pl\\hl.exe"= "E:\\Program Files\\TVAnts\\Tvants.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Gadu-Gadu\\ggphone\\ggphone.exe"= "C:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Documents and Settings\\Krzysiek\\Pulpit\\nhl2004.exe"= "E:\\Program Files\\Hamachi\\hamachi.exe"= "E:\\fifa\\FIFA 09\\FIFA 09\\FIFA09.exe"= "E:\\Program Files\\Aspyr\\Tony Hawks Pro Skater 4\\Game\\Skate4.exe"= "D:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "E:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2008-01-04 19:56:35 77312] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-08-08 16:56:43 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2008-08-08 16:56:43 20560] R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\drivers\stmatm.sys [2008-01-05 12:55:10 60255] R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\drivers\torususb.sys [2008-01-05 12:55:10 684265] S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\2.tmp --> C:\WINDOWS\system32\2.tmp [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{056de808-c6bf-11dd-a52b-0011d8ddc139}] \Shell\AutoRun\command - H:\1utbfd.bat \Shell\open\Command - H:\1utbfd.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c85a451a-7dad-11dd-a40d-0011d8ddc139}] \Shell\AutoRun\command - G:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2009-02-14 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2008-06-25 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08] . - - - - ORPHANS REMOVED - - - - HKCU-Run-cdoosoft - C:\WINDOWS\system32\olhrwef.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.pl/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to AMV Convert Tool... - E:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html IE: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file - E:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html IE: { - C:\Program Files\Messenger\msmsgs.exe FF - ProfilePath - C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\ppp0yjuu.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - component: C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: C:\Program Files\Java\j2re1.4.0_03\bin\NPJava11.dll FF - plugin: C:\Program Files\Java\j2re1.4.0_03\bin\NPJava12.dll FF - plugin: C:\Program Files\Java\j2re1.4.0_03\bin\NPJava13.dll FF - plugin: C:\Program Files\Java\j2re1.4.0_03\bin\NPJava32.dll FF - plugin: C:\Program Files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll FF - plugin: C:\Program Files\Java\j2re1.4.0_03\bin\NPOJI610.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll .