przez piotr1024 22 Mar 2009, 02:07
przez wojtas 22 Mar 2009, 09:19
przez piotr1024 22 Mar 2009, 17:36
ComboFix 09-03-19.02 - User 2007-01-01 15:50:34.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1023.803 [GMT 1:00]
Uruchomiony z: G:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]039B725
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]0818394.bin
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]08184DC.bin
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]08185F5.bin
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
E:\Autorun.inf
G:\Autorun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-19 do 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-22 00:46 . 2009-03-22 00:09 <DIR> d-------- c:\windows\tmp
2009-03-22 00:10 . 2009-03-22 00:10 <DIR> d--h----- c:\documents and settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne
2009-03-22 00:10 . 2009-03-22 00:10 <DIR> d-------- c:\documents and settings\LocalService.ZARZĄDZANIE NT\Dane aplikacji
2009-03-22 00:10 . 2009-03-22 00:10 <DIR> d--hs---- c:\documents and settings\LocalService.ZARZĄDZANIE NT
2009-03-22 00:07 . 2009-03-22 00:07 1,606 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-03-22 00:01 . 2009-03-19 15:51 <DIR> d--h----- c:\documents and settings\NetworkService.ZARZĄDZANIE NT\Ustawienia lokalne
2009-03-22 00:01 . 2009-03-22 00:01 <DIR> d-------- c:\documents and settings\NetworkService.ZARZĄDZANIE NT\Dane aplikacji
2009-03-22 00:01 . 2009-03-22 00:01 <DIR> d--hs---- c:\documents and settings\NetworkService.ZARZĄDZANIE NT
2009-03-22 00:01 . 2009-03-19 15:51 <DIR> d--h----- c:\documents and settings\Administrator.XXX-5E67710C0FF\Ustawienia lokalne
2009-03-22 00:01 . 2008-12-01 21:55 <DIR> d-------- c:\documents and settings\Administrator.XXX-5E67710C0FF\Ulubione
2009-03-22 00:01 . 2008-12-01 21:01 <DIR> d--h----- c:\documents and settings\Administrator.XXX-5E67710C0FF\Szablony
2009-03-22 00:01 . 2008-12-01 21:55 <DIR> d-------- c:\documents and settings\Administrator.XXX-5E67710C0FF\Pulpit
2009-03-22 00:01 . 2008-12-01 21:55 <DIR> d-------- c:\documents and settings\Administrator.XXX-5E67710C0FF\Moje dokumenty
2009-03-22 00:01 . 2008-12-01 21:55 <DIR> dr------- c:\documents and settings\Administrator.XXX-5E67710C0FF\Menu Start
2009-03-22 00:01 . 2008-12-01 21:55 <DIR> dr-h----- c:\documents and settings\Administrator.XXX-5E67710C0FF\Dane aplikacji
2009-03-22 00:01 . 2009-03-22 00:01 <DIR> d-------- c:\documents and settings\Administrator.XXX-5E67710C0FF
2009-03-21 23:35 . 2009-03-19 15:51 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne
2009-03-21 23:35 . 2007-01-01 00:31 <DIR> d--h----- c:\documents and settings\Administrator\Szablony
2009-03-21 23:35 . 2007-01-01 00:31 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji
2009-03-21 23:35 . 2007-01-01 00:31 <DIR> d-------- c:\documents and settings\Administrator
2009-03-19 20:34 . 2009-03-19 20:34 <DIR> d--h----- c:\documents and settings\All Users\Dane aplikacji\CanonBJ
2009-03-16 21:17 . 2009-03-16 21:17 <DIR> d-------- c:\program files\Common Files\Bcgsoft
2009-03-16 21:08 . 2009-03-16 21:08 <DIR> d-------- c:\windows\system32\RNBOSENT
2009-03-16 21:08 . 2003-04-17 10:02 76,288 --a------ c:\windows\system32\drivers\SENTINEL.SYS
2009-03-16 21:08 . 2003-04-17 10:02 50,176 --a------ c:\windows\system32\SNTI386.DLL
2009-03-16 21:08 . 2003-04-17 10:02 18,432 --a------ c:\windows\system32\RNBOVDD.DLL
2009-03-16 21:08 . 1999-12-07 19:36 9,949 --------- c:\windows\system32\SENTINEL.HLP
2009-03-16 21:08 . 2009-03-11 14:28 2,645 --a------ c:\windows\system32\config.hsp
2009-03-09 22:30 . 2009-03-09 22:30 <DIR> d-------- c:\program files\Didactic
2009-03-09 19:28 . 2009-03-09 19:28 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-04 21:41 . 2009-03-04 21:41 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\FL_SIM_P4_DEMO_D
2009-02-24 21:50 . 2009-02-24 21:50 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\Unigraphics Solutions
2009-02-23 20:03 . 2009-02-23 20:03 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\BESTplayer
2009-02-23 19:56 . 2009-02-23 20:03 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\U3
2009-02-19 20:14 . 2009-02-25 19:16 233 --a------ c:\windows\FESTO.INI
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 20:20 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-20 20:19 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-17 21:14 --------- d-----w c:\program files\Common Files\Adobe
2009-03-16 20:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 20:05 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-10 20:20 --------- d-----w c:\program files\Winamp
2009-03-09 14:30 --------- d-----w c:\program files\Opera
2009-03-05 21:33 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-02-15 13:48 --------- d-----w c:\documents and settings\inni\Dane aplikacji\Nowe Gadu-Gadu
2009-02-14 13:42 --------- d-----w c:\program files\Nowe Gadu-Gadu
2009-02-14 13:42 --------- d-----w c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu
2009-01-23 21:44 --------- d-----w c:\documents and settings\inni\Dane aplikacji\DivX
2009-01-21 19:31 --------- d-----w c:\program files\CCleaner
2008-12-03 20:12 835,584 ------w c:\documents and settings\User\Ygoow.exe
2008-12-03 20:12 188,928 ------w c:\documents and settings\User\XPTable.dll
2008-12-03 20:12 141,312 ------w c:\documents and settings\User\YgoowCore.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\program files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe" [2008-10-05 235936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9877:TCP"= 9877:TCP:BitComet 9877 TCP
"9877:UDP"= 9877:UDP:BitComet 9877 UDP
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-11 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-11 20560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - u.com
\Shell\open\Command - u.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - u.com
\Shell\open\Command - u.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d08ccc2-0407-11de-b950-0014f850f0fb}]
\Shell\AutoRun\command - F:\wx8o0bt1.com
\Shell\open\Command - F:\wx8o0bt1.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45016b2d-ca0a-11dd-b88c-0014f850f0fb}]
\Shell\AutoRun\command - F:\uvsqfgwd.cmd
\Shell\open\Command - F:\uvsqfgwd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c79f972-c0b1-11dd-87e9-0014f850f0fb}]
\Shell\AutoRun\command - F:\cv22.cmd
\Shell\open\Command - F:\cv22.cmd
.
.
------- Skan uzupełniający -------
.
uStart Page = https://ssl.bsk.com.pl/bskonl/login.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 15:51:28
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-03-19 15:52:15
ComboFix-quarantined-files.txt 2009-03-19 14:52:12
Przed: 88 981 012 480 bajtów wolnych
Po: 88,968,617,984 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
153
[code][/code]SDFix: Version 1.240
Run by User on 2007-01-01 at 15:37
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\autorun.inf - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-01-01 15:43:42
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9e,81,70,95,f4,fc,ea,16,17,e3,7a,f9,43,f5,4d,70,0a,e2,6e,c1,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,c6,15,73,85,c1,02,2e,5b,c3,1d,a4,41,c7,1a,c1,e1,..
"khjeh"=hex:71,ec,b7,89,88,b2,74,74,e8,3e,0c,1e,5f,cd,53,e9,2a,bb,1a,c2,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,27,f5,cc,4b,d4,b5,24,c3,84,5f,a7,1d,0c,c5,87,b3,ce,5c,fb,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9e,81,70,95,f4,fc,ea,16,17,e3,7a,f9,43,f5,4d,70,0a,e2,6e,c1,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,c6,15,73,85,c1,02,2e,5b,c3,1d,a4,41,c7,1a,c1,e1,..
"khjeh"=hex:71,ec,b7,89,88,b2,74,74,e8,3e,0c,1e,5f,cd,53,e9,2a,bb,1a,c2,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,27,f5,cc,4b,d4,b5,24,c3,84,5f,a7,1d,0c,c5,87,b3,ce,5c,fb,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9e,81,70,95,f4,fc,ea,16,17,e3,7a,f9,43,f5,4d,70,0a,e2,6e,c1,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,c6,15,73,85,c1,02,2e,5b,c3,1d,a4,41,c7,1a,c1,e1,..
"khjeh"=hex:71,ec,b7,89,88,b2,74,74,e8,3e,0c,1e,5f,cd,53,e9,2a,bb,1a,c2,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,27,f5,cc,4b,d4,b5,24,c3,84,5f,a7,1d,0c,c5,87,b3,ce,5c,fb,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9e,81,70,95,f4,fc,ea,16,17,e3,7a,f9,43,f5,4d,70,0a,e2,6e,c1,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,c6,15,73,85,c1,02,2e,5b,c3,1d,a4,41,c7,1a,c1,e1,..
"khjeh"=hex:71,ec,b7,89,88,b2,74,74,e8,3e,0c,1e,5f,cd,53,e9,2a,bb,1a,c2,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,27,f5,cc,4b,d4,b5,24,c3,84,5f,a7,1d,0c,c5,87,b3,ce,5c,fb,91,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 19 Dec 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 23 Feb 2009 3,648,000 ...H. --- "C:\Documents and Settings\User\Pulpit\~WRL0163.tmp"
Tue 24 Feb 2009 4,363,776 ...H. --- "C:\Documents and Settings\User\Dane aplikacji\Microsoft\Word\~WRL0085.tmp"
Tue 24 Feb 2009 4,363,776 ...H. --- "C:\Documents and Settings\User\Dane aplikacji\Microsoft\Word\~WRL3125.tmp"
Tue 23 Oct 2007 3,350,528 A..H. --- "C:\Documents and Settings\User\Dane aplikacji\U3\temp\Launchpad Removal.exe"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:50, on 2009-03-19
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ssl.bsk.com.pl/bskonl/login.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5073 bytes
[code][/code]przez wojtas 22 Mar 2009, 22:53
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d08ccc2-0407-11de-b950-0014f850f0fb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45016b2d-ca0a-11dd-b88c-0014f850f0fb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c79f972-c0b1-11dd-87e9-0014f850f0fb}]
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
przez piotr1024 22 Mar 2009, 23:20
przez piotr1024 23 Mar 2009, 20:48
przez piotr1024 23 Mar 2009, 22:08
combofix ja zainstalował 
[b]SDFix: Version 1.240 [/b]
Run by User on 2009-03-25 at 19:42
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 19:44:14
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9e,81,70,95,f4,fc,ea,16,17,e3,7a,f9,43,f5,4d,70,0a,e2,6e,c1,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,c6,15,73,85,c1,02,2e,5b,c3,1d,a4,41,c7,1a,c1,e1,..
"khjeh"=hex:71,ec,b7,89,88,b2,74,74,e8,3e,0c,1e,5f,cd,53,e9,2a,bb,1a,c2,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,27,f5,cc,4b,d4,b5,24,c3,84,5f,a7,1d,0c,c5,87,b3,ce,5c,fb,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9e,81,70,95,f4,fc,ea,16,17,e3,7a,f9,43,f5,4d,70,0a,e2,6e,c1,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,c6,15,73,85,c1,02,2e,5b,c3,1d,a4,41,c7,1a,c1,e1,..
"khjeh"=hex:71,ec,b7,89,88,b2,74,74,e8,3e,0c,1e,5f,cd,53,e9,2a,bb,1a,c2,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,27,f5,cc,4b,d4,b5,24,c3,84,5f,a7,1d,0c,c5,87,b3,ce,5c,fb,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9e,81,70,95,f4,fc,ea,16,17,e3,7a,f9,43,f5,4d,70,0a,e2,6e,c1,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,c6,15,73,85,c1,02,2e,5b,c3,1d,a4,41,c7,1a,c1,e1,..
"khjeh"=hex:71,ec,b7,89,88,b2,74,74,e8,3e,0c,1e,5f,cd,53,e9,2a,bb,1a,c2,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,27,f5,cc,4b,d4,b5,24,c3,84,5f,a7,1d,0c,c5,87,b3,ce,5c,fb,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9e,81,70,95,f4,fc,ea,16,17,e3,7a,f9,43,f5,4d,70,0a,e2,6e,c1,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,c6,15,73,85,c1,02,2e,5b,c3,1d,a4,41,c7,1a,c1,e1,..
"khjeh"=hex:71,ec,b7,89,88,b2,74,74,e8,3e,0c,1e,5f,cd,53,e9,2a,bb,1a,c2,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,27,f5,cc,4b,d4,b5,24,c3,84,5f,a7,1d,0c,c5,87,b3,ce,5c,fb,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9e,81,70,95,f4,fc,ea,16,17,e3,7a,f9,43,f5,4d,70,0a,e2,6e,c1,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,c6,15,73,85,c1,02,2e,5b,c3,1d,a4,41,c7,1a,c1,e1,..
"khjeh"=hex:71,ec,b7,89,88,b2,74,74,e8,3e,0c,1e,5f,cd,53,e9,2a,bb,1a,c2,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a5,27,f5,cc,4b,d4,b5,24,c3,84,5f,a7,1d,0c,c5,87,b3,ce,5c,fb,91,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 19 Dec 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 23 Feb 2009 3,648,000 ...H. --- "C:\Documents and Settings\User\Pulpit\~WRL0163.tmp"
Tue 24 Feb 2009 4,363,776 ...H. --- "C:\Documents and Settings\User\Dane aplikacji\Microsoft\Word\~WRL0085.tmp"
Tue 24 Feb 2009 4,363,776 ...H. --- "C:\Documents and Settings\User\Dane aplikacji\Microsoft\Word\~WRL3125.tmp"
Tue 23 Oct 2007 3,350,528 A..H. --- "C:\Documents and Settings\User\Dane aplikacji\U3\temp\Launchpad Removal.exe"
[b]Finished![/b]
[code][/code]ComboFix 09-03-23.01 - User 2009-03-25 19:45:54.3 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1023.814 [GMT 1:00]
Uruchomiony z: G:\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090321-0] *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-25 do 2009-03-25 )))))))))))))))))))))))))))))))
.
2009-03-22 00:46 . 2009-03-22 00:09 <DIR> d-------- c:\windows\tmp
2009-03-22 00:10 . 2009-03-22 00:10 <DIR> d--h----- c:\documents and settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne
2009-03-22 00:10 . 2009-03-22 00:10 <DIR> d-------- c:\documents and settings\LocalService.ZARZĄDZANIE NT\Dane aplikacji
2009-03-22 00:10 . 2009-03-22 00:10 <DIR> d--hs---- c:\documents and settings\LocalService.ZARZĄDZANIE NT
2009-03-22 00:07 . 2009-03-22 00:07 1,606 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-03-22 00:01 . 2009-03-25 19:46 <DIR> d--h----- c:\documents and settings\NetworkService.ZARZĄDZANIE NT\Ustawienia lokalne
2009-03-22 00:01 . 2009-03-22 00:01 <DIR> d-------- c:\documents and settings\NetworkService.ZARZĄDZANIE NT\Dane aplikacji
2009-03-22 00:01 . 2009-03-22 00:01 <DIR> d--hs---- c:\documents and settings\NetworkService.ZARZĄDZANIE NT
2009-03-22 00:01 . 2009-03-25 19:46 <DIR> d--h----- c:\documents and settings\Administrator.XXX-5E67710C0FF\Ustawienia lokalne
2009-03-22 00:01 . 2008-12-01 21:55 <DIR> d-------- c:\documents and settings\Administrator.XXX-5E67710C0FF\Ulubione
2009-03-22 00:01 . 2008-12-01 21:01 <DIR> d--h----- c:\documents and settings\Administrator.XXX-5E67710C0FF\Szablony
2009-03-22 00:01 . 2008-12-01 21:55 <DIR> d-------- c:\documents and settings\Administrator.XXX-5E67710C0FF\Pulpit
2009-03-22 00:01 . 2008-12-01 21:55 <DIR> d-------- c:\documents and settings\Administrator.XXX-5E67710C0FF\Moje dokumenty
2009-03-22 00:01 . 2008-12-01 21:55 <DIR> dr------- c:\documents and settings\Administrator.XXX-5E67710C0FF\Menu Start
2009-03-22 00:01 . 2008-12-01 21:55 <DIR> dr-h----- c:\documents and settings\Administrator.XXX-5E67710C0FF\Dane aplikacji
2009-03-22 00:01 . 2009-03-22 00:01 <DIR> d-------- c:\documents and settings\Administrator.XXX-5E67710C0FF
2009-03-21 23:35 . 2009-03-25 19:46 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne
2009-03-21 23:35 . 2007-01-01 00:31 <DIR> d--h----- c:\documents and settings\Administrator\Szablony
2009-03-21 23:35 . 2007-01-01 00:31 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji
2009-03-21 23:35 . 2007-01-01 00:31 <DIR> d-------- c:\documents and settings\Administrator
2009-03-19 20:34 . 2009-03-19 20:34 <DIR> d--h----- c:\documents and settings\All Users\Dane aplikacji\CanonBJ
2009-03-16 21:17 . 2009-03-16 21:17 <DIR> d-------- c:\program files\Common Files\Bcgsoft
2009-03-16 21:08 . 2009-03-16 21:08 <DIR> d-------- c:\windows\system32\RNBOSENT
2009-03-16 21:08 . 2003-04-17 10:02 76,288 --a------ c:\windows\system32\drivers\SENTINEL.SYS
2009-03-16 21:08 . 2003-04-17 10:02 50,176 --a------ c:\windows\system32\SNTI386.DLL
2009-03-16 21:08 . 2003-04-17 10:02 18,432 --a------ c:\windows\system32\RNBOVDD.DLL
2009-03-16 21:08 . 1999-12-07 19:36 9,949 --------- c:\windows\system32\SENTINEL.HLP
2009-03-16 21:08 . 2009-03-11 14:28 2,645 --a------ c:\windows\system32\config.hsp
2009-03-09 22:30 . 2009-03-09 22:30 <DIR> d-------- c:\program files\Didactic
2009-03-09 19:28 . 2009-03-09 19:28 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-04 21:41 . 2009-03-04 21:41 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\FL_SIM_P4_DEMO_D
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 20:20 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-20 20:19 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-17 21:14 --------- d-----w c:\program files\Common Files\Adobe
2009-03-16 20:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 20:05 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-10 20:20 --------- d-----w c:\program files\Winamp
2009-03-09 14:30 --------- d-----w c:\program files\Opera
2009-03-05 21:33 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-02-24 20:50 --------- d-----w c:\documents and settings\User\Dane aplikacji\Unigraphics Solutions
2009-02-23 19:03 --------- d-----w c:\documents and settings\User\Dane aplikacji\U3
2009-02-23 19:03 --------- d-----w c:\documents and settings\User\Dane aplikacji\BESTplayer
2009-02-15 13:48 --------- d-----w c:\documents and settings\inni\Dane aplikacji\Nowe Gadu-Gadu
2009-02-14 13:42 --------- d-----w c:\program files\Nowe Gadu-Gadu
2009-02-14 13:42 --------- d-----w c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu
2008-12-03 20:12 835,584 ------w c:\documents and settings\User\Ygoow.exe
2008-12-03 20:12 188,928 ------w c:\documents and settings\User\XPTable.dll
2008-12-03 20:12 141,312 ------w c:\documents and settings\User\YgoowCore.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-03-19_15.51.43,24 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-01 14:36:54 4,014,080 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-03-25 18:41:25 4,014,080 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
- 2007-01-01 14:36:54 163,840 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2009-03-25 18:41:25 163,840 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2009-02-05 22:08 81000 e:\progra~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu]
--a------ 2009-02-27 17:12 9339496 c:\program files\Nowe Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 c:\windows\system32\nvcpl.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9877:TCP"= 9877:TCP:BitComet 9877 TCP
"9877:UDP"= 9877:UDP:BitComet 9877 UDP
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-11 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-11 20560]
.
.
------- Skan uzupełniający -------
.
uStart Page = https://ssl.bsk.com.pl/bskonl/login.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 19:46:40
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-03-25 19:47:29
ComboFix-quarantined-files.txt 2009-03-25 18:47:20
ComboFix2.txt 2009-03-25 18:24:01
ComboFix3.txt 2009-03-19 14:52:16
Przed: 88 940 494 848 bajtów wolnych
Po: 88,925,822,976 bajtów wolnych
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
117
[code][/code]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:53, on 2009-03-25
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
G:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ssl.bsk.com.pl/bskonl/login.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4287 bytes
[code][/code]Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 9 gości