- Kod: Zaznacz wszystko
ComboFix 09-02-04.01 - aversion 2009-02-06 22:18:47.1 - NTFSx86
Uruchomiony z: e:\programy\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\pthreadGC2.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-06 do 2009-02-06 )))))))))))))))))))))))))))))))
.
2009-02-06 21:53 . 2009-02-06 21:53 <DIR> d-------- c:\documents and settings\aversion\Dane aplikacji\skypePM
2009-02-06 21:53 . 2009-02-06 21:53 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-06 21:52 . 2009-02-06 21:52 <DIR> dr------- c:\program files\Skype
2009-02-06 21:52 . 2009-02-06 21:52 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-06 21:52 . 2009-02-06 22:04 <DIR> d-------- c:\documents and settings\aversion\Dane aplikacji\Skype
2009-02-06 21:52 . 2009-02-06 21:52 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-06 12:29 . 2009-02-06 21:15 1,734 --a------ c:\windows\system32\TRJ_NTAUTO.TMP
2009-02-04 21:56 . 2009-02-06 21:26 <DIR> d-------- c:\program files\Trojan Remover
2009-02-01 22:41 . 2009-02-01 22:41 <DIR> d-------- c:\program files\Common Files\NSV
2009-02-01 20:01 . 2009-02-01 20:01 <DIR> d-------- c:\documents and settings\aversion\.jpi_cache
2009-02-01 20:00 . 2009-02-01 20:00 <DIR> d-------- c:\documents and settings\aversion\.java
2009-02-01 15:42 . 2009-02-01 15:42 <DIR> d-------- c:\program files\Hamachi
2009-02-01 15:42 . 2009-02-01 19:51 <DIR> d-------- c:\documents and settings\aversion\Dane aplikacji\Hamachi
2009-02-01 15:42 . 2009-02-01 15:42 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2009-02-01 15:32 . 2009-02-01 15:32 <DIR> d-------- c:\documents and settings\aversion\Dane aplikacji\Leadertech
2009-02-01 15:19 . 2009-02-01 15:19 <DIR> d-------- c:\program files\EA Sports
2009-01-28 12:27 . 2009-01-28 12:27 <DIR> d-------- c:\program files\NAPI-PROJEKT
2009-01-28 00:52 . 2009-02-01 15:40 69 --a------ c:\windows\NeroDigital.ini
2009-01-28 00:23 . 2009-01-28 00:23 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-28 00:23 . 2009-01-28 00:23 <DIR> d-------- c:\program files\Ahead
2009-01-28 00:23 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-01-28 00:23 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-01-28 00:23 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-01-28 00:23 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-01-28 00:23 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-01-28 00:23 . 2006-01-12 15:40 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-28 00:23 . 2005-09-01 11:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2009-01-28 00:23 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-01-28 00:23 . 2005-09-01 11:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2009-01-27 19:21 . 2009-01-27 19:21 <DIR> d-------- c:\documents and settings\aversion\Dane aplikacji\Gadu-Gadu
2009-01-26 14:15 . 2009-01-26 14:15 <DIR> d-------- c:\program files\xp-AntiSpy
2009-01-26 13:58 . 2009-02-03 22:31 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-01-26 13:58 . 2009-02-03 22:31 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-01-26 13:57 . 2009-01-26 13:57 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-26 13:57 . 2009-01-26 13:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-01-26 13:57 . 2009-02-06 21:15 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-01-26 13:57 . 2009-02-06 22:19 2,781,216 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-26 13:57 . 2009-02-06 22:17 376,864 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-26 13:57 . 2009-02-06 22:19 24,904 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-26 13:57 . 2009-02-06 22:17 4,464 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-26 04:33 . 2009-01-26 04:35 <DIR> d-------- c:\program files\Real Alternative
2009-01-26 04:33 . 2003-03-19 04:14 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-01-26 04:33 . 2004-01-11 23:00 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-01-26 04:25 . 2009-01-26 04:25 <DIR> d-------- c:\program files\ffdshow
2009-01-26 04:25 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-01-26 04:25 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-01-26 04:24 . 2009-01-26 04:25 <DIR> d-------- c:\program files\SubEdit-Player
2009-01-26 03:38 . 2009-01-26 03:38 <DIR> d-------- c:\documents and settings\aversion\Dane aplikacji\fltk.org
2009-01-26 00:12 . 2009-02-06 22:13 <DIR> d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-25 21:53 . 2009-01-25 21:55 139,264 --a------ c:\windows\War3Unin.exe
2009-01-25 21:53 . 2009-01-26 00:29 88,214 --a------ c:\windows\War3Unin.dat
2009-01-25 21:53 . 2009-01-25 21:55 2,829 --a------ c:\windows\War3Unin.pif
2009-01-25 21:44 . 2009-01-25 21:46 <DIR> d-------- c:\program files\DAEMON Tools Pro
2009-01-25 21:44 . 2009-01-25 21:49 <DIR> d-------- c:\documents and settings\aversion\Dane aplikacji\DAEMON Tools Pro
2009-01-25 21:44 . 2009-01-25 21:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-01-25 21:26 . 2009-01-25 21:26 0 --a------ c:\windows\nsreg.dat
2009-01-25 21:06 . 2009-01-25 21:06 <DIR> d-------- c:\documents and settings\aversion\Dane aplikacji\DAEMON Tools
2009-01-25 21:06 . 2009-01-25 21:06 717,296 --a------ c:\windows\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 20:15 --------- d-----w c:\program files\AutoConnect
2009-02-06 15:45 --------- d-----w c:\documents and settings\aversion\Dane aplikacji\uTorrent
2009-01-26 12:55 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-26 12:53 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec
2009-01-25 20:13 --------- d-----w c:\documents and settings\aversion\Dane aplikacji\Winamp
2009-01-25 20:00 --------- d-----w c:\program files\Winamp
2009-01-25 19:59 --------- d-----w c:\program files\uTorrent
2009-01-25 19:54 --------- d-----w c:\program files\Teamspeak2_RC2
2009-01-25 19:48 --------- d-----w c:\documents and settings\aversion\Dane aplikacji\teamspeak2
2009-01-25 19:24 --------- d-----w c:\program files\Gadu-Gadu
2009-01-25 19:22 --------- d-----w c:\program files\neostrada tp
2009-01-25 19:20 33 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-01-25 19:19 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-25 19:19 --------- d-----w c:\program files\SAGEM
2009-01-25 19:19 --------- d-----w c:\program files\Java
2009-01-25 19:19 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-25 19:13 --------- d-----w c:\documents and settings\aversion\Dane aplikacji\Symantec
2009-01-25 19:06 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-25 19:06 --------- d-----w c:\program files\AGEIA Technologies
2009-01-25 19:04 --------- d-----w c:\program files\Vtune
2009-01-25 19:02 --------- d-----w c:\program files\Realtek
2009-01-25 19:01 315,392 ----a-w c:\windows\HideWin.exe
2009-01-25 18:59 --------- d-----w c:\program files\Intel
2009-01-25 18:43 --------- d-----w c:\program files\microsoft frontpage
2009-01-25 18:42 --------- d-----w c:\program files\Usługi online
2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-03 310784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-11 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-11 86016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2008-10-09 13:53 200136 c:\program files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 11:04 2127296 c:\program files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2009-02-04 12:27 23975720 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2004-11-28 17:48 281232 c:\program files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Gry\\Valve\\Steam\\SteamApps\\fx222\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"e:\\Gry\\Valve\\Steam\\SteamApps\\fx222\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-01-25 116992]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-01-25 64000]
S3 FXDrv32;FXDrv32;\??\j:\fxdrv32.sys --> j:\FXDrv32.sys [?]
S3 SysCom1;SysCom1;c:\documents and settings\aversion\Pulpit\Ghost_Killer(2)\Ghost Killer\SoRa.sys [2009-01-28 24576]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://wp.pl/
IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
TCP: {80EB66C4-82D4-4699-8BC4-5A508BEBE82F} = 194.204.159.1 217.98.63.164
FF - ProfilePath - c:\documents and settings\aversion\Dane aplikacji\Mozilla\Firefox\Profiles\1b7l969k.default\
FF - prefs.js: browser.startup.homepage - wp.pl
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 22:20:19
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-02-06 22:22:10
ComboFix-quarantined-files.txt 2009-02-06 21:21:00
Przed: 245 226 389 504 bajtów wolnych
Po: 246,352,969,728 bajtów wolnych
180
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:55, on 2009-02-06
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\programy\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{80EB66C4-82D4-4699-8BC4-5A508BEBE82F}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2914 bytes
z góry dzięki za pomoc
) 
