
Zdecydowanie pogorszyła się jakość pracy komputera a do tego jeszcze problem z firefoxem - w czasie wpisywania czegokolwiek "wyskakuje" mi kursor i muszę (nawet po kilk arazy) ponowni klikać gryzoniem, żeby go ustawić)
oto logi
combofix:
- Kod: Zaznacz wszystko
ComboFix 08-09-20.05 - Maciek 2008-09-21 22:53:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.281 [GMT 2:00]
Uruchomiony z: D:\Installs\ComboFix.exe
* Utworzono nowy punkt przywracania
[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-21 do 2008-09-21 )))))))))))))))))))))))))))))))
.
2008-09-21 22:43 . 2008-09-21 22:50 <DIR> d-------- C:\combo-fix
2008-09-21 12:06 . 2008-09-21 12:06 <DIR> d-------- C:\Documents and Settings\Maciek\.ebcommunicator
2008-09-18 21:55 . 2008-09-18 21:55 35,811 --a------ C:\bez˙tytuu.JPG
2008-09-18 18:41 . 2008-09-18 18:41 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-18 07:45 . 2008-09-18 07:45 591,907 --a------ C:\RFaktury.spx
2008-09-16 00:15 . 2003-05-28 11:44 1,625 --a------ C:\WINDOWS\AntiWPA_Crypt.dll
2008-09-15 23:03 . 2008-09-21 22:55 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-09-15 23:03 . 2008-06-01 14:31 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-09-15 23:03 . 2008-06-01 12:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-09-15 23:03 . 2008-06-01 14:31 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-09-15 23:03 . 2008-06-01 14:31 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-09-15 23:03 . 2008-06-01 14:31 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-09-15 23:03 . 2008-06-01 14:31 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-09-15 23:03 . 2008-09-15 23:03 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-15 23:02 . <DIR> C:\Documents and Settings\Gość\Ustawienia lokalne
2008-09-15 23:02 . <DIR> C:\Documents and Settings\Gość\Ulubione
2008-09-15 23:02 . <DIR> C:\Documents and Settings\Gość\Szablony
2008-09-15 23:02 . <DIR> C:\Documents and Settings\Gość\Pulpit
2008-09-15 23:02 . <DIR> C:\Documents and Settings\Gość\Moje dokumenty
2008-09-15 23:02 . <DIR> C:\Documents and Settings\Gość\Menu Start
2008-09-15 23:02 . <DIR> C:\Documents and Settings\Gość\Dane aplikacji\Microsoft
2008-09-15 23:02 . <DIR> C:\Documents and Settings\Gość\Dane aplikacji
2008-09-15 23:02 . 2008-09-15 23:02 <DIR> d-------- C:\Documents and Settings\Go†
2008-09-07 14:26 . 2008-09-07 14:26 <DIR> d-------- C:\Program Files\Onet.pl, OPM
2008-09-07 14:26 . 2008-09-07 14:26 69,632 --a------ C:\WINDOWS\system32\Clifford Uninstall.exe
2008-09-07 14:26 . 2008-09-07 14:26 98 --a------ C:\WINDOWS\CR.ini
2008-09-05 19:46 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-09-05 19:45 . 2008-09-05 19:45 <DIR> d-------- C:\WINDOWS\Logs
2008-09-05 19:41 . 2008-09-05 19:41 <DIR> d-------- C:\Program Files\directx9
2008-08-30 17:13 . 2008-04-14 22:50 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-30 17:13 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-30 17:13 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-30 17:13 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-28 16:10 . 2008-08-28 16:10 <DIR> d-------- C:\Documents and Settings\Kasia\Dane aplikacji\ATI
2008-08-28 15:31 . 2008-08-28 15:31 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\ATI
2008-08-28 15:31 . 2008-08-28 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI
2008-08-28 15:31 . 2008-08-28 15:31 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-08-28 15:27 . 2008-08-28 15:27 <DIR> d-------- C:\ATI
2008-08-21 08:46 . 2008-08-21 08:46 <DIR> d-------- C:\WINDOWS\speech
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 20:54 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\uTorrent
2008-09-21 20:00 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-09-18 19:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-15 22:15 510,464 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-09-08 22:13 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\foobar2000
2008-09-06 18:16 --------- d-----w C:\Documents and Settings\Kasia\Dane aplikacji\Tlen.pl
2008-08-28 18:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-28 15:10 --------- d-----w C:\Program Files\WordBiz
2008-08-28 15:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-08-28 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 13:29 --------- d-----w C:\Program Files\ATI Technologies
2008-08-11 20:31 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\.ABC
2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-01 03:39 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-07-31 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-17 17:52 56,360 ----a-w C:\WINDOWS\system32\WBHELP2.DLL
2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-06-01 10:50 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-06-01 10:50 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2008-06-01 10:50 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008060120080602\index.dat
2008-06-01 10:50 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
2008-09-16 00:15 510464 66ecfe388ad1bd281dd3391b756670cf C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="D:\Programs\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="D:\Programs\Firewall\Smc.exe" [2003-01-21 2015303]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"Adobe Reader Speed Launcher"="D:\Programs\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 D:\Programs\Adobe Reader\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2005-03-18 13:18 98304 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"srservice"=2 (0x2)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programs\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Programs\\Tlen.pl\\tlen.exe"=
"D:\\Programs\\Soulseek\\slsk.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59674:TCP"= 59674:TCP:Utorrent
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2008-04-14 149376]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
S3 DIGIRPS;Sterownik Digi PortServer;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-10-26 42560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b48a81f3-2fd4-11dd-9992-806d6172696f}]
\Shell\AutoRun\command - E:\ASUSACPI.exe
*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-WinampAgent - D:\Programs\Winamp\winampa.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com/|gazeta.pl|pekao24.pl|interia.pl|skyscrapercity.com/subscription.php|szczecin.pl
FF -: plugin - D:\Programs\Adobe Reader\Reader\browser\nppdf32.dll
FF -: plugin - D:\Programs\Firefox\plugins\np32dsw.dll
FF -: plugin - D:\Programs\Firefox\plugins\npnul32.dll
FF -: plugin - D:\Programs\Firefox\plugins\NPOFF12.DLL
FF -: plugin - D:\Programs\Firefox\plugins\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 22:55:53
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
C:\WINDOWS\system32\zshp1020.exe [2668] 0x816029E0
C:\WINDOWS\system32\zshp1020.exe [2516] 0x8225CDA0
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-09-21 22:56:28
ComboFix-quarantined-files.txt 2008-09-21 20:56:25
Przed: 5˙372˙952˙576 bajt˘w wolnych
Po: 6,187,241,472 bajt˘w wolnych
180
i hijack this:
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 23:00:36, on 2008-09-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\Gadu-Gadu\gg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\Programs\TC UP\totalcmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Programs\Firefox\firefox.exe
D:\Installs\Security\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SmcService] D:\Programs\Firewall\Smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programs\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programs\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\Programs\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Office\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Programs\Firewall\Smc.exe
z góry dzięki za pomoc