Witam!
To mój pierwszy post, więc proszę o wyrozumiałość.
Problem polega na tym, że mogłem otwierać moje obie partycje wyłącznie za pomocą menu kontekstowego. Po przeskanowaniu avast wykrywa mi VBS:Malware-gen
w pliku C:\autorun.inf i D:\autorun.inf. Po wykasowaniu poprzez avasta tych “zawirusowanych” plików pojawiają się nowe: C:\pagefile.sys i D:\pagefile.sys, w których avast wykrywa VBS:Solow-D [Wrm], a gdy kasuje te (również za pośrednictwem avasta) pojawiają sie poprzednie i tak w kólko. Czytając na forum o podobnych problemach postanowiłem ściągnąć Combofixa i go po prostu uruchomić. Po restarcie komputera przez combofix problem z otwieraniem partycji wyłącznie za pośrednictwem menu kontekstowego zniknął ale w/w pliki nadal się pojawiają.
Tu zamieszczam log z combofix:
ComboFix 08-08-04.08 - ALY 2008-08-05 23:06:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.528 [GMT 2:00] Running from: C:\Documents and Settings\ALY\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\00C9D82E.bin C:\Program Files\myglobalsearch\bar\Cache\00C9DAAE.bin C:\Program Files\myglobalsearch\bar\Cache\00C9DC45.bin C:\Program Files\myglobalsearch\bar\Cache\02540B18 C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm C:\WINDOWS\system32\actskn43.ocx C:\WINDOWS\system32\AutoRun.inf C:\WINDOWS\system32\btfunc.dll C:\WINDOWS\system32\h@tkeysh@@k.dll C:\WINDOWS\system32\tmp60.tmp C:\WINDOWS\system32\tmp61.tmp D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))) . 2008-08-05 22:32 . 2008-08-05 22:40 2008-08-05 22:32 . 2008-08-05 22:33 2008-08-03 20:23 . 2008-08-03 20:23 2008-08-03 20:23 . 2008-08-03 23:35 2008-08-03 20:23 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-07-29 16:36 . 2008-07-29 16:36 2008-07-29 16:36 . 2008-07-29 16:36 249,856 --------- C:\WINDOWS\Setup1.exe 2008-07-29 16:36 . 2008-07-29 16:36 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-07-28 23:20 . 2008-07-28 23:20 2008-07-26 21:47 . 2008-08-05 23:12 3,478 -rahs---- C:\WINDOWS\pagefile.sys.vbs 2008-07-26 21:47 . 2008-08-05 23:12 3,478 --a------ C:\pagefile.sys.vbs 2008-07-24 00:26 . 2008-07-24 00:26 2008-07-18 16:02 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd 2008-07-18 16:01 . 2008-07-18 16:01 2008-07-18 16:01 . 2000-05-22 10:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2008-07-18 16:01 . 2006-10-06 08:17 53,248 --------- C:\WINDOWS\Ctregrun.exe 2008-07-18 16:00 . 2008-07-18 16:07 2008-07-18 15:58 . 2008-07-18 16:01 2008-07-18 15:58 . 2008-07-18 15:58 2008-07-18 15:58 . 1999-12-12 19:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2008-07-18 15:58 . 1999-11-17 19:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2008-07-18 15:57 . 2008-07-18 15:57 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-07-18 15:57 . 2008-07-18 15:57 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-07-18 15:55 . 2008-07-18 19:52 2008-07-17 23:47 . 2008-07-17 23:47 2008-07-17 23:47 . 2008-07-17 23:47 2008-07-10 14:01 . 2008-07-10 14:01 2008-07-10 13:53 . 2008-07-10 13:53 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-05 21:12 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-05 20:45 --------- d-----w C:\Documents and Settings\ALY\Application Data\Azureus 2008-08-05 19:25 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-05 17:51 --------- d-----w C:\Documents and Settings\ALY\Application Data\foobar2000 2008-08-04 18:50 --------- d-----w C:\Program Files\Steam 2008-08-03 16:03 --------- d-----w C:\Program Files\eMule0.49a 2008-07-28 21:20 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-07-18 14:01 --------- d-----w C:\Program Files\Creative 2008-07-17 14:35 --------- d-----w C:\Program Files\Codec Pack - All In 1 2008-07-10 12:03 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-07 22:11 --------- d-----w C:\Documents and Settings\ALY\Application Data\gtk-2.0 2008-07-04 10:12 --------- d-----w C:\Program Files\Counter-Strike 1.6 2008-07-03 04:40 --------- d-----w C:\Program Files\FlashGet 2008-07-02 11:24 --------- d-----w C:\Program Files\Azureus 2008-07-02 04:32 --------- d-----w C:\Program Files\Common Files\INCA Shared 2008-06-29 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark 2008-06-25 20:44 --------- d-----w C:\Program Files\Knight Online 2008-06-23 22:45 --------- d-----w C:\Program Files\MarBit 2008-06-22 15:07 --------- d-----w C:\Documents and Settings\ALY\Application Data\My Games 2008-06-22 10:02 --------- d-----w C:\Program Files\MagicDisc 2008-06-15 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG 2008-06-15 15:51 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData 2008-06-15 15:51 --------- d-----w C:\Program Files\HP 2008-06-15 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY 2008-06-15 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2008-06-15 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2008-06-15 15:49 --------- d-----w C:\Program Files\Hewlett-Packard 2008-06-15 15:49 --------- d-----w C:\Program Files\Common Files\HP 2008-06-15 15:49 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2008-06-15 15:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-06-11 22:49 --------- d-----w C:\Program Files\Spyware Doctor 2008-06-11 00:24 --------- d-----w C:\Documents and Settings\ALY\Application Data\WoDBO 2008-06-10 21:00 --------- d-----w C:\Program Files\Bid For Power 2008-06-09 22:17 --------- d-----w C:\Program Files\World of Dragon Ball Online 2008-06-09 21:53 --------- d-----w C:\Documents and Settings\ALY\Application Data\Hamachi 2008-06-09 20:03 --------- d-----w C:\Program Files\Hamachi 2008-06-09 20:00 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-06-09 17:50 402,569 ----a-w C:\WINDOWS\Bid For Power Uninstaller.exe 2008-06-08 23:49 --------- d-----w C:\Program Files\Dragon Ball v2.5 2008-06-08 10:54 --------- d-----w C:\Program Files\ASIO4ALL v2 2008-06-07 23:58 --------- d-----w C:\Program Files\Image-Line 2008-05-22 22:17 737,280 -c–a-w C:\WINDOWS\iun6002.exe 2008-04-01 11:55 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-29 16:22 22,328 ----a-w C:\Documents and Settings\ALY\Application Data\PnkBstrK.sys 2007-07-22 11:28 253,952 ----a-w C:\Program Files\Uninstall My Search Bar.dll 2006-05-03 10:06 163,328 --sh–r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,232 --sh–r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sh–w C:\WINDOWS\system32\Smab0.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “00PCTFW”=“C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” [2008-02-25 16:49 2594712] “CTAPR2”=“C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe” [2007-08-03 14:29 61611] “VolPanel”=“C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe” [2007-12-19 16:58 217192] “MSRegInfo”=“C:\WINDOWS\pagefile.sys.vbs” [2008-08-05 23:15 3478] “Creative KSRun Persistence Module”=“KSRun.dll” [2008-02-12 10:56 16896 C:\WINDOWS\system32\KSRun.dll] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-10 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles “InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “VIDC.I420”= i263_32.drv “vidc.yv12”= yv12vfw.dll “msacm.ac3filter”= ac3filter.acm “msacm.avis”= ff_acm.acm [HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [HKLM~\startupfolder\C:^Documents and Settings^ALY^Start Menu^Programs^Startup^MagicDisc.lnk] path=C:\Documents and Settings\ALY\Start Menu\Programs\Startup\MagicDisc.lnk backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKLM~\startupfolder\C:^Documents and Settings^ALY^Start Menu^Programs^Startup^UMScheduler 2.0.lnk] [HKLM~\startupfolder\C:^Documents and Settings^ALY^Start Menu^Programs^Startup^UniSpiker-2.6.lnk] backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-10 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-08-05 14:56 64512 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Expressivo] --a------ 2007-12-07 16:26 2031616 C:\Program Files\ivo\Expressivo\expressivo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Module Loader] --------- 2007-07-23 15:43 57344 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-04-15 17:13 45056 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a------ 2006-02-17 11:14 163840 C:\Program Files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 19:43 69632 C:\WINDOWS\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-10-30 20:49 16269312 C:\WINDOWS\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a–c— 2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a–c— 2006-01-20 13:34 544768 C:\WINDOWS\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “PnkBstrA”=2 (0x2) “ATI Smart”=2 (0x2) “Ati HotKey Poller”=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusOverride”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”= “C:\Program Files\Counter-Strike 1.6\hl.exe”= “C:\Program Files\Messenger\msmsgs.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= “C:\Program Files\Counter-Strike 1.6\hltv.exe”= “C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe”= “C:\Program Files\Steam\SteamApps\wasilek80\counter-strike\hl.exe”= “C:\Program Files\FlashGet\flashget.exe”= “C:\Program Files\Steam\SteamApps\wasilek80\team fortress 2\hl2.exe”= “C:\Program Files\Azureus\Azureus.exe”= “C:\WINDOWS\system32\PnkBstrA.exe”= “C:\WINDOWS\system32\PnkBstrB.exe”= “C:\Program Files\ADSL Drivers\setup\SetupST.exe”= “C:\Program Files\Skype\Phone\Skype.exe”= “C:\Program Files\SopCast\adv\SopAdver.exe”= “C:\Program Files\SopCast\SopCast.exe”= “C:\WINDOWS\system32\dpnsvr.exe”= “C:\Program Files\Bonjour\mDNSResponder.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “3587:TCP”= 3587:TCP:Grupowanie sieci równorzędnej Windows “3540:UDP”= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] “AllowInboundEchoRequest”= 1 (0x1) R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 16:00] R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 17:01] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-02-25 16:49] R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-02-21 08:56] R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-02-21 08:56] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-02-13 10:49] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-01-11 08:34] R3 ksaud;Creative USB Audio Driver;C:\WINDOWS\system32\drivers\ksaud.sys [2008-02-12 11:17] R3 ksaudfl;ksaudfl;C:\WINDOWS\system32\drivers\ksaudfl.sys [2008-01-23 09:55] R3 MouseCap;MouseCapture Driver;C:\WINDOWS\system32\Drivers\MouseCap.sys [2005-08-08 15:44] S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2008-07-18 16:01] S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys [] S3 ewdmaudn;ewdmaudn;C:\DOCUME~1\ALY\LOCALS~1\Temp\ewdmaudn.sys [] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18] S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 13:52] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-10 14:00] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-10 14:00] S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-10 14:00] S3 phil2vid;Philips USB VGA Camera;C:\WINDOWS\system32\DRIVERS\philcam2.sys [2001-08-17 15:04] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-10 14:00] S3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 11:59] S3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 11:59] S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys [] S3 XDva143;XDva143;C:\WINDOWS\system32\XDva143.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\tutoria\ShelExec.exe tutoria\index.htm [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2456957c-4042-11dd-8238-00c0a8d2e8e2}] \Shell\AutoRun\command - H:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{41df1e9b-271f-11dd-81ea-00c0a8d2e8e2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{70629124-2963-11dc-bfba-00c0a8d2e8e2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{82286a37-0238-11dd-8197-101111111111}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs . - - - - ORPHANS REMOVED - - - - Notify-OdysseyClient - (no file) MSConfigStartUp-OdTray - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\ALY\Application Data\Mozilla\Firefox\Profiles\8pk0rc9f.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=ie=UTF-8oe=UTF-8q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-05 23:12:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscript.exe . ************************************************************************** . Completion time: 2008-08-05 23:17:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-05 21:17:52 Pre-Run: 6,839,717,888 bytes free Post-Run: 7,196,299,264 bajt˘w wolnych 310 — E O F — 2008-06-11 14:46:34 co mam zrobić żeby pozbyć sie w/w plików/wirusów na stałe?
huber2t
(huber2t)
6 Sierpień 2008 04:03
#2
Do wyleczenia pendrive z wirusów użyj
Perlovg Removal Tool
Flash Disinfector
lub format
Pobierz ComboFix , ale nie uruchamiaj
Otwórz notatnik i wklej do niego:
File::
C:\WINDOWS\pagefile.sys.vbs
C:\pagefile.sys.vbs
Driver::
p2pgasvc
p2pimsvc
p2psvc
PNRPSvc
XDva136
XDva143
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSRegInfo"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2456957c-4042-11dd-8238-00c0a8d2e8e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41df1e9b-271f-11dd-81ea-00c0a8d2e8e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70629124-2963-11dc-bfba-00c0a8d2e8e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82286a37-0238-11dd-8197-101111111111}]
Plik -> zapisz jako -> CFScript.txt .
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->
Rozpocznie się usuwanie i powstanie log, który dasz na forum.
Logi dajesz na http://wklejto.pl lub na http://wklej.org a w poście dajesz tylko link
Zrobiłem jak poleciłeś wstępnie avast nie krzyczy.
Oto link do loga
http://wklejto.pl/7414
Gutek
(Gutek)
6 Sierpień 2008 10:43
#4
Ok. Mam winxp manager, zaraz zadziałam, ale wydaję mi się że jest już lepiej i komp się szybciej włącza. W każdym razie dzięki, bo podstawowy problem rozwiązałem. =D>