Z góry dzięki za pomocComboFix
- Kod: Zaznacz wszystko
ComboFix 09-04-23.01 - Misiek 2009-04-22 18:53.1 - NTFSx86
Uruchomiony z: c:\documents and settings\Misiek\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Misiek\Application Data\ShoppingReport
c:\documents and settings\Misiek\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Misiek\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Misiek\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Misiek\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Misiek\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Misiek\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Misiek\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\Misiek\Misiek.exe
c:\documents and settings\Misiek\reader_s.exe
c:\documents and settings\NetworkService\Application Data\1241731539.exe
c:\documents and settings\NetworkService\Application Data\909443737.exe
c:\program files\akl
c:\program files\akl\akl.dll
c:\program files\akl\akl.exe
c:\program files\akl\uninstall.exe
c:\program files\akl\unsetup.exe
c:\program files\Inet Delivery
c:\program files\Inet Delivery\inetdl.exe
c:\program files\Inet Delivery\intdel.exe
c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]002B26E
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]0209E38.bin
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]020A27E.bin
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]020A443.bin
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]0CBDEAC
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\windows.0\a.bat
c:\windows.0\base64.tmp
c:\windows.0\bdn.com
c:\windows.0\FVProtect.exe
c:\windows.0\iTunesMusic.exe
c:\windows.0\msauc.exe
c:\windows.0\mssecu.exe
c:\windows.0\services.exe
c:\windows.0\system32\~.exe
c:\windows.0\system32\1033h.exe
c:\windows.0\system32\12520850l.exe
c:\windows.0\system32\akttzn.exe
c:\windows.0\system32\bdn.com
c:\windows.0\system32\bsva-egihsg52.exe
c:\windows.0\system32\Cache
c:\windows.0\system32\crypts.dll
c:\windows.0\system32\digiwet.dll
c:\windows.0\system32\dpcproxy.exe
c:\windows.0\system32\hxiwlgpm.dat
c:\windows.0\system32\hxiwlgpm.exe
c:\windows.0\system32\medup020.dll
c:\windows.0\system32\msgp.exe
c:\windows.0\system32\msnbho.dll
c:\windows.0\system32\mssecu.exe
c:\windows.0\system32\msxml71.dll
c:\windows.0\system32\mtr2.exe
c:\windows.0\system32\mwin32.exe
c:\windows.0\system32\netode.exe
c:\windows.0\system32\newsd32.exe
c:\windows.0\system32\ps1.exe
c:\windows.0\system32\psof1.exe
c:\windows.0\system32\reader_s.exe
c:\windows.0\system32\Rundl1.exe
c:\windows.0\system32\SAV.cpl
c:\windows.0\system32\smp
c:\windows.0\system32\smp\msrc.exe
c:\windows.0\system32\sncntr.exe
c:\windows.0\system32\ssvchost.com
c:\windows.0\system32\sysreq.exe
c:\windows.0\system32\taack.dat
c:\windows.0\system32\taack.exe
c:\windows.0\system32\temp#01.exe
c:\windows.0\system32\thun.dll
c:\windows.0\system32\thun32.dll
c:\windows.0\system32\VBIEWER.OCX
c:\windows.0\system32\winlogonpc.exe
c:\windows.0\system32\winsystem.exe
c:\windows.0\system32\WINWGPX.EXE
c:\windows.0\system32\wpv751235327867.cpx
c:\windows.0\system32\wpv781234083759.cpx
c:\windows.0\system32\wpv811232632526.cpx
c:\windows.0\system32\wpv971232632494.cpx
c:\windows.0\userconfig9x.dll
c:\windows.0\wiaserviv.log
c:\windows.0\winsystem.exe
c:\windows.0\zip1.tmp
c:\windows.0\zip2.tmp
c:\windows.0\zip3.tmp
c:\windows.0\zipped.tmp
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_lanmanserverBrowser
-------\Service_Spoolerose
((((((((((((((((((((((((( Pliki utworzone od 2009-03-23 do 2009-04-23 )))))))))))))))))))))))))))))))
.
2009-04-22 16:39 . 2009-04-22 16:39 -------- d-----w c:\program files\Trend Micro
2009-04-22 12:07 . 2009-04-22 14:15 -------- d-----w c:\program files\Advanced Spyware Remover
2009-04-22 12:01 . 2009-04-22 12:04 -------- d-----w c:\program files\HackCleaner
2009-04-22 11:16 . 2009-04-22 11:16 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-22 11:15 . 2009-04-22 11:15 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-22 08:58 . 2009-04-22 11:11 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-22 08:22 . 2009-04-22 14:18 -------- d-----w c:\program files\Spyware Terminator
2009-04-22 08:17 . 2009-04-22 08:17 -------- d-----w c:\program files\FRISK Software
2009-04-18 19:08 . 2009-04-18 19:12 13030 ----a-w C:\PDOXUSRS.NET
2009-04-18 19:08 . 2009-04-18 19:08 -------- d-----w c:\program files\Common Files\Borland Shared
2009-04-18 19:08 . 2009-04-18 19:12 -------- d-----w c:\program files\Wizard
2009-04-18 19:08 . 2009-04-18 19:08 -------- d-----w c:\program files\Common Files\grafa
2009-04-18 15:13 . 2009-04-18 15:13 20480 --sha-w c:\windows.0\system32\aaaamonq.dll
2009-04-18 15:12 . 2009-04-18 15:13 89 --s-a-w c:\windows.0\system32\3358903671.dat
2009-04-05 11:13 . 2009-04-05 11:13 -------- d-----w c:\program files\Common Files\IPSPI
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 16:37 . 2008-07-11 06:30 -------- d-----w c:\program files\Warcraft III
2009-04-22 16:03 . 2008-10-04 08:39 -------- d-----w c:\documents and settings\Misiek\Application Data\OpenOffice.org2
2009-04-22 14:33 . 2008-08-18 06:42 15176 ----a-w C:\mksbasel.cpp.log
2009-04-22 12:20 . 2008-05-15 13:05 -------- d-----w c:\program files\Garena
2009-04-22 12:03 . 2008-08-26 10:22 -------- d-----w c:\program files\ICQToolbar
2009-04-22 12:03 . 2008-05-17 07:47 -------- d-----w c:\program files\Winamp Toolbar
2009-04-22 11:11 . 2008-05-15 09:30 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-22 08:13 . 2008-05-15 09:30 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-20 16:10 . 2008-08-18 10:38 -------- d-----w c:\documents and settings\Marcin\Application Data\zweitgeist
2009-04-20 16:08 . 2008-05-16 06:40 13048 ----a-w c:\documents and settings\Marcin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 15:13 . 2004-08-10 13:00 213376 ----a-w c:\windows.0\system32\drivers\ndis.sys
2009-04-17 18:39 . 2008-05-17 18:11 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-17 17:00 . 2008-09-16 10:58 -------- d-----w c:\documents and settings\Misiek\Application Data\mIRC
2009-04-17 15:52 . 2008-09-04 16:02 -------- d-----w c:\program files\mIRC
2009-04-10 20:42 . 2009-02-20 15:52 -------- d-----w c:\program files\OpenVPN
2009-04-07 17:51 . 2008-06-01 14:20 138512 ----a-w c:\windows.0\system32\drivers\PnkBstrK.sys
2009-04-07 17:51 . 2008-06-01 14:20 201440 ----a-w c:\windows.0\system32\PnkBstrB.exe
2009-04-07 17:51 . 2008-06-01 14:20 66872 ----a-w c:\windows.0\system32\PnkBstrA.exe
2009-03-21 19:28 . 2008-07-11 06:32 104421 ----a-w c:\windows.0\War3Unin.dat
2009-03-17 17:01 . 2008-06-01 14:01 -------- d-----w c:\program files\Wolfenstein - Enemy Territory
2009-03-12 21:31 . 2008-10-30 11:23 22328 ----a-w c:\documents and settings\Misiek\Application Data\PnkBstrK.sys
2009-03-12 21:31 . 2008-10-30 11:23 2246144 ----a-w c:\windows.0\system32\pbsvc.exe
2009-03-12 21:29 . 2009-03-12 21:29 -------- d-----w c:\documents and settings\All Users\Application Data\id Software
2009-03-07 09:45 . 2009-02-28 18:54 -------- d-----w c:\program files\Spik
2009-03-06 18:24 . 2009-02-28 18:56 -------- d-----w c:\documents and settings\Misiek\Application Data\Spik
2009-03-05 20:33 . 2009-03-05 20:33 -------- d-----w c:\program files\Common Files\NSV
2009-03-01 13:55 . 2009-03-01 13:55 -------- d-----w c:\documents and settings\Misiek\Application Data\id Software
2009-02-24 21:27 . 2009-02-24 21:27 30976 ----a-w c:\windows.0\system32\drivers\rbyzv.sys
2009-02-24 20:40 . 2009-02-24 20:40 -------- d-----w c:\program files\PITy
2009-02-22 20:10 . 2009-02-22 20:10 28672 ----a-w c:\windows.0\system32\AshEvtSvc.exe
2009-02-14 12:07 . 2008-08-30 21:16 458 ----a-w C:\memory.txt
2009-02-08 21:07 . 2009-02-08 21:07 103424 ----a-w c:\windows.0\system32\presenter_nat.dll
2009-02-08 21:07 . 2008-09-23 20:23 13048 ----a-w c:\documents and settings\Misiek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-27 12:57 . 2008-11-07 06:13 356 ----a-w c:\program files\SETUP.REG
2008-11-07 14:39 . 2008-11-07 14:39 1120 ----a-w c:\program files\vidmode.ini
2006-01-08 19:44 . 2008-11-07 05:44 1321 ----a-w c:\program files\_Unpak.bat
2006-01-06 02:52 . 2008-11-07 05:54 46 ----a-w c:\program files\Safe_Mode.bat
2006-01-06 01:45 . 2008-11-07 05:54 334 ----a-w c:\program files\tecsetup.dat
2004-11-08 19:13 . 2008-12-19 19:26 6845809 ----a-w c:\program files\Video_short.wog
2004-11-08 19:12 . 2008-12-19 19:26 266123 ----a-w c:\program files\main8_optional.wog
2004-11-08 19:12 . 2008-12-19 19:26 1038225 ----a-w c:\program files\main6_optional.wog
2004-11-08 19:12 . 2008-12-19 19:26 7075256 ----a-w c:\program files\main3.wog
2004-11-08 19:12 . 2008-12-19 19:26 818929 ----a-w c:\program files\main7_optional.wog
2004-11-08 19:12 . 2008-12-19 19:26 5178224 ----a-w c:\program files\main4.wog
2004-11-08 19:11 . 2008-12-19 19:26 2773071 ----a-w c:\program files\main5.wog
2004-11-08 19:10 . 2008-12-19 19:26 5835575 ----a-w c:\program files\main2.wog
2004-11-08 19:02 . 2008-12-19 19:26 9597423 ----a-w c:\program files\main1.wog
2004-10-25 16:46 . 2008-12-19 19:26 7344 ----a-w c:\program files\lang.txt
2004-09-26 16:40 . 2008-12-19 19:26 708608 ----a-w c:\program files\Install.exe
2004-07-22 08:51 . 2004-07-22 08:51 3432656 ----a-w c:\program files\ManagedDX.CAB
2004-07-19 20:58 . 2004-07-19 20:58 1156363 ----a-w c:\program files\BDANT.cab
2004-07-19 20:53 . 2004-07-19 20:53 976020 ----a-w c:\program files\BDAXP.cab
2004-07-09 12:17 . 2004-07-09 12:17 13265040 ----a-w c:\program files\dxnt.cab
2004-07-09 07:13 . 2004-07-09 07:13 15493481 ----a-w c:\program files\DirectX.cab
2004-07-09 07:13 . 2004-07-09 07:13 703080 ----a-w c:\program files\BDA.cab
2004-07-09 02:08 . 2004-07-09 02:08 472576 ----a-w c:\program files\dxsetup.exe
2004-07-09 02:08 . 2004-07-09 02:08 2242560 ----a-w c:\program files\dsetup32.dll
2004-07-09 01:03 . 2004-07-09 01:03 62976 ----a-w c:\program files\DSETUP.dll
2003-02-02 19:06 . 2008-12-19 19:26 153088 ----a-w c:\program files\UNRAR.DLL
2002-06-08 22:42 . 2008-11-07 05:54 41360 ----a-w c:\program files\Tecsetup.exe
2002-11-19 14:2008-05-15 10:57 01:00 . c:\program files\opera\program\plugins\PlugDef.dll
2008-12-19 15:2008-05-15 14:57 18:32 . c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 15:2008-05-15 14:57 18:32 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 15:2008-05-15 14:57 18:32 . c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 15:2008-05-15 14:57 18:32 . c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 15:2008-05-15 14:57 18:32 . c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows.0\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-10 13:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows.0\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 E1999538D7213DB7A05A660BA9D63658 c:\windows.0\system32\drivers\tcpip.sys
[-] 2009-04-18 15:13 213376 5F69E08248BAC654A6C7A6B89188951F c:\windows.0\system32\dllcache\ndis.sys
[-] 2009-04-18 15:13 213376 5F69E08248BAC654A6C7A6B89188951F c:\windows.0\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\ctfmon.exe" [2004-08-10 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-08-24 173304]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-09-04 6856704]
"Octoshape Streaming Services"="c:\documents and settings\Misiek\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 156944]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-15 98304]
"JMB36X Configure"="c:\windows.0\system32\JMRaidTool.exe" [2006-04-25 385024]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2006-06-01 7618560]
"BearShare"="c:\program files\BearShare\BearShare.exe" [2006-08-01 3313664]
"NeroFilterCheck"="c:\windows.0\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows.0\system32\HdAShCut.exe [2005-01-07 61952]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows.0\KHALMNPR.Exe [2006-01-20 28160]
"nwiz"="nwiz.exe" - c:\windows.0\system32\nwiz.exe [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows.0\system32\nvmctray.dll [2006-06-01 86016]
"LoadQM"="loadqm.exe" - c:\windows.0\loadqm.exe [2000-05-03 7536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\Marcin\Start Menu\Programs\Startup\
Warkeys Update.lnk - c:\program files\Warkeys\update\Warkeys Update.exe [2006-8-3 225411]
c:\documents and settings\Misiek\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-5-15 532480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R2 acpi32;acpi32;c:\windows.0\system32\drivers\acpi32.sys [2004-08-10 22784]
R2 AshEvtSvc;AshEvtSvc;c:\windows.0\System32\AshEvtSvc.exe [2009-02-22 28672]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 ioatyge;ioatyge;c:\windows.0\system32\drivers\rbyzv.sys [2009-02-24 30976]
R3 GarenaPEngine;GarenaPEngine; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows.0\system32\drivers\npf.sys [2007-11-06 34064]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows.0\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - COMHOST
*Deregistered* - Aavmker4
*Deregistered* - AFD
*Deregistered* - aswTdi
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - Cdfs
*Deregistered* - comHost
*Deregistered* - CryptSvc
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - nvport
*Deregistered* - PartMgr
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RpcSs
*Deregistered* - sfdrv01
*Deregistered* - sfhlp02
*Deregistered* - sptd
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - Wanarp
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\pcformat.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0e8ca59-2269-11dd-99c6-806d6172696f}]
\Shell\AutoRun\command - H:\pcformat.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/pl/
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Misiek\Application Data\Mozilla\Firefox\Profiles\qiwededx.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 19:00
Windows 5.1.2600 Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Misiek\LOCALS~1\Temp\RBO406.tmp"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(660)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows.0\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows.0\system32\rundll32.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Czas ukończenia: 2009-04-23 19:10 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-04-23 17:10
Przed: 167 360 409 600 bytes free
Po: 169 603 985 408 bytes free
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
436
HijackThis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:53, on 2009-04-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS.0\system32\RunDLL32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS.0\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Misiek\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKUS\S-1-5-21-1078081533-1993962763-839522115-1002\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1078081533-1993962763-839522115-1002\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (User '?')
O4 - HKUS\S-1-5-21-1078081533-1993962763-839522115-1002\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent (User '?')
O4 - HKUS\S-1-5-21-1078081533-1993962763-839522115-1002\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1078081533-1993962763-839522115-1002\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Misiek\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun (User '?')
O4 - HKUS\S-1-5-21-1078081533-1993962763-839522115-1002\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1078081533-1993962763-839522115-1002 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .mpg: C:\Program Files\Opera\PLUGINS\npqtplugin3.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211113141421
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://download.gamedesire.com/g_bin/pl/poker_2_0_0_49.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: AshEvtSvc - Unknown owner - C:\WINDOWS.0\System32\AshEvtSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Usluga Auto-Protect programu Norton AntiVirus (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Usługa Norton Protection Center (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS.0\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 9669 bytes
oraz skasuj folder C:\