C:d: e:\nie jest prawidłową aplikacją systemu win32

[temiech]

ComboFix 08-09-13.03 - terunia 2008-09-13 22:29:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.168 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\terunia\Moje dokumenty\odebrane\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_MEDIA_PLAYER


((((((((((((((((((((((((( Pliki utworzone od 2008-08-13 do 2008-09-13 )))))))))))))))))))))))))))))))
.

2008-09-12 12:52 . 2008-09-12 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-09-12 09:57 . 2008-09-12 09:57 <DIR> d-------- C:\Documents and Settings\terunia\Dane aplikacji\AdobeUM
2008-09-11 21:36 . 2008-09-11 21:36 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-11 21:34 . 2008-09-11 21:34 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-11 21:34 . 2008-09-11 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-09-11 21:33 . 2008-09-11 21:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-11 21:33 . 2008-09-11 21:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-10 22:01 . 2008-09-10 22:01 <DIR> d-------- C:\Documents and Settings\terunia\Dane aplikacji\Media Player Classic
2008-09-10 20:21 . 2008-09-10 20:21 <DIR> d-------- C:\Documents and Settings\terunia\Dane aplikacji\BESTplayer
2008-09-09 16:44 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-09 16:43 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-09 16:41 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-09 16:41 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-08 23:18 . 2008-09-12 09:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-09-08 17:44 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-09-08 17:44 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-09-08 17:44 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-09-08 17:44 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-09-08 17:43 . 2008-09-08 17:43 <DIR> d-------- C:\WINDOWS\Logs
2008-09-08 16:41 . 2008-09-08 16:41 <DIR> d-------- C:\WINDOWS\Sun
2008-09-08 10:16 . 2008-09-08 10:16 <DIR> d-------- C:\Documents and Settings\terunia\Dane aplikacji\skypePM
2008-09-08 10:16 . 2008-09-08 10:16 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-08 10:10 . 2008-09-08 10:10 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-09-08 10:06 . 2008-09-08 10:06 <DIR> d-------- C:\Documents and Settings\terunia\Dane aplikacji\DAEMON Tools
2008-09-08 10:06 . 2008-09-08 10:06 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-08 08:38 . 2008-09-08 08:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-09-08 08:34 . 2008-09-08 08:34 <DIR> d-------- C:\Program Files\Bonjour
2008-09-08 08:23 . 2008-09-08 08:23 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-04 18:11 . 2008-09-04 18:10 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-09-04 18:09 . 2008-09-08 10:17 <DIR> d-------- C:\Documents and Settings\terunia\Dane aplikacji\Skype
2008-09-04 17:32 . 2008-09-04 17:32 <DIR> d-------- C:\Program Files\Winamp
2008-09-04 17:08 . 2008-09-13 20:38 <DIR> d-------- C:\Documents and Settings\terunia\Dane aplikacji\Azureus
2008-09-04 17:05 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-04 17:05 . 2008-09-04 17:05 421 --a------ C:\WINDOWS\ODBC.INI
2008-09-04 17:04 . 2008-09-04 17:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-04 17:04 . 2008-09-04 17:04 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-04 16:52 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-04 16:51 . 2008-09-04 16:52 <DIR> d-------- C:\Program Files\Java
2008-09-04 16:50 . 2008-09-04 16:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-04 16:34 . 2008-09-04 16:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-04 16:31 . 2008-09-12 13:08 <DIR> d-------- C:\Program Files\Google
2008-09-04 16:31 . 2008-09-04 16:31 <DIR> d-------- C:\Documents and Settings\terunia\Dane aplikacji\Gadu-Gadu
2008-09-04 16:30 . 2008-09-04 16:31 <DIR> d-------- C:\Program Files\Skype
2008-09-04 16:30 . 2008-09-04 16:30 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-04 16:30 . 2008-09-04 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-09-04 16:27 . 2008-09-04 16:27 <DIR> d-------- C:\Documents and Settings\terunia\Gadu-Gadu
2008-09-04 15:47 . 2008-04-14 21:45 2,977,792 -----c--- C:\WINDOWS\system32\dllcache\wmploc.dll
2008-09-04 15:46 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-09-04 15:46 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-04 15:44 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005168_.tmp
2008-09-04 12:31 . 2008-09-04 12:31 <DIR> d-------- C:\Documents and Settings\terunia\Dane aplikacji\Apple Computer
2008-09-04 12:30 . 2008-09-13 22:01 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-04 12:26 . 2008-09-04 12:26 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2008-09-04 12:26 . 2005-09-23 01:46 1,079,808 -ra------ C:\WINDOWS\system32\mfc80u.dll
2008-09-04 12:26 . 2005-09-22 23:35 626,688 -ra------ C:\WINDOWS\system32\msvcr80.dll
2008-09-04 12:26 . 2005-09-22 23:35 548,864 -ra------ C:\WINDOWS\system32\msvcp80.dll
2008-09-04 12:26 . 2005-09-22 23:37 95,744 -ra------ C:\WINDOWS\system32\atl80.dll
2008-09-04 12:24 . 2008-09-11 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-09-04 12:23 . 2008-09-04 12:23 <DIR> d-------- C:\Program Files\OLYMPUS
2008-09-04 12:23 . 2008-09-04 12:23 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-04 12:17 . 2008-09-04 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\QuickTime
2008-09-04 12:17 . 2008-09-04 12:17 388 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-09-04 12:12 . 2008-09-04 17:51 <DIR> d-------- C:\Documents and Settings\terunia\Dane aplikacji\Ahead
2008-09-04 12:10 . 2008-09-04 12:10 <DIR> d-------- C:\Program Files\Nero
2008-09-04 12:10 . 2008-09-12 12:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-09-04 12:01 . 2008-09-04 12:01 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-09-04 12:01 . 2008-09-04 12:01 <DIR> d-------- C:\Program Files\Samsung
2008-09-04 12:01 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-09-04 12:01 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-09-04 12:01 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-09-04 11:49 . 2008-04-14 00:16 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-09-04 11:49 . 2008-04-14 00:16 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-09-04 11:49 . 2008-04-14 22:51 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-09-04 11:49 . 2008-04-14 00:16 15,232 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2008-09-04 11:49 . 2008-04-14 00:16 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2008-09-04 11:49 . 2008-04-14 00:16 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2008-09-04 11:49 . 2008-04-14 00:09 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2008-09-04 11:48 . 2008-04-14 22:51 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-09-04 11:48 . 2008-04-14 22:51 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-09-04 11:48 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-09-04 11:48 . 2008-04-14 22:50 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-09-04 11:48 . 2008-04-14 22:51 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-09-04 11:48 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-04 11:48 . 2008-04-14 00:16 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2008-09-04 11:45 . 2008-09-04 11:46 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-04 11:45 . 2007-04-10 23:46 1,966,696 --a------ C:\WINDOWS\system32\drivers\VX3000.sys
2008-09-04 11:45 . 2007-04-10 23:46 709,992 --a------ C:\WINDOWS\vVX3000.exe
2008-09-04 11:45 . 2007-04-10 23:46 476,520 --a------ C:\WINDOWS\vVX3000.dll
2008-09-04 11:45 . 2007-04-10 23:46 202,088 --a------ C:\WINDOWS\system32\LCCoin14.dll
2008-09-04 11:45 . 2007-04-10 23:46 185,704 --a------ C:\WINDOWS\system32\cVX3000.dll
2008-09-04 11:45 . 2007-04-10 23:46 111,976 --a------ C:\WINDOWS\VX3000.dll
2008-09-04 11:45 . 2007-04-10 23:46 15,498 --a------ C:\WINDOWS\VX3000.ini
2008-09-04 11:45 . 2007-04-10 23:46 13,023 --a------ C:\WINDOWS\VX3000.src
2008-09-04 11:43 . 2008-09-04 11:43 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-09-04 11:43 . 2008-09-04 11:45 <DIR> d-------- C:\Program Files\Microsoft LifeCam
2008-09-04 11:35 . 2008-09-04 18:10 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-09-04 11:35 . 2008-09-04 18:10 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-09-04 11:33 . 2008-09-04 11:33 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-09-04 11:32 . 2008-09-04 11:32 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-09-04 11:28 . 2008-09-04 11:33 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-09-04 11:26 . 2008-09-04 11:26 <DIR> d-------- C:\WINDOWS\provisioning
2008-09-04 11:21 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\003470_.tmp
2008-09-04 11:20 . 2007-08-10 20:53 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-04 11:12 . 2008-04-14 22:47 103,424 --a------ C:\WINDOWS\system32\dpcdll.dll
2008-09-04 11:09 . 2002-06-14 18:46 19,274 --a------ C:\WINDOWS\001217_.tmp

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 20:30 --------- d-----w C:\Program Files\Neostrada TP
2008-09-12 13:22 --------- d-----w C:\Program Files\Eset
2008-09-09 15:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 15:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-08 06:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-04 08:56 --------- d-----w C:\Documents and Settings\terunia\Dane aplikacji\ESET
2008-09-04 08:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-09-04 07:57 --------- d-----w C:\Program Files\Canon
2008-09-04 07:39 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-09-04 07:39 --------- d-----w C:\Program Files\SAGEM
2008-09-04 07:36 --------- d-----w C:\Program Files\Creative
2008-09-04 07:36 --------- d-----w C:\Documents and Settings\terunia\Dane aplikacji\Creative
2008-09-04 07:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-09-04 07:21 --------- d-----w C:\Program Files\ATI Technologies
2008-09-04 07:14 --------- d-----w C:\Program Files\Intel
2008-09-04 07:13 --------- d-----w C:\Program Files\VIA Technologies, Inc
2008-09-04 07:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-04 07:04 --------- d-----w C:\Program Files\Usługi online
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:13 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-11 68856]
"DAEMON Tools Lite"="E:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 709992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-04 949376]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CTHelper"="CTHELPER.EXE" [2003-06-09 C:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-04 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
S2 windows media player;windows media player;C:\Program Files\Common Files\Microsoft Shared\MSINFO\explorers.exe [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9be8aca-80cd-11dd-a631-d8caa5d7657a}]
\Shell\Auto\command - I:\explorers.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorers.exe

*Newly Created Service* - WINDOWS_MEDIA_PLAYER
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\terunia\Dane aplikacji\Mozilla\Firefox\Profiles\411zm3du.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
FF -: plugin - E:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin7.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin7.dll
FF -: plugin - E:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
FF -: plugin - E:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 22:34:17
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Czas ukończenia: 2008-09-13 22:36:55 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-09-13 20:36:45

Przed: 14,999,969,792 bajt˘w wolnych
Po: 15,036,039,168 bajt˘w wolnych

259 --- E O F --- 2008-09-13 18:42:47

[Okocza]

temiech, opisz swój problem i wstaw log w odpowiednie tagi

[temiech]

C:d: e:\nie jest prawidłową aplikacją systemu win32 po skanowaniu combofix. i SuperAntiSpyware. ,Wkleiłem do notatnika to:
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b072bb0-78bd-11dc-ae62-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b072bb1-78bd-11dc-ae62-806d6172696f}]

Zapisz jako fix.reg i uruchom. chcę otworzyć ikonę z dyskiem c, d lub e na pasku zadań to otwiera się nie eksplorator Windows tylko wyszukuj pliki lub foldery .

[Okocza]

wiesz że w ten sposób możesz sobie SAM popsuć komputer zastosuj się do tego co Ci powiedziałem w poprzednim poście

[temiech]

problem polega na tym, że na pasku zadań mam skróty do partycji C,Di E przed skanowaniem combofix. i SuperAntiSpyware. system prosił mnie o wybranie programu jakim chciał bym otworzyć dany dysk. (nie było na tej liście eksplorator Windows), po skanie owszem otwiera mi się wyszukiwarka plików i folderów w Windows chyba że nacisnę prawy przycisk myszki i wybiorę otwórz (wtedy jest ok)proszę o sprawdzenie loga

Kod: Zaznacz wszystko

ComboFix 08-09-13.03 - terunia 2008-09-14 11:42:34.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.162 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\terunia\Moje dokumenty\odebrane\ComboFix.exe
* Resident AV is active


[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_MEDIA_PLAYER


(((((((((((((((((((((((((   Pliki utworzone od 2008-08-14 do 2008-09-14  )))))))))))))))))))))))))))))))
.

2008-09-14 10:46 . 2008-09-14 10:46   <DIR>   d--------   C:\iPMS
2008-09-13 23:16 . 2008-09-13 23:16   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-09-13 23:16 . 2008-09-13 23:16   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-09-13 23:16 . 2008-09-13 23:16   <DIR>   d--------   C:\Documents and Settings\terunia\Dane aplikacji\SUPERAntiSpyware.com
2008-09-13 23:16 . 2008-09-13 23:16   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2008-09-12 12:52 . 2008-09-12 12:52   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-09-12 09:57 . 2008-09-12 09:57   <DIR>   d--------   C:\Documents and Settings\terunia\Dane aplikacji\AdobeUM
2008-09-11 21:36 . 2008-09-11 21:36   <DIR>   d--------   C:\Program Files\Common Files\Apple
2008-09-11 21:34 . 2008-09-11 21:34   <DIR>   d--------   C:\Program Files\Apple Software Update
2008-09-11 21:34 . 2008-09-11 21:34   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-09-11 21:33 . 2008-09-11 21:33   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-09-11 21:33 . 2008-09-11 21:33   1,409   --a------   C:\WINDOWS\QTFont.for
2008-09-10 22:01 . 2008-09-10 22:01   <DIR>   d--------   C:\Documents and Settings\terunia\Dane aplikacji\Media Player Classic
2008-09-10 20:21 . 2008-09-10 20:21   <DIR>   d--------   C:\Documents and Settings\terunia\Dane aplikacji\BESTplayer
2008-09-09 16:44 . 2008-05-08 16:02   203,136   -----c---   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-09 16:43 . 2008-06-14 19:36   273,024   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-09 16:41 . 2008-04-11 21:06   691,712   -----c---   C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-09 16:41 . 2008-05-01 16:37   331,776   -----c---   C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-08 23:18 . 2008-09-12 09:25   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2008-09-08 17:44 . 2007-03-12 16:42   3,495,784   --a------   C:\WINDOWS\system32\d3dx9_33.dll
2008-09-08 17:44 . 2006-11-29 13:06   3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2008-09-08 17:44 . 2007-01-24 15:27   255,848   --a------   C:\WINDOWS\system32\xactengine2_6.dll
2008-09-08 17:44 . 2006-12-08 12:02   251,672   --a------   C:\WINDOWS\system32\xactengine2_5.dll
2008-09-08 17:43 . 2008-09-08 17:43   <DIR>   d--------   C:\WINDOWS\Logs
2008-09-08 16:41 . 2008-09-08 16:41   <DIR>   d--------   C:\WINDOWS\Sun
2008-09-08 10:16 . 2008-09-08 10:16   <DIR>   d--------   C:\Documents and Settings\terunia\Dane aplikacji\skypePM
2008-09-08 10:16 . 2008-09-08 10:16   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2008-09-08 10:10 . 2008-09-08 10:10   <DIR>   d--------   C:\Program Files\DAEMON Tools Toolbar
2008-09-08 10:06 . 2008-09-08 10:06   <DIR>   d--------   C:\Documents and Settings\terunia\Dane aplikacji\DAEMON Tools
2008-09-08 10:06 . 2008-09-08 10:06   717,296   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-09-08 08:38 . 2008-09-08 08:38   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-09-08 08:34 . 2008-09-08 08:34   <DIR>   d--------   C:\Program Files\Bonjour
2008-09-08 08:23 . 2008-09-08 08:23   <DIR>   d--------   C:\Program Files\Common Files\Macrovision Shared
2008-09-06 15:09 . 2008-09-06 15:09   90,112   --a------   C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09   57,344   --a------   C:\WINDOWS\system32\QuickTime.qts
2008-09-04 18:11 . 2008-09-04 18:10   298,104   --a------   C:\WINDOWS\system32\imon.dll
2008-09-04 18:09 . 2008-09-08 10:17   <DIR>   d--------   C:\Documents and Settings\terunia\Dane aplikacji\Skype
2008-09-04 17:32 . 2008-09-04 17:32   <DIR>   d--------   C:\Program Files\Winamp
2008-09-04 17:08 . 2008-09-13 20:38   <DIR>   d--------   C:\Documents and Settings\terunia\Dane aplikacji\Azureus
2008-09-04 17:05 . 2003-06-19 01:31   17,920   --a------   C:\WINDOWS\system32\mdimon.dll
2008-09-04 17:05 . 2008-09-04 17:05   421   --a------   C:\WINDOWS\ODBC.INI
2008-09-04 17:04 . 2008-09-04 17:04   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2008-09-04 17:04 . 2008-09-04 17:04   <DIR>   d--------   C:\Program Files\Microsoft.NET
2008-09-04 16:52 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-09-04 16:51 . 2008-09-04 16:52   <DIR>   d--------   C:\Program Files\Java
2008-09-04 16:50 . 2008-09-04 16:50   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-09-04 16:34 . 2008-09-04 16:34   0   --a------   C:\WINDOWS\nsreg.dat
2008-09-04 16:31 . 2008-09-12 13:08   <DIR>   d--------   C:\Program Files\Google
2008-09-04 16:31 . 2008-09-04 16:31   <DIR>   d--------   C:\Documents and Settings\terunia\Dane aplikacji\Gadu-Gadu
2008-09-04 16:30 . 2008-09-04 16:31   <DIR>   d--------   C:\Program Files\Skype
2008-09-04 16:30 . 2008-09-04 16:30   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-09-04 16:30 . 2008-09-04 16:31   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-09-04 16:27 . 2008-09-04 16:27   <DIR>   d--------   C:\Documents and Settings\terunia\Gadu-Gadu
2008-09-04 15:47 . 2008-04-14 21:45   2,977,792   -----c---   C:\WINDOWS\system32\dllcache\wmploc.dll
2008-09-04 15:46 . 2008-04-13 22:06   144,384   ---------   C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-09-04 15:46 . 2008-04-14 00:10   10,240   ---------   C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-04 15:44 . 2006-12-29 00:31   19,569   --a------   C:\WINDOWS\[u]0[/u]05168_.tmp
2008-09-04 12:31 . 2008-09-04 12:31   <DIR>   d--------   C:\Documents and Settings\terunia\Dane aplikacji\Apple Computer
2008-09-04 12:30 . 2008-09-13 22:01   116   --a------   C:\WINDOWS\NeroDigital.ini
2008-09-04 12:26 . 2008-09-04 12:26   <DIR>   d--------   C:\Program Files\Common Files\muvee Technologies
2008-09-04 12:26 . 2005-09-23 01:46   1,079,808   -ra------   C:\WINDOWS\system32\mfc80u.dll
2008-09-04 12:26 . 2005-09-22 23:35   626,688   -ra------   C:\WINDOWS\system32\msvcr80.dll
2008-09-04 12:26 . 2005-09-22 23:35   548,864   -ra------   C:\WINDOWS\system32\msvcp80.dll
2008-09-04 12:26 . 2005-09-22 23:37   95,744   -ra------   C:\WINDOWS\system32\atl80.dll
2008-09-04 12:24 . 2008-09-11 21:36   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-09-04 12:23 . 2008-09-04 12:23   <DIR>   d--------   C:\Program Files\OLYMPUS
2008-09-04 12:23 . 2008-09-04 12:23   <DIR>   d--------   C:\Program Files\MSXML 4.0
2008-09-04 12:17 . 2008-09-04 12:17   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\QuickTime
2008-09-04 12:17 . 2008-09-04 12:17   388   --a------   C:\WINDOWS\system32\QuickTime.qtp
2008-09-04 12:12 . 2008-09-04 17:51   <DIR>   d--------   C:\Documents and Settings\terunia\Dane aplikacji\Ahead
2008-09-04 12:10 . 2008-09-04 12:10   <DIR>   d--------   C:\Program Files\Nero
2008-09-04 12:10 . 2008-09-12 12:57   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-09-04 12:01 . 2008-09-04 12:01   <DIR>   d--------   C:\WINDOWS\system32\Samsung_USB_Drivers
2008-09-04 12:01 . 2008-09-04 12:01   <DIR>   d--------   C:\Program Files\Samsung
2008-09-04 12:01 . 2006-05-03 22:53   174,592   --a------   C:\WINDOWS\system32\framedyn.dll
2008-09-04 12:01 . 2006-07-24 16:05   5,632   --a------   C:\WINDOWS\system32\drivers\StarOpen.sys
2008-09-04 12:01 . 2005-08-28 20:51   766   --a------   C:\WINDOWS\system32\Uninstall.ico
2008-09-04 11:49 . 2008-04-14 00:16   85,248   --a------   C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-09-04 11:49 . 2008-04-14 00:16   19,200   --a------   C:\WINDOWS\system32\drivers\wstcodec.sys
2008-09-04 11:49 . 2008-04-14 22:51   16,384   --a------   C:\WINDOWS\system32\ipsink.ax
2008-09-04 11:49 . 2008-04-14 00:16   15,232   --a------   C:\WINDOWS\system32\drivers\streamip.sys
2008-09-04 11:49 . 2008-04-14 00:16   11,136   --a------   C:\WINDOWS\system32\drivers\slip.sys
2008-09-04 11:49 . 2008-04-14 00:16   10,880   --a------   C:\WINDOWS\system32\drivers\ndisip.sys
2008-09-04 11:49 . 2008-04-14 00:09   5,504   --a------   C:\WINDOWS\system32\drivers\mstee.sys
2008-09-04 11:48 . 2008-04-14 22:51   91,648   --a------   C:\WINDOWS\system32\kswdmcap.ax
2008-09-04 11:48 . 2008-04-14 22:51   61,952   --a------   C:\WINDOWS\system32\kstvtune.ax
2008-09-04 11:48 . 2008-04-14 00:15   60,032   --a------   C:\WINDOWS\system32\drivers\usbaudio.sys
2008-09-04 11:48 . 2008-04-14 22:50   54,784   --a------   C:\WINDOWS\system32\vfwwdm32.dll
2008-09-04 11:48 . 2008-04-14 22:51   43,008   --a------   C:\WINDOWS\system32\ksxbar.ax
2008-09-04 11:48 . 2008-04-14 00:15   32,128   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-04 11:48 . 2008-04-14 00:16   17,024   --a------   C:\WINDOWS\system32\drivers\ccdecode.sys
2008-09-04 11:45 . 2008-09-04 11:46   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-09-04 11:45 . 2007-04-10 23:46   1,966,696   --a------   C:\WINDOWS\system32\drivers\VX3000.sys
2008-09-04 11:45 . 2007-04-10 23:46   709,992   --a------   C:\WINDOWS\vVX3000.exe
2008-09-04 11:45 . 2007-04-10 23:46   476,520   --a------   C:\WINDOWS\vVX3000.dll
2008-09-04 11:45 . 2007-04-10 23:46   202,088   --a------   C:\WINDOWS\system32\LCCoin14.dll
2008-09-04 11:45 . 2007-04-10 23:46   185,704   --a------   C:\WINDOWS\system32\cVX3000.dll
2008-09-04 11:45 . 2007-04-10 23:46   111,976   --a------   C:\WINDOWS\VX3000.dll
2008-09-04 11:45 . 2007-04-10 23:46   15,498   --a------   C:\WINDOWS\VX3000.ini
2008-09-04 11:45 . 2007-04-10 23:46   13,023   --a------   C:\WINDOWS\VX3000.src
2008-09-04 11:43 . 2008-09-04 11:43   <DIR>   d--------   C:\WINDOWS\system32\drivers\umdf
2008-09-04 11:43 . 2008-09-04 11:45   <DIR>   d--------   C:\Program Files\Microsoft LifeCam
2008-09-04 11:35 . 2008-09-04 18:10   512,096   --a------   C:\WINDOWS\system32\drivers\amon.sys
2008-09-04 11:35 . 2008-09-04 18:10   15,424   --a------   C:\WINDOWS\system32\drivers\nod32drv.sys
2008-09-04 11:33 . 2008-09-04 11:33   <DIR>   d--------   C:\Documents and Settings\LocalService\Menu Start
2008-09-04 11:32 . 2008-09-04 11:32   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2008-09-04 11:28 . 2008-09-04 11:33   316,640   --a------   C:\WINDOWS\WMSysPr9.prx
2008-09-04 11:26 . 2008-09-04 11:26   <DIR>   d--------   C:\WINDOWS\provisioning
2008-09-04 11:21 . 2004-07-17 11:40   19,528   --a------   C:\WINDOWS\[u]0[/u]03470_.tmp
2008-09-04 11:20 . 2007-08-10 20:53   26,488   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-09-04 11:12 . 2008-04-14 22:47   103,424   --a------   C:\WINDOWS\system32\dpcdll.dll
2008-09-04 11:09 . 2002-06-14 18:46   19,274   --a------   C:\WINDOWS\[u]0[/u]01217_.tmp

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 09:41   ---------   d-----w   C:\Program Files\Neostrada TP
2008-09-12 13:22   ---------   d-----w   C:\Program Files\Eset
2008-09-09 15:19   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-09-09 15:17   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-09-08 06:34   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-09-04 08:56   ---------   d-----w   C:\Documents and Settings\terunia\Dane aplikacji\ESET
2008-09-04 08:55   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-09-04 07:57   ---------   d-----w   C:\Program Files\Canon
2008-09-04 07:39   23   ----a-w   C:\WINDOWS\system32\drivers\adidsl.cfg
2008-09-04 07:39   ---------   d-----w   C:\Program Files\SAGEM
2008-09-04 07:36   ---------   d-----w   C:\Program Files\Creative
2008-09-04 07:36   ---------   d-----w   C:\Documents and Settings\terunia\Dane aplikacji\Creative
2008-09-04 07:32   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-09-04 07:21   ---------   d-----w   C:\Program Files\ATI Technologies
2008-09-04 07:14   ---------   d-----w   C:\Program Files\Intel
2008-09-04 07:13   ---------   d-----w   C:\Program Files\VIA Technologies, Inc
2008-09-04 07:06   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-09-04 07:04   ---------   d-----w   C:\Program Files\Usługi online
2008-07-07 20:29   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-06-24 16:46   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-23 15:13   668,672   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-09-13_22.36.05.37   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-13 21:16:49   18,944   ----a-r   C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-13 21:16:49   65,024   ----a-r   C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-08-26 11:28:14   16,208,504   ----a-w   C:\WINDOWS\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-11 68856]
"DAEMON Tools Lite"="E:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 709992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-04 949376]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CTHelper"="CTHELPER.EXE" [2003-06-09 C:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-04 962661]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
S2 windows media player;windows media player;C:\Program Files\Common Files\Microsoft Shared\MSINFO\explorers.exe [ ]

*Newly Created Service* - WINDOWS_MEDIA_PLAYER
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\terunia\Dane aplikacji\Mozilla\Firefox\Profiles\411zm3du.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
FF -: plugin - E:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - e:\Program Files\QuickTime\Plugins\npqtplugin7.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin7.dll
FF -: plugin - E:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
FF -: plugin - E:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 11:47:10
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Czas ukończenia: 2008-09-14 11:50:00 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-09-14 09:49:51
ComboFix2.txt  2008-09-14 09:20:13
ComboFix3.txt  2008-09-13 20:36:56

Przed: 14,948,052,992 bajt˘w wolnych
Po: 14,934,548,480 bajt˘w wolnych

274   --- E O F ---   2008-09-14 08:17:34