Witam, od jakiegoś czasu komputer chodzi mi wolniej i avast wykrywa coraz to nowsze wirusy takie jak 8.bat czy a2h2.com, proszę o sprawdzenie loga z Combofixa, z góry dzięki za pomoc
pozdrawiam
ComboFix 09-01-21.04 - el jefe 2009-01-31 18:30:23.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.765.428 [GMT 1:00]
Uruchomiony z: c:\documents and settings\el jefe\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081009-1] *On-access scanning disabled* (Outdated)
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-28 do 2009-01-31 )))))))))))))))))))))))))))))))
.
2009-01-31 18:00 . 2009-01-31 17:59 109,930 -r-hs---- C:\a2h2.com
2009-01-29 09:33 . 2009-01-29 06:53 108,861 -r-hs---- C:\8.bat
2009-01-20 07:14 . 2009-01-21 09:33 108,869 -r-hs---- C:\gy.exe
2009-01-18 16:15 . 2009-01-31 17:58 95,744 --------- c:\windows\system32\nmdfgds0.dll
2009-01-17 09:15 . 2009-01-31 17:59 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll
2009-01-17 09:14 . 2004-08-03 23:44 70,144 --a------ c:\windows\AhnRpta.exe
2009-01-17 09:06 . 2009-01-17 09:30 110,003 -r-hs---- C:\x2csvg.exe
2009-01-17 09:05 . 2009-01-31 17:59 109,930 -r-hs---- c:\windows\system32\olhrwef.exe
2009-01-17 01:42 . 2009-01-20 22:55
2009-01-16 23:59 . 2009-01-22 00:34
2009-01-16 23:59 . 2009-01-16 23:59 4 --a------ c:\windows\system32\proc-1963933865.bin
2009-01-05 22:23 . 2009-01-05 22:23
2009-01-05 22:18 . 2009-01-05 22:19
2009-01-05 22:17 . 2009-01-05 22:17
2008-12-14 23:10 . 2008-12-14 23:10
2008-12-10 08:28 . 2008-12-08 20:47 107,045 -r-hs---- C:\6fnlpetp.exe
2008-12-10 08:28 . 2009-01-11 14:30 85,504 -r-hs---- c:\windows\system32\vbsdfe1.dll
2008-12-09 06:47 . 2009-01-18 09:01 85,504 -r-hs---- c:\windows\system32\vbsdfe0.dll
2008-12-08 21:14 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-08 21:13 . 2008-12-08 21:13
2008-12-08 21:12 . 2008-12-08 21:12
2008-12-08 21:07 . 2008-12-08 21:18
2008-12-08 21:06 . 2008-12-08 21:06
2008-12-08 20:51 . 2008-12-08 20:51
2008-12-08 20:47 . 2008-12-08 20:47 107,045 -r-hs---- C:\m9ma.exe
2008-12-08 20:45 . 2008-12-08 20:45
2008-12-08 20:45 . 2008-12-08 20:45 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-02 16:55 . 2008-12-02 16:55
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 20:18 --------- d-----w c:\documents and settings\el jefe\Dane aplikacji\Ventrilo
2008-12-10 17:05 --------- d-----w c:\program files\Tibia
2008-11-30 20:48 --------- d-----w c:\program files\Real Alternative
2008-11-30 20:47 --------- d-----w c:\program files\Common Files\Real
2008-11-30 20:47 --------- d-----w c:\program files\browserrecord
2008-11-30 20:35 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-29 09:44 111,636 --sh–r C:\o1.com
2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-11-10 17:30 108,271 --sh–r C:\whi.com
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-06_10.07.29.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
-
2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
-
2004-08-03 22:44:20 78,848 ----a-w c:\windows\system32\afmain0.dll
-
2004-08-03 22:44:20 78,848 ----a-w c:\windows\system32\afmain1.dll
-
2009-01-31 16:58:34 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5cc.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-03 15360]
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2004-08-03 1667584]
“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2008-08-08 490952]
“cdoosoft”=“c:\windows\system32\olhrwef.exe” [2009-01-31 109930]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-05-10 864256]
“TouchPadHotKey”=“c:\program files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe” [2007-06-26 360448]
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 155648]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2007-05-14 35328]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 78008]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 31016]
“SiSPower”=“SiSPower.dll” [2007-04-11 c:\windows\system32\SiSPower.dll]
“RTHDCPL”=“RTHDCPL.EXE” [2007-06-13 c:\windows\RTHDCPL.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
WirelessSelector.lnk - c:\program files\FSC\Wireless Utility\WirelessSelector.exe [2008-08-31 651776]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{BB4C402F-882A-4526-8C08-51278EA437C1}”= “c:\windows\system32\afmain0.dll” [2004-08-03 78848]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Blackd Tools\Blackd Proxy\BlackdProxy.exe”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-10 78416]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-10 20560]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2008-09-28 302848]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6282352f-9d27-11dd-bf0f-001e3300299b}]
\Shell\AutoRun\command - G:\m9ma.exe
\Shell\explore\Command - G:\m9ma.exe
\Shell\open\Command - G:\m9ma.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{62823530-9d27-11dd-bf0f-001e3300299b}]
\Shell\AutoRun\command - H:\m9ma.exe
\Shell\explore\Command - H:\m9ma.exe
\Shell\open\Command - H:\m9ma.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bdb265f2-a5e9-11dd-bf20-001e3300299b}]
\Shell\AutoRun\command - abk.bat
\Shell\explore\Command - abk.bat
\Shell\open\Command - abk.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fd0e2488-7741-11dd-beb9-001e3300299b}]
\Shell\AutoRun\command - G:\gy.exe
\Shell\open\Command - G:\gy.exe
.
.
------- Skan uzupełniający -------
.
IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\el jefe\Dane aplikacji\Mozilla\Firefox\Profiles\mr24ocpp.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 18:30:30
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-01-31 18:31:27
ComboFix-quarantined-files.txt 2009-01-31 17:31:21
ComboFix2.txt 2009-01-31 17:19:42
ComboFix3.txt 2009-01-31 17:09:58
ComboFix4.txt 2009-01-29 06:17:11
ComboFix5.txt 2009-01-31 17:29:07
Przed: 12 978 937 856 bajtów wolnych
Po: 12,969,500,672 bajtów wolnych
145