dwa dni probuje walczyc z tym i innymi wirysami ale rozlozyly mnie na lopatki myslalem nawet ze moze format lub kombinowanie z partycjami cos pomoze ale nic z tego dodam ze komputery nie sa moja mocna strona wiec prosze o wyrozumialosc.czytalem ze beda potrzebne loga z gory dziekuje za pomoc
ComboFix 09-03-03.01 - szymon 2009-03-04 12:07:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.0.1250.1.1045.18.1791.1478 [GMT 1:00]
Uruchomiony z: c:\documents and settings\szymon\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-04 do 2009-03-04 )))))))))))))))))))))))))))))))
.
Nie utworzono żadnych nowych plików w tym okresie
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 11:04 --------- d-----w c:\program files\Trend Micro
2009-03-04 10:52 --------- d-----w c:\documents and settings\szymon\Dane aplikacji\ATI
2009-03-04 10:51 --------- d-----w c:\program files\ATI Technologies
2009-03-04 10:50 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-04 10:47 --------- d–h--w c:\program files\InstallShield Installation Information
2009-03-04 10:27 --------- d-----w c:\program files\Alwil Software
2009-03-04 10:24 155,995 ----a-w c:\windows\java\Packages\6KV1B31Z.ZIP
2009-03-04 10:21 --------- d-----w c:\program files\microsoft frontpage
2009-03-04 10:17 --------- d-----w c:\program files\Usługi online
2008-12-18 00:26 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-18 00:26 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-18 00:26 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-18 00:26 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-18 00:26 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
2001-10-30 13:00 431616 84abbab7802780d90ac79c0fe8584ecd c:\windows\LastGood.Tmp\System32\winlogon.exe
2001-10-20 12:00 425472 23fd3fbffa138617174c6729d6841557 c:\windows\system32\winlogon.exe
2001-10-20 12:00 425472 23fd3fbffa138617174c6729d6841557 c:\windows\system32\dllcache\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HTpatch”=“c:\windows\htpatch.exe” [2002-10-30 28672]
“SiSUSBRG”=“c:\windows\SiSUSBrg.exe” [2002-07-12 106496]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000]
“ATIPTA”=“c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-08-25 339968]
“ATICCC”=“c:\program files\ATI Technologies\ATI.ACE\cli.exe” [2004-08-25 28672]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2001-10-30 13312]
“ATICCC”=“c:\program files\ATI Technologies\ATI.ACE\cli.exe” [2004-08-25 28672]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2004-08-25 28672]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-04 114768]
— Inne Usługi/Sterowniki w Pamięci —
*NewlyCreated* - ALG
*NewlyCreated* - IPNAT
*NewlyCreated* - SHAREDACCESS
*NewlyCreated* - WINIO
*Deregistered* - WINIO
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\szymon\Dane aplikacji\Mozilla\Firefox\Profiles\7ikuzln1.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 12:08:18
Windows 5.1.2600 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???[???[???[???[???[???[???[???[$???[???[???<??[???w???(???$?w???w???$?w ??w???[???d???V??[???[???[d???-??[^3?[???[b??wTJ?[?)?[?)?[htinst.I???*1?[H??[d???
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘winlogon.exe’(488)
-
-
-
-
-
c:\windows\system32\ODBC32.dll
c:\windows\system32\Ati2evxx.dll
-
-
-
-
-
-
- > ‘lsass.exe’(544)
-
-
-
-
-
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
c:\windows\System32\dssenh.dll
.
Czas ukończenia: 2009-03-04 12:08:59
ComboFix-quarantined-files.txt 2009-03-04 11:08:58
Przed: 17 211 940 864 bajtów wolnych
Po: 17,218,969,600 bajtów wolnych
WinXP_PL_PER_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /fastdetect
97
oraz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:53, on 2009-03-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
–
End of file - 3166 bytes