Witam. Mam windows xp z zainstalowanym Avastem. Avast statni zaczeł mi wywalać okienko o podejrzanym pliku nmdfgds0.dll i pyta mi sie czy usunąc biore tak i jestem zadowolony. Włanczam następny raz kompa i znowu to samo jak sie tego pozbyć. Jak to mi zaczeło wysakiwac to Avast zaczoł też wyżucać całe listy wirusów. Dodam na koniec że zrobiłem skanowanie Combofix usunoł on coś i koniec. Czy juz go się pozbyłem Log wklejam poniżej.
Proszę o waszą pomoc.
ComboFix 09-04-23.A3 - PC1 2009-04-23 16:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.639.313 [GMT 2:00]
Uruchomiony z: c:\documents and settings\PC1\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090423-0] *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\PC1\Dane aplikacji\Microsoft\SystemCertificates\Request
c:\documents and settings\PC1\Dane aplikacji\ShoppingReport
c:\documents and settings\PC1\Dane aplikacji\ShoppingReport\cs\Config.xml
c:\documents and settings\PC1\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\PC1\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\PC1\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\PC1\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\PC1\Dane aplikacji\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\PC1\Dane aplikacji\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\PC1\Menu Start\Programy\PlayMP3z
C:\ej10fkdo.bat
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]00BE23C
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]00BE7F9.bin
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]00BEA6A.bin
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]00BEC00.bin
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
F:\Autorun.inf
F:\ej10fkdo.bat
F:\update.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-23 do 2009-4-23 )))))))))))))))))))))))))))))))
.
2009-04-22 17:51 . 2009-04-22 17:51 275 ----a-w C:\Skrót do Dysk lokalny (F).lnk
2009-04-16 18:25 . 2009-04-16 18:25 118784 ----a-w c:\windows\SeaMonkeyUninstall.exe
2009-04-16 18:25 . 2009-04-16 18:25 118784 ----a-w c:\windows\GREUninstall.exe
2009-04-11 14:45 . 2009-04-11 14:45 -------- d-----w c:\documents and settings\PC1\.mysqlcc
2009-04-11 14:11 . 2006-08-17 20:37 130048 ----a-w c:\windows\system32\webserv.cpl
2009-04-11 14:10 . 2007-06-19 19:52 419840 ----a-w c:\windows\system32\ws_edit.lib
2009-04-11 14:10 . 2009-04-11 14:16 415 ----a-w c:\windows\my.ini
2009-04-11 14:10 . 2009-04-11 14:16 40225 ----a-w c:\windows\php.ini
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 14:31 . 2007-03-23 13:43 -------- d-----w c:\documents and settings\PC1\Dane aplikacji\Skype
2009-04-22 15:05 . 2007-03-23 13:17 351636 ----a-w C:\hpfr3420.log
2009-04-16 18:25 . 2008-01-11 17:04 7487 ----a-w c:\windows\mozver.dat
2009-04-16 18:25 . 2009-04-16 18:25 -------- d-----w c:\program files\Common Files\mozilla.org
2009-04-16 18:24 . 2009-04-16 18:24 -------- d-----w c:\program files\mozilla.org
2009-04-14 16:31 . 2007-07-23 13:13 -------- d-----w c:\program files\Java
2009-04-14 16:29 . 2001-10-26 16:15 88838 ----a-w c:\windows\system32\perfc015.dat
2009-04-14 16:29 . 2001-10-26 16:15 500302 ----a-w c:\windows\system32\perfh015.dat
2009-04-13 19:05 . 2009-03-14 13:53 -------- d-----w c:\documents and settings\PC1\Dane aplikacji\U3
2009-04-11 13:43 . 2009-04-11 13:43 -------- d-----w c:\program files\Apache Software Foundation
2009-04-04 19:09 . 2007-03-22 15:39 -------- d-----w c:\program files\Common Files\Adobe
2009-03-30 16:17 . 2007-11-21 17:02 -------- d-----w c:\documents and settings\PC1\Dane aplikacji\gtk-2.0
2009-03-23 15:52 . 2009-03-23 15:51 -------- d-----w c:\documents and settings\PC1\Dane aplikacji\Desktopicon
2009-03-19 16:43 . 2009-03-19 16:43 0 ----a-w C:\temp.html
2009-03-09 03:19 . 2008-12-04 15:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 13:21 . 2009-03-06 13:18 -------- d-----w c:\program files\Common Files\Macromedia
2009-02-27 16:50 . 2008-11-27 20:03 -------- d-----w c:\program files\P2P_Energy
2009-02-23 19:44 . 2007-03-24 12:27 34440 ----a-w c:\documents and settings\PC1\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-02-21 19:56 . 2007-03-22 15:01 34440 ----a-w c:\documents and settings\PC1\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-11-16 18:24 . 2008-11-16 14:47 2352 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2008-05-25 17:07 . 2007-07-28 14:23 2405 ----a-w c:\documents and settings\PC1\UNPACK.BAT
2007-05-21 12:16 . 2007-05-21 12:16 128 ----a-w c:\documents and settings\PC1\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2000-02-03 08:51 . 2007-07-28 14:23 13032 ----a-w c:\documents and settings\PC1\TRAINER.EXE
2000-02-02 12:33 . 2007-07-28 16:08 350 ----a-w c:\documents and settings\PC1\SIMS.REG
2000-02-02 09:50 . 2007-07-28 14:23 2166784 ----a-w c:\documents and settings\PC1\Sims.exe
2000-01-05 18:39 . 2007-07-28 14:23 10848 ----a-w c:\documents and settings\PC1\Secdrv.sys
2000-01-05 18:39 . 2007-07-28 14:23 31744 ----a-w c:\documents and settings\PC1\Drvmgt.dll
1999-10-29 22:33 . 2007-07-28 14:23 835628 ----a-w c:\documents and settings\PC1\gimex.dll
1999-09-18 09:17 . 2007-07-28 14:23 7960 ----a-w c:\documents and settings\PC1\WUNPACK.EXE
1999-04-08 11:00 . 2007-07-28 14:23 229344 ----a-w c:\documents and settings\PC1\4DOS.COM
1999-02-09 08:46 . 2007-07-28 14:23 137728 ----a-w c:\documents and settings\PC1\ijl10.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-03-21 14:31 1883672 ----a-w c:\program files\P2P_Energy\tbP2P1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-03-21 1883672]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-03-21 1883672]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-12 25693224]
"Gadu-Gadu"="f:\gadu-gadu\gg.exe" [2007-07-09 2119104]
"ares"="f:\ares\Ares.exe" [2007-05-04 961024]
"Zegarynka"="c:\documents and settings\PC1\Pulpit\Zegarynka.exe" [2003-11-16 1055232]
"Ares Galaxy SpeedUp Pro"="f:\ares\Ares Galaxy SpeedUp Pro\Ares Galaxy SpeedUp Pro.exe" [2008-11-13 391680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2006-03-20 516096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-29 188416]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-07-10 1048576]
"tguard"="f:\beniamin\tguard.exe" [2008-01-30 561152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
c:\documents and settings\PC1\Menu Start\Programy\Autostart\
Ares Galaxy SpeedUp Pro.lnk - f:\ares\Ares Galaxy SpeedUp Pro\Ares Galaxy SpeedUp Pro.exe [2008-11-13 391680]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-4 113664]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]pgdfgsvc C 1
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Little Fighter 2.5 - v2.0\\lf2.5\\lf2.5.exe"=
"f:\\Gadu-Gadu\\gg.exe"=
"f:\\Ares\\Ares.exe"=
"f:\\hamahi\\hamachi.exe"=
"f:\\kuba\\Gry\\Nowy folder\\volley.exe"=
"f:\\opera.exe"=
"c:\\Documents and Settings\\PC1\\Pulpit\\hfs.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=
"c:\\Program Files\\Sun\\xVM VirtualBox\\VirtualBox.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\UrbanTerror\\ioUrTded.exe"=
"f:\\UrbanTerror\\ioUrbanTerror.exe"=
"f:\\server www\\WebServ\\WebServ.exe"=
"f:\\server www\\WebServ\\mysql\\bin\\WebServ(mysqld).exe"=
"f:\\server www\\WebServ\\apache2\\bin\\WebServ(apache).exe"=
"f:\\server www\\WebServ\\ftp\\WebServ(ftp).exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 PsSdk40;PsSdk40;c:\windows\system32\Drivers\pssdk40.sys [2008-02-19 36928]
R3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.sys [2008-02-19 53312]
S0 BsStor;InCD Storage Helper Driver;c:\windows\System32\DRIVERS\bsstor.sys [2002-06-05 9344]
S1 aswSP;avast! Self Protection; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-12-17 100368]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-12-17 41680]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 BsUDF;InCD UDF Driver; [x]
S2 DLPortIO;DriverLINX Port I/O Driver; [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2008-12-17 81360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05323204-0d20-11dc-a686-000e50a7e7a4}]
\Shell\AutoRun\command - J:\ej10fkdo.bat
\Shell\open\Command - J:\ej10fkdo.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7f515a2-7c23-11dd-aa01-000e50a7e7a4}]
\Shell\AutoRun\command - J:\setup.exe AUTORUN=1
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-Democracy Player - f:\democracy player\Democracy.exe
HKCU-Run-atomdent - c:\docume~1\PC1\DANEAP~1\OnceOoze\rectamen.exe
HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe
HKLM-Run-BearShare - f:\program files\BearShare\BearShare.exe
HKLM-Run-UnlockerAssistant - f:\unlocker\UnlockerAssistant.exe
Notify-WgaLogon - (no file)
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download Video - http://www.viloader.net/addon.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - f:\office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\bnmndrv.dll
TCP: {67BD57DA-CC06-46AC-A1DF-7B370749CB25} = 194.204.159.1 217.98.63.164
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 16:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIAudioi\SBADeck\ADeck.exe 1???\ ?|???|C:\Documents and???|???|?????????
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\bnmndrv.dll
.
Czas ukończenia: 2009-04-23 16:54
ComboFix-quarantined-files.txt 2009-04-23 14:53
Przed: 4 675 637 248 bajtów wolnych
Po: 6 870 671 360 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
211 --- E O F --- 2009-02-12 15:39