Dziwny błąd

[Z@K]

Witam. Ni z gruszki, ni z pietruszki wyskakuje mi taki blad:



co to jest i jak to naprawic???

[MUTOPOMPKA]

sprawdź system/katalog DOCUMENT & SETTINGS na wypadek syfów, gdyż może to być właśnie jakiś syf.

[kahoona]

Raczej dać pełne logi - wirus PolyCrypt.

[Z@K]

log z CF

Kod: Zaznacz wszystko

ComboFix 08-10-18.03 - User 2008-10-19 20:40:40.15 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1522 [GMT 2:00]
Uruchomiony z: F:\Documents and Settings\User\Moje dokumenty\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\copy.exe
C:\host.exe
D:\Autorun.inf
D:\copy.exe
D:\host.exe
E:\Autorun.inf
E:\copy.exe
E:\host.exe
F:\Autorun.inf
F:\copy.exe
F:\host.exe
F:\WINDOWS\autorun.inf
F:\WINDOWS\svchost.exe
F:\WINDOWS\system32\lsprst7.dll
F:\WINDOWS\system32\ssprs.dll
F:\WINDOWS\system32\temp1.exe
F:\WINDOWS\system32\temp2.exe
F:\WINDOWS\xcopy.exe
G:\Autorun.inf
G:\copy.exe
G:\host.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-09-19 do 2008-10-19  )))))))))))))))))))))))))))))))
.

2008-10-16 14:45 . 2008-10-19 19:45   1,635   --a------   F:\Documents and Settings\User\nkp2.exe
2008-10-05 15:00 . 2008-10-05 15:00   54,156   --ah-----   F:\WINDOWS\QTFont.qfn
2008-10-05 15:00 . 2008-10-05 15:00   1,409   --a------   F:\WINDOWS\QTFont.for
2008-10-03 14:39 . 2008-10-03 14:39   <DIR>   d--------   F:\Documents and Settings\User\Dane aplikacji\SPORE
2008-09-30 16:55 . 2008-10-16 06:45   6,656   --a------   F:\Documents and Settings\User\planet.exe
2008-09-24 14:29 . 2008-09-24 14:29   <DIR>   d--------   F:\Program Files\Blender Foundation
2008-09-24 14:29 . 2008-09-24 14:29   <DIR>   d--------   F:\Documents and Settings\User\Dane aplikacji\Blender Foundation
2008-09-23 22:07 . 2008-10-04 17:18   <DIR>   d--------   F:\Program Files\Photomatix

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 18:41   ---------   d-----w   F:\Program Files\PeerGuardian2
2008-10-13 20:54   ---------   d-----w   F:\Documents and Settings\User\Dane aplikacji\Skype
2008-10-07 14:14   ---------   d-----w   F:\Documents and Settings\User\Dane aplikacji\foobar2000
2008-10-03 12:17   ---------   d--h--w   F:\Program Files\InstallShield Installation Information
2008-10-02 15:13   ---------   d-----w   F:\Documents and Settings\User\Dane aplikacji\uTorrent
2008-09-18 18:32   ---------   d-----w   F:\Documents and Settings\User\Dane aplikacji\Ubisoft
2008-09-18 18:30   ---------   d-----w   F:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-09-14 09:27   ---------   d-----w   F:\Program Files\RocketDock
2008-08-29 09:02   ---------   d-----w   F:\Program Files\Fotojoker
2008-08-29 09:02   ---------   d-----w   F:\Documents and Settings\All Users\Dane aplikacji\hps
2008-01-13 19:44   22,328   ----a-w   F:\Documents and Settings\User\Dane aplikacji\PnkBstrK.sys
2008-04-06 13:45   88   --sh--r   F:\WINDOWS\system32\1EB16A5616.sys
2008-04-06 13:45   2,828   --sha-w   F:\WINDOWS\system32\KGyGaAvL.sys
2004-08-04 11:00   98,304   --sha-r   F:\WINDOWS\system32\mstmdm.dll
.

------- Sigcheck -------

2006-03-12 18:48  360448  65c34c093e839505636954ead50fa315   F:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   snapshot@2008-08-26_20.00.44.34   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-11 20:18:06   53,248   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-09-18 18:29:45   53,248   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-04-11 20:18:07   12,800   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-09-18 18:29:45   12,800   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-04-11 20:18:08   473,600   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-09-18 18:29:45   473,600   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-04-11 20:17:48   2,676,224   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 18:29:41   2,676,224   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-11 20:17:50   2,846,720   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 18:29:42   2,846,720   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-11 20:17:52   563,712   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 18:29:42   563,712   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-11 20:17:53   567,296   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 18:29:43   567,296   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-11 20:17:54   576,000   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 18:29:43   576,000   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-11 20:17:55   577,024   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 18:29:43   577,024   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-11 20:17:57   577,536   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 18:29:44   577,536   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-11 20:17:59   577,536   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 18:29:44   577,536   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-11 20:18:01   578,560   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 18:29:44   578,560   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-11 20:18:10   578,560   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-18 18:29:46   578,560   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-11 20:18:11   145,920   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-09-18 18:29:46   145,920   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-04-11 20:18:12   159,232   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-09-18 18:29:46   159,232   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-04-11 20:18:13   364,544   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-09-18 18:29:46   364,544   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-04-11 20:18:15   178,176   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-09-18 18:29:46   178,176   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-04-11 20:18:04   223,232   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-09-18 18:29:45   223,232   ----a-w   F:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-08-07 14:27:04   163,328   ----a-w   F:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-26 19:36:40   6,062,080   ----a-w   F:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-08-26 19:36:40   57,344   ----a-w   F:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04   163,328   ----a-w   F:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-26 19:36:39   6,062,080   ----a-w   F:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-08-26 19:36:39   57,344   ----a-w   F:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 1994-11-17 23:00:00   210,944   ----a-w   F:\WINDOWS\MSVCRT10.DLL
+ 1996-10-30 07:35:08   32,768   ----a-w   F:\WINDOWS\PLUGIN.DLL
+ 2007-10-12 13:14:00   1,374,232   ----a-w   F:\WINDOWS\system32\D3DCompiler_36.dll
+ 2007-10-02 07:56:34   444,776   ----a-w   F:\WINDOWS\system32\d3dx10_36.dll
+ 2007-10-12 13:14:00   3,734,536   ----a-w   F:\WINDOWS\system32\d3dx9_36.dll
+ 2008-08-26 19:38:28   578,560   -c--a-w   F:\WINDOWS\system32\dllcache\user32.dll
- 2008-08-12 16:10:32   1,574,832   ----a-w   F:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-09 04:45:23   1,574,888   ----a-w   F:\WINDOWS\system32\FNTCACHE.DAT
+ 2004-06-04 20:22:00   782,336   ----a-w   F:\WINDOWS\system32\IlmImf.dll
+ 2007-01-02 12:13:24   274,432   ----a-w   F:\WINDOWS\system32\lcms.dll
+ 2007-06-28 13:09:46   446,464   ----a-w   F:\WINDOWS\system32\Photomatix_jpg.dll
+ 2007-07-09 11:51:06   266,240   ----a-w   F:\WINDOWS\system32\Photomatix25Lib.dll
+ 2007-07-15 11:09:08   249,856   ----a-w   F:\WINDOWS\system32\Photomatix25Lib2.dll
+ 2007-07-12 13:17:40   167,936   ----a-w   F:\WINDOWS\system32\Photomatix25Lib3.dll
+ 2003-11-26 09:47:00   11,776   ----a-w   F:\WINDOWS\system32\pmbm.dll
+ 2004-12-14 11:19:00   53,248   ----a-w   F:\WINDOWS\system32\pmexr.dll
+ 2006-02-05 15:23:00   205,824   ----a-w   F:\WINDOWS\system32\pmtf1.dll
+ 2006-02-05 14:27:00   353,280   ----a-w   F:\WINDOWS\system32\pmtf2.dll
+ 2006-11-29 10:55:58   204,288   ----a-w   F:\WINDOWS\system32\pmtf3.dll
- 2007-07-19 22:54:28   18,280   ----a-w   F:\WINDOWS\system32\x3daudio1_2.dll
+ 2007-10-22 01:37:16   17,928   ----a-w   F:\WINDOWS\system32\X3DAudio1_2.dll
+ 2007-10-22 01:39:54   267,272   ----a-w   F:\WINDOWS\system32\xactengine2_10.dll
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="F:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AlcoholAutomount"="F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"PeerGuardian"="F:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"AdobeUpdater"="F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-06-29 8466432]
"QuickTime Task"="F:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 286720]
"ISUSPM Startup"="F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]
"ISUSScheduler"="F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"ISUSPM"="F:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"WinampAgent"="F:\Program Files\Winamp\winampa.exe" [2008-03-27 36352]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 F:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-06-29 F:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UpdateCheck"= {201AD713-1833-4D94-AD15-603A43B75653} - F:\WINDOWS\system32\mstmdm.dll [2004-08-04 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= F:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= F:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= F:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= F:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= F:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= F:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= F:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= F:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= F:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=F:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Last.fm Helper.lnk
backup=F:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^User^Menu Start^Programy^Autostart^Vista-HDMonitor-Windows.lnk]
path=F:\Documents and Settings\User\Menu Start\Programy\Autostart\Vista-HDMonitor-Windows.lnk
backup=F:\WINDOWS\pss\Vista-HDMonitor-Windows.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-07-09 09:39 2119104 F:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 F:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-29 00:43 81920 F:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
--a------ 2007-08-09 11:09 109568 G:\utorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 F:\WINDOWS\Alcmtr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"E:\\gry\\PES 2008\\PES2008.exe"=
"F:\\Program Files\\Tlen.pl\\tlen.exe"=
"G:\\utorrent.exe"=
"F:\\Program Files\\BearShare\\BearShare.exe"=
"F:\\Program Files\\Gadu-Gadu\\gg.exe"=
"E:\\gry\\Assasin\\AssassinsCreed_Dx9.exe"=
"E:\\gry\\Assasin\\AssassinsCreed_Dx10.exe"=
"E:\\gry\\Assasin\\AssassinsCreed_Launcher.exe"=
"F:\\Documents and Settings\\User\\Moje dokumenty\\DC ++\\DCPlusPlus.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys [ ]
S3 usbscan;Sterownik skanera USB;F:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Sterownik magazynu masowego USB;F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01f8fef8-415c-11dd-ab93-0019dbcbfa4d}]
\Shell\AutoRun\command - I:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"F:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'

2007-08-28 F:\WINDOWS\Tasks\Norton Security Scan.job
- F:\Program Files\Norton Security Scan\Nss.exe [2007-04-19 22:42]
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - F:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\af7dq1jo.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 20:41:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-10-19 20:43:17
ComboFix-quarantined-files.txt  2008-10-19 18:42:56
ComboFix2.txt  2008-08-26 21:04:51
ComboFix3.txt  2008-08-26 20:53:03
ComboFix4.txt  2008-08-26 19:47:43
ComboFix5.txt  2008-10-19 18:35:51

Przed: 5 298 151 424 bajtów wolnych
Po: 5,375,942,656 bajtów wolnych

241


[Magik]

Z@K

tak to jest jak systemik bez antywirka i firewalla

Kod: Zaznacz wszystko

C:\Autorun.inf
C:\copy.exe
C:\host.exe
D:\Autorun.inf
D:\copy.exe
D:\host.exe
E:\Autorun.inf
E:\copy.exe
E:\host.exe
F:\Autorun.inf
F:\copy.exe
F:\host.exe
F:\WINDOWS\autorun.inf
F:\WINDOWS\svchost.exe
F:\WINDOWS\system32\lsprst7.dll
F:\WINDOWS\system32\ssprs.dll
F:\WINDOWS\system32\temp1.exe
F:\WINDOWS\system32\temp2.exe
F:\WINDOWS\xcopy.exe
G:\Autorun.inf
G:\copy.exe
G:\host.exe

niezla kolekcja.............do tego trojan kolejny, nieusuniety siedzi nadal



Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

i do tego log z Hijacka tez wrzuc

[Z@K]

albo inaczje..bo i tak system nowy musi byc:D czy format part. systemowej załatwi sprawe??

[Magik]

albo inaczje..bo i tak system nowy musi byc:D czy format part. systemowej załatwi sprawe??

zalatwi, ale Twoj problem idzie rozwiazac bez formatu, jeszcze do opanowania.........wiec albo wklejasz logi j/w albo format c:\


tylko pendrive'y itd tez musisz przeskanowac bo zalapales "amvo" i "autorun.inf" a to infekcje z pena, i jak podlaczysz sprzet bedzie problem spowrotem

[kahoona]

Nie załatwi - o ile nie będzie bomby na cały dysk. Po formacie systemowej zostaną na C, D, F, G pliki. Odtworzą się - taki ich mechanizm.

Najpierw trzeba wyleczyć - a później EWENTUALNIE formatować partycję systemową (E).

[Magik]

jedyna robota to wyrzucenie trojana z partcji F, naprawa jednego 'mountpointsa' w rejestrze i tyle, nie liczac pendrive

to nie vundo albo Rootkit VT100.EXE

zreszta skan Kasperskym on-line rozwialby watpliwosci ale

kahoona Z@k nie uzywa ani firewalla ani av'a-->wiec........


Flashdisinfector-->przeskanowac pooztsale partycje

[Z@K]

no to powalczmy z tym gownem:D

SDFix

Kod: Zaznacz wszystko

[b]SDFix: Version 1.236 [/b]
Run by User on 2008-10-21 at 18:17

Microsoft Windows XP [Wersja 5.1.2600]
Running From: F:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 18:22:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="F:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:78,69,68,c3,5c,12,19,10,a9,8e,46,d4,9f,fb,be,79,3a,b7,cc,13,52,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d3,aa,f1,78,2a,ca,61,b6,a5,71,a2,c3,d3,74,03,c4,8c,3e,34,98,a2,..
"p0"="F:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,91,93,4b,27,1e,e4,4f,c5,b1,e3,d3,57,0f,c5,f3,b3,37,..
"khjeh"=hex:09,3a,fa,59,92,f5,5b,a7,73,5d,a9,80,f0,46,3c,53,c1,23,2e,8f,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5f,df,7a,b1,f8,40,67,be,32,c8,66,c2,a4,71,ee,d4,5d,5c,32,29,bb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="F:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:f2,70,49,0f,19,92,75,96,40,f3,b1,69,8a,3e,aa,1f,d4,ba,8d,56,2c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d3,aa,f1,78,2a,ca,61,b6,a5,71,a2,c3,d3,74,03,c4,8c,3e,34,98,a2,..
"p0"="F:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,91,93,4b,27,1e,e4,4f,c5,b1,e3,d3,57,0f,c5,f3,b3,37,..
"khjeh"=hex:09,3a,fa,59,92,f5,5b,a7,73,5d,a9,80,f0,46,3c,53,c1,23,2e,8f,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5f,df,7a,b1,f8,40,67,be,32,c8,66,c2,a4,71,ee,d4,5d,5c,32,29,bb,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions]
"A\1A?J?K?A?"=""

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\\gry\\PES 2008\\PES2008.exe"="E:\\gry\\PES 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"F:\\Program Files\\Tlen.pl\\tlen.exe"="F:\\Program Files\\Tlen.pl\\tlen.exe:*:Enabled:tlen"
"G:\\utorrent.exe"="G:\\utorrent.exe:*:Enabled:utorrent"
"F:\\Program Files\\BearShare\\BearShare.exe"="F:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"F:\\Program Files\\Gadu-Gadu\\gg.exe"="F:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"E:\\gry\\Assasin\\AssassinsCreed_Dx9.exe"="E:\\gry\\Assasin\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"E:\\gry\\Assasin\\AssassinsCreed_Dx10.exe"="E:\\gry\\Assasin\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"E:\\gry\\Assasin\\AssassinsCreed_Launcher.exe"="E:\\gry\\Assasin\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"F:\\Documents and Settings\\User\\Moje dokumenty\\DC ++\\DCPlusPlus.exe"="F:\\Documents and Settings\\User\\Moje dokumenty\\DC ++\\DCPlusPlus.exe:*:Enabled:DC++"
"F:\\Program Files\\Skype\\Phone\\Skype.exe"="F:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sun  6 Apr 2008            88 ..SHR --- "F:\WINDOWS\system32\1EB16A5616.sys"
Sun  6 Apr 2008         2,828 A.SH. --- "F:\WINDOWS\system32\KGyGaAvL.sys"
Wed  4 Aug 2004        98,304 A.SHR --- "F:\WINDOWS\system32\mstmdm.dll"
Sat 24 May 2008           444 ...HR --- "F:\Documents and Settings\User\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]


HiJackThis

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 18:25:18, on 2008-10-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Common Files\Protexis\License Service\PSIService.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\notepad.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
F:\Program Files\Winamp\winampa.exe
F:\Program Files\RocketDock\RocketDock.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\PeerGuardian2\pg2.exe
F:\Program Files\Opera\Opera.exe
F:\Documents and Settings\User\Moje dokumenty\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - F:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - F:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [RocketDock] "F:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] F:\Program Files\PeerGuardian2\pg2.exe
O4 - Startup: Sidebar.lnk = F:\Documents and Settings\User\Moje dokumenty\Clear Sidebar.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: f:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38BD57F4-72B6-4D7E-81DF-0C65D342AE5B}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: UpdateCheck - {201AD713-1833-4D94-AD15-603A43B75653} - F:\WINDOWS\system32\mstmdm.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - F:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe




[Magik]

wklej do notatnika

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

zapisz jako fix.reg i odpal

te 3 pliki sparwdz na virustotal.com

Kod: Zaznacz wszystko

F:\WINDOWS\system32\1EB16A5616.sys"
F:\WINDOWS\system32\KGyGaAvL.sys"
F:\WINDOWS\system32\mstmdm.dll"

i przeskanuj tym pozstale partycje

http://www.programosy.pl/program,flash-desinfector.html

[Z@K]

log po usunieciu Fake pliku

Kod: Zaznacz wszystko

ComboFix 08-10-18.03 - User 2008-10-21 19:24:21.16 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1474 [GMT 2:00]
Uruchomiony z: F:\Documents and Settings\User\Moje dokumenty\ComboFix.exe
Użyto następujących komend :: F:\Documents and Settings\User\Moje dokumenty\CFScript.txt
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]

FILE ::
F:\WINDOWS\system32\mstmdm.dll
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\WINDOWS\system32\mstmdm.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-09-21 do 2008-10-21  )))))))))))))))))))))))))))))))
.

2008-10-21 18:07 . 2008-10-21 18:07   <DIR>   d--------   F:\WINDOWS\system32\NtmsData
2008-10-16 14:45 . 2008-10-21 18:00   1,635   --a------   F:\Documents and Settings\User\nkp2.exe
2008-10-05 15:00 . 2008-10-05 15:00   54,156   --ah-----   F:\WINDOWS\QTFont.qfn
2008-10-05 15:00 . 2008-10-05 15:00   1,409   --a------   F:\WINDOWS\QTFont.for
2008-10-03 14:39 . 2008-10-03 14:39   <DIR>   d--------   F:\Documents and Settings\User\Dane aplikacji\SPORE
2008-09-30 16:55 . 2008-10-16 06:45   6,656   --a------   F:\Documents and Settings\User\planet.exe
2008-09-24 14:29 . 2008-09-24 14:29   <DIR>   d--------   F:\Program Files\Blender Foundation
2008-09-24 14:29 . 2008-09-24 14:29   <DIR>   d--------   F:\Documents and Settings\User\Dane aplikacji\Blender Foundation
2008-09-23 22:07 . 2008-10-04 17:18   <DIR>   d--------   F:\Program Files\Photomatix

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 17:25   ---------   d-----w   F:\Documents and Settings\User\Dane aplikacji\uTorrent
2008-10-21 17:24   ---------   d-----w   F:\Program Files\PeerGuardian2
2008-10-13 20:54   ---------   d-----w   F:\Documents and Settings\User\Dane aplikacji\Skype
2008-10-07 14:14   ---------   d-----w   F:\Documents and Settings\User\Dane aplikacji\foobar2000
2008-10-03 12:17   ---------   d--h--w   F:\Program Files\InstallShield Installation Information
2008-09-18 18:32   ---------   d-----w   F:\Documents and Settings\User\Dane aplikacji\Ubisoft
2008-09-18 18:30   ---------   d-----w   F:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-09-14 09:27   ---------   d-----w   F:\Program Files\RocketDock
2008-08-29 09:02   ---------   d-----w   F:\Program Files\Fotojoker
2008-08-29 09:02   ---------   d-----w   F:\Documents and Settings\All Users\Dane aplikacji\hps
2008-01-13 19:44   22,328   ----a-w   F:\Documents and Settings\User\Dane aplikacji\PnkBstrK.sys
2008-04-06 13:45   88   --sh--r   F:\WINDOWS\system32\1EB16A5616.sys
2008-04-06 13:45   2,828   --sha-w   F:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-03-12 18:48  360448  65c34c093e839505636954ead50fa315   F:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((   snapshot_2008-10-19_20.42.42,25   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-26 19:36:40   6,062,080   ----a-w   F:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-21 16:15:14   6,393,856   ----a-w   F:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-08-26 19:36:40   57,344   ----a-w   F:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-10-21 16:15:14   57,344   ----a-w   F:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="F:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AlcoholAutomount"="F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"PeerGuardian"="F:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-06-29 8466432]
"QuickTime Task"="F:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 286720]
"ISUSPM Startup"="F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]
"ISUSScheduler"="F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"ISUSPM"="F:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"WinampAgent"="F:\Program Files\Winamp\winampa.exe" [2008-03-27 36352]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 F:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-06-29 F:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= F:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= F:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= F:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= F:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= F:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= F:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= F:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= F:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= F:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=F:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Last.fm Helper.lnk
backup=F:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^User^Menu Start^Programy^Autostart^Vista-HDMonitor-Windows.lnk]
path=F:\Documents and Settings\User\Menu Start\Programy\Autostart\Vista-HDMonitor-Windows.lnk
backup=F:\WINDOWS\pss\Vista-HDMonitor-Windows.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-07-09 09:39 2119104 F:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 F:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-29 00:43 81920 F:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
--a------ 2007-08-09 11:09 109568 G:\utorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 F:\WINDOWS\Alcmtr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"E:\\gry\\PES 2008\\PES2008.exe"=
"F:\\Program Files\\Tlen.pl\\tlen.exe"=
"G:\\utorrent.exe"=
"F:\\Program Files\\BearShare\\BearShare.exe"=
"F:\\Program Files\\Gadu-Gadu\\gg.exe"=
"E:\\gry\\Assasin\\AssassinsCreed_Dx9.exe"=
"E:\\gry\\Assasin\\AssassinsCreed_Dx10.exe"=
"E:\\gry\\Assasin\\AssassinsCreed_Launcher.exe"=
"F:\\Documents and Settings\\User\\Moje dokumenty\\DC ++\\DCPlusPlus.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys [ ]
S3 usbscan;Sterownik skanera USB;F:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Sterownik magazynu masowego USB;F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"F:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'

2007-08-28 F:\WINDOWS\Tasks\Norton Security Scan.job
- F:\Program Files\Norton Security Scan\Nss.exe [2007-04-19 22:42]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

SSODL-UpdateCheck-{201AD713-1833-4D94-AD15-603A43B75653} - F:\WINDOWS\system32\mstmdm.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 19:25:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-10-21 19:26:12
ComboFix-quarantined-files.txt  2008-10-21 17:25:54
ComboFix2.txt  2008-10-19 18:43:18
ComboFix3.txt  2008-08-26 21:04:51
ComboFix4.txt  2008-08-26 20:53:03
ComboFix5.txt  2008-10-21 17:23:53

Przed: 5 338 804 224 bajtów wolnych
Po: 5,328,920,576 bajtów wolnych

151

[Magik]

Pamietaj o pzreskanowaniu partycji j/w i pendrive'a jesli posiadasz

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem