Proszę o pomoc nie dam rady usunąć sam tego wirusa zrobiłem ten raport ComboFixem i co mam robić dalej
ComboFix 09-10-15.01 - pawel 2009-10-15 22:45.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1978.1368 [GMT 2:00]
Uruchomiony z: c:\documents and settings\pawel\Moje dokumenty\Pobieranie\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\2sm66r.exe
C:\Autorun.inf
c:\docume~1\pawel\USTAWI~1\Temp\cvasds1.dll
c:\documents and settings\pawel\Ustawienia lokalne\Temp\cvasds1.dll
C:\vlvtdflx.exe
D:\2sm66r.exe
D:\Autorun.inf
D:\vlvtdflx.exe
E:\2sm66r.exe
E:\autorun.inf
E:\vlvtdflx.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-09-15 do 2009-10-15 )))))))))))))))))))))))))))))))
.
2009-10-15 19:51 . 2009-10-15 19:51 -------- d-----w- c:\windows\system32\wbem\snmp
2009-10-15 19:51 . 2009-10-15 19:51 -------- d-----w- c:\windows\system32\xircom
2009-10-15 19:51 . 2009-10-15 19:51 -------- d-----w- c:\program files\microsoft frontpage
2009-10-15 19:40 . 2009-10-15 19:40 0 ----a-w- c:\windows\nsreg.dat
2009-10-15 19:40 . 2009-10-15 19:40 -------- d-----w- c:\documents and settings\pawel\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-10-15 11:31 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-15 11:31 . 2009-10-15 11:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-10-15 11:31 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-15 11:31 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-15 11:31 . 2009-10-15 11:31 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-15 11:31 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-15 11:31 . 2009-10-15 11:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-10-15 11:31 . 2009-10-15 11:31 -------- d-----w- c:\program files\Spyware Doctor
2009-10-15 11:31 . 2009-10-15 11:31 -------- d-----w- c:\documents and settings\pawel\Dane aplikacji\PC Tools
2009-10-15 11:09 . 2009-10-15 11:09 -------- d-----w- c:\program files\SkanerOnline
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 19:56 . 2001-10-26 14:15 49690 ----a-w- c:\windows\system32\perfc015.dat
2009-10-15 19:56 . 2001-10-26 14:15 355724 ----a-w- c:\windows\system32\perfh015.dat
2009-10-15 10:57 . 2009-10-15 10:57 -------- d-----w- c:\program files\Atheros
2009-10-15 10:56 . 2009-10-15 10:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Atheros
2009-10-15 10:54 . 2009-10-15 10:54 -------- d-----w- c:\documents and settings\pawel\Dane aplikacji\InstallShield
2009-10-15 10:54 . 2009-10-15 10:54 -------- d-----w- c:\program files\Synaptics
2009-10-15 10:53 . 2009-10-15 10:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-10-15 10:53 . 2009-10-15 10:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-15 10:52 . 2009-10-15 10:52 -------- d-----w- c:\program files\Apoint2K
2009-10-15 10:51 . 2009-10-15 10:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 10:51 . 2009-10-15 10:51 -------- d-----w- c:\program files\Realtek
2009-10-15 10:51 . 2009-10-15 10:51 315392 ----a-w- c:\windows\HideWin.exe
2009-10-15 10:50 . 2009-10-15 10:50 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-15 10:47 . 2009-10-15 10:47 -------- d-----w- c:\program files\Intel
2009-10-15 10:22 . 2009-10-15 10:22 -------- d-----w- c:\program files\Usługi online
2009-10-15 10:20 . 2009-10-15 10:20 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-15 10:20 . 2009-10-15 10:20 -------- d-----w- c:\program files\Windows Media Connect 2
.
------- Sigcheck -------
[-] 2008-05-02 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-20 16872448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-03-01 124928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-15 130936]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-10-15 348752]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\pawel\Dane aplikacji\Mozilla\Firefox\Profiles\lf99r4ns.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 22:48
Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\SYSTEM32\IGFXSRVC.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-10-15 22:49 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-10-15 20:49
Przed: 16 271 556 608 bajtów wolnych
Po: 16 300 670 976 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
131