Wirusy ? - zmiana stylu logowania

[kajtekjr]

Witam Wykonałem skan profilaktycznie bo zmienił mi się samoczynnie styl logowania do Windows i patrze a ComboFix coś zaczyna usuwać... Wrzucam logi ze względu na to że jeszcze coś może siedzieć

Dodatkowo nie mogę uruchomić managera urządzeń..

Kod: Zaznacz wszystko

ComboFix 08-12-07.04 - Admin 2008-12-09 12:26:09.3 - NTFSx86

Uruchomiony z: c:\documents and settings\Admin\Pulpit\Usuwanie wirusów\ComboFix\ComboFix.exe

[color=RED][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE


(((((((((((((((((((((((((   Pliki utworzone od 2008-11-09 do 2008-12-09  )))))))))))))))))))))))))))))))
.

2008-12-09 12:22 . 2008-11-13 16:20   203,540   --a------   c:\windows\system32\nvapps.nvb
2008-12-09 11:32 . 2008-12-09 11:35   <DIR>   d--------   c:\program files\ewido anti-spyware 4.0
2008-12-09 10:46 . 2005-11-09 00:26   38,400   --a------   c:\windows\system32\moveex.exe
2008-12-09 10:32 . 2008-11-12 14:54   453,152   --a------   c:\windows\system32\nvudisp.exe
2008-12-09 10:32 . 2008-12-09 10:36   203,188   --a------   c:\windows\system32\nvapps.xml
2008-12-09 10:32 . 2008-11-12 14:54   18,537   --a------   c:\windows\system32\nvdisp.nvu
2008-12-09 10:31 . 2008-12-09 10:31   <DIR>   d--------   c:\windows\Sun
2008-12-09 10:31 . 2008-12-09 10:31   <DIR>   d--------   c:\program files\SystemRequirementsLab
2008-12-09 10:31 . 2008-12-09 10:31   <DIR>   d--------   c:\documents and settings\Admin\SystemRequirementsLab
2008-12-09 10:31 . 2008-12-09 10:32   664   --a------   c:\windows\system32\d3d9caps.dat
2008-12-09 10:31 . 2008-12-09 10:31   552   --a------   c:\windows\system32\d3d8caps.dat
2008-12-09 10:29 . 2008-11-12 13:45   453,152   --a------   c:\windows\system32\NVUNINST.EXE
2008-12-08 12:57 . 2008-12-08 12:57   <DIR>   d--------   c:\program files\vso
2008-12-08 12:57 . 2008-12-08 13:29   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Vso
2008-12-08 12:57 . 2006-09-29 11:24   217,127   --a------   c:\windows\system32\drv43260.dll
2008-12-08 12:57 . 2006-09-29 11:25   208,935   --a------   c:\windows\system32\drv33260.dll
2008-12-08 12:57 . 2006-09-29 11:26   176,165   --a------   c:\windows\system32\drv23260.dll
2008-12-08 12:57 . 2008-12-08 12:57   47,360   --a------   c:\windows\system32\drivers\pcouffin.sys
2008-12-08 12:57 . 2008-12-08 12:57   47,360   --a------   c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys
2008-12-08 12:35 . 2008-12-08 12:35   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Media Player Classic
2008-12-08 11:27 . 2008-12-08 11:27   <DIR>   d--------   c:\program files\MSBuild
2008-12-08 11:25 . 2008-12-08 11:25   <DIR>   d--------   c:\windows\system32\XPSViewer
2008-12-08 11:25 . 2008-12-08 11:25   <DIR>   d--------   c:\program files\Reference Assemblies
2008-12-08 11:25 . 2006-06-29 13:07   14,048   ---------   c:\windows\system32\spmsg2.dll
2008-12-08 11:21 . 2008-05-30 14:11   3,850,760   --a------   c:\windows\system32\D3DX9_38.dll
2008-12-08 11:21 . 2008-05-30 14:11   1,491,992   --a------   c:\windows\system32\D3DCompiler_38.dll
2008-12-08 11:21 . 2008-05-30 14:19   507,400   --a------   c:\windows\system32\XAudio2_1.dll
2008-12-08 11:21 . 2008-03-05 16:03   479,752   --a------   c:\windows\system32\XAudio2_0.dll
2008-12-08 11:21 . 2008-05-30 14:11   467,984   --a------   c:\windows\system32\d3dx10_38.dll
2008-12-08 11:21 . 2008-05-30 14:18   238,088   --a------   c:\windows\system32\xactengine3_1.dll
2008-12-08 11:21 . 2008-03-05 16:03   238,088   --a------   c:\windows\system32\xactengine3_0.dll
2008-12-08 11:21 . 2008-12-08 11:21   107,888   --a------   c:\windows\system32\CmdLineExt.dll
2008-12-08 11:21 . 2008-05-30 14:17   65,032   --a------   c:\windows\system32\XAPOFX1_0.dll
2008-12-08 11:21 . 2008-05-30 14:17   25,608   --a------   c:\windows\system32\X3DAudio1_4.dll
2008-12-08 11:21 . 2008-03-05 16:00   25,608   --a------   c:\windows\system32\X3DAudio1_3.dll
2008-12-08 11:19 . 2008-12-08 11:19   <DIR>   d--------   c:\windows\system32\xlive
2008-12-08 11:19 . 2008-12-08 11:33   <DIR>   d--------   c:\program files\Microsoft Games for Windows - LIVE
2008-12-07 20:28 . 2008-12-07 20:29   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-12-07 10:52 . 2008-12-07 10:52   <DIR>   d--------   c:\program files\RivaTuner v2.20
2008-12-06 22:46 . 2008-12-06 22:46   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\.BitTornado
2008-12-06 15:38 . 2007-05-16 16:45   3,497,832   --a------   c:\windows\system32\d3dx9_34.dll
2008-12-06 15:37 . 2008-12-06 15:37   278,728   --a------   c:\windows\system32\drivers\atksgt.sys
2008-12-06 15:37 . 2008-12-06 15:37   25,416   --a------   c:\windows\system32\drivers\lirsgt.sys
2008-12-06 15:27 . 2008-12-06 15:27   <DIR>   d--------   c:\program files\Alcohol Soft
2008-12-06 12:46 . 2008-04-14 00:15   26,368   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2008-12-06 10:30 . 2008-12-06 10:31   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Pro
2008-12-06 10:29 . 2008-12-06 10:31   <DIR>   d--------   c:\program files\DAEMON Tools Pro
2008-12-06 10:29 . 2008-12-06 10:29   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2008-12-06 10:20 . 2008-12-06 15:25   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-12-05 21:24 . 2008-12-06 16:56   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu
2008-12-05 19:44 . 2008-12-05 19:44   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Thunderbird
2008-12-05 18:43 . 2008-12-05 18:43   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\ProtectDisc
2008-12-05 18:42 . 2008-12-05 18:42   <DIR>   d--------   c:\program files\ProtectDisc Driver Installer
2008-12-05 18:42 . 2008-12-05 18:42   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Synetic
2008-12-05 18:42 . 2008-03-05 15:56   3,786,760   --a------   c:\windows\system32\D3DX9_37.dll
2008-12-05 17:11 . 2008-12-09 10:16   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\uTorrent
2008-12-05 17:10 . 2008-12-05 17:10   <DIR>   d--------   c:\program files\Nowe Gadu-Gadu
2008-12-05 17:10 . 2008-06-14 18:36   273,024   ---------   c:\windows\system32\drivers\bthport.sys
2008-12-05 17:10 . 2008-06-14 18:36   273,024   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-12-05 17:09 . 2008-08-14 14:26   2,190,464   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 17:09 . 2008-08-14 14:26   2,146,816   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 17:09 . 2008-08-14 14:26   2,067,328   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 17:09 . 2008-08-14 14:26   2,025,472   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 17:08 . 2008-10-24 12:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 17:05 . 2008-12-07 14:25   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-12-05 17:05 . 2006-09-16 01:05   23,856   --a------   c:\windows\system32\spupdsvc.exe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 21:42   ---------   d-----w   c:\program files\Mozilla Thunderbird
2008-12-08 10:23   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-07 19:11   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-07 11:39   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-05 15:58   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-05 15:57   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-12-05 15:57   ---------   d-----w   c:\program files\AGEIA Technologies
2008-12-05 15:52   82,380   ----a-w   c:\windows\system32\drivers\AFS2K.SYS
2008-12-05 15:52   ---------   d-----w   c:\program files\Hewlett-Packard
2008-12-05 15:52   ---------   d-----w   c:\program files\Common Files\Hewlett-Packard
2008-12-05 15:52   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Folder przesyłania Share-to-Web
2008-12-05 15:43   ---------   d-----w   c:\program files\CyberLink
2008-12-05 15:43   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-12-05 15:35   ---------   d-----w   c:\program files\UltraISO
2008-12-05 15:35   ---------   d-----w   c:\program files\Common Files\EZB Systems
2008-12-05 15:33   ---------   d-----w   c:\program files\Common Files\Adobe Systems Shared
2008-12-05 15:33   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2008-12-05 15:25   ---------   d-----w   c:\program files\Winamp
2008-12-05 15:25   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Winamp
2008-12-05 15:24   ---------   d-----w   c:\program files\HyperSnap 6
2008-12-05 15:23   ---------   d-----w   c:\program files\Real Alternative
2008-12-05 15:23   ---------   d-----w   c:\program files\Media Player Classic
2008-12-05 15:22   ---------   d-----w   c:\program files\Opera
2008-12-05 15:22   ---------   d-----w   c:\program files\K-Lite Codec Pack
2008-12-05 15:21   ---------   d-----w   c:\program files\The Bat!
2008-12-05 15:19   409,600   ----a-w   c:\windows\system32\wrap_oal.dll
2008-12-05 15:19   114,688   ----a-w   c:\windows\system32\OpenAL32.dll
2008-12-05 15:19   ---------   d-----w   c:\program files\Creative
2008-12-05 15:16   ---------   d-----w   c:\program files\Java
2008-12-05 15:12   ---------   d-----w   c:\program files\Malicious Software Removal Tool
2008-12-05 15:12   ---------   d-----w   c:\program files\Common Files\Java
2008-12-05 15:11   ---------   d-----w   c:\program files\PowerMenu
2008-12-05 15:11   ---------   d-----w   c:\program files\Microsoft Bootvis
2008-12-05 15:11   ---------   d-----w   c:\program files\HighMAT CD Writing Wizard
2008-12-05 15:11   ---------   d-----w   c:\program files\Dir2File
2008-12-05 15:10   ---------   d-----w   c:\program files\Microsoft CopyProfile
2008-12-05 15:05   ---------   d-----w   c:\program files\AutoPatcher
2008-12-05 15:01   ---------   d-----w   c:\program files\Intel
2008-12-05 14:56   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-05 14:55   ---------   d-----w   c:\program files\Usługi online
2008-10-28 16:41   14,303,392   ----a-w   c:\windows\system32\xlive.dll
2008-10-28 16:41   13,643,936   ----a-w   c:\windows\system32\xlivefnt.dll
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-13 08:56   70,936   ----a-w   c:\windows\system32\PhysXLoader.dll
2008-09-15 15:27   1,846,656   ----a-w   c:\windows\system32\win32k.sys
2008-09-10 01:15   1,307,648   ----a-w   c:\windows\system32\msxml6.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-11-23 203208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 132760]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"!ewido"="c:\program files\ewido anti-spyware 4.0\ewido.exe" [2008-12-09 6283264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Admin\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Tlen.pl\\tlen.exe"=
"d:\\uTorrent\\uTorrent.exe"=
"d:\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"d:\\Rockstar\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Rockstar\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Rockstar\\Rockstar Games Social Club\\RGSCLauncher.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c428142-c2e4-11dd-853f-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59e505ff-c378-11dd-8047-002185124066}]
\Shell\AutoRun\command - H:\Autorun.exe
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\sbbzah5u.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
FF -: plugin - c:\program files\Opera\program\plugins\nppl3260.dll
FF -: plugin - c:\program files\Opera\program\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 12:28:36
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\ewido anti-spyware 4.0\guard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-09 12:29:33 - komputer został uruchomiony ponownie [Admin]
ComboFix-quarantined-files.txt  2008-12-09 11:29:31

Przed: 22,838,738,944 bajtów wolnych
Po: 22,830,837,760 bajtów wolnych

216   --- E O F ---   2008-12-07 13:25:10

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:36, on 2008-12-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Pulpit\Usuwanie wirusów\HijackThis 1.99.1\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-484763869-630328440-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-630328440-682003330-1003\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (User '?')
O4 - HKUS\S-1-5-21-484763869-630328440-682003330-1003\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-484763869-630328440-682003330-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Admin\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 6018 bytes

[Magik]

bry

HJT czysty

do notatnika

Kod: Zaznacz wszystko

FILE::
c:\windows\system32\moveex.exe

plik -> zapisz jako ----> CFScript.txt i przeciągasz i upuszcasz CFScript.txt na Combofix.exe


do notatnika

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c428142-c2e4-11dd-853f-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59e505ff-c378-11dd-8047-002185124066}]

zapisz jako fix.reg i odpal

Autor postu otrzymał pochwałę

[kajtekjr]

Zrobione

Kod: Zaznacz wszystko

ComboFix 08-12-07.04 - Admin 2008-12-09 15:03:00.4 - NTFSx86

Uruchomiony z: c:\documents and settings\Admin\Pulpit\Usuwanie wirusów\ComboFix\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\Usuwanie wirusów\ComboFix\CFScript.txt

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]

FILE ::
c:\windows\system32\moveex.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\moveex.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-09 do 2008-12-09  )))))))))))))))))))))))))))))))
.

2008-12-09 12:36 . 2008-12-09 12:36   <DIR>   d--------   c:\program files\Driver Cleaner
2008-12-09 12:22 . 2008-11-13 16:20   203,540   --a------   c:\windows\system32\nvapps.nvb
2008-12-09 11:32 . 2008-12-09 12:29   <DIR>   d--------   c:\program files\ewido anti-spyware 4.0
2008-12-09 10:32 . 2008-11-12 14:54   453,152   --a------   c:\windows\system32\nvudisp.exe
2008-12-09 10:32 . 2008-12-09 10:36   203,188   --a------   c:\windows\system32\nvapps.xml
2008-12-09 10:32 . 2008-11-12 14:54   18,537   --a------   c:\windows\system32\nvdisp.nvu
2008-12-09 10:31 . 2008-12-09 10:31   <DIR>   d--------   c:\windows\Sun
2008-12-09 10:31 . 2008-12-09 10:31   <DIR>   d--------   c:\program files\SystemRequirementsLab
2008-12-09 10:31 . 2008-12-09 10:31   <DIR>   d--------   c:\documents and settings\Admin\SystemRequirementsLab
2008-12-09 10:31 . 2008-12-09 10:32   664   --a------   c:\windows\system32\d3d9caps.dat
2008-12-09 10:31 . 2008-12-09 10:31   552   --a------   c:\windows\system32\d3d8caps.dat
2008-12-09 10:29 . 2008-11-12 13:45   453,152   --a------   c:\windows\system32\NVUNINST.EXE
2008-12-08 12:57 . 2008-12-08 12:57   <DIR>   d--------   c:\program files\vso
2008-12-08 12:57 . 2008-12-08 13:29   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Vso
2008-12-08 12:57 . 2006-09-29 11:24   217,127   --a------   c:\windows\system32\drv43260.dll
2008-12-08 12:57 . 2006-09-29 11:25   208,935   --a------   c:\windows\system32\drv33260.dll
2008-12-08 12:57 . 2006-09-29 11:26   176,165   --a------   c:\windows\system32\drv23260.dll
2008-12-08 12:57 . 2008-12-08 12:57   47,360   --a------   c:\windows\system32\drivers\pcouffin.sys
2008-12-08 12:57 . 2008-12-08 12:57   47,360   --a------   c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys
2008-12-08 12:35 . 2008-12-08 12:35   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Media Player Classic
2008-12-08 11:27 . 2008-12-08 11:27   <DIR>   d--------   c:\program files\MSBuild
2008-12-08 11:25 . 2008-12-08 11:25   <DIR>   d--------   c:\windows\system32\XPSViewer
2008-12-08 11:25 . 2008-12-08 11:25   <DIR>   d--------   c:\program files\Reference Assemblies
2008-12-08 11:25 . 2006-06-29 13:07   14,048   ---------   c:\windows\system32\spmsg2.dll
2008-12-08 11:21 . 2008-05-30 14:11   3,850,760   --a------   c:\windows\system32\D3DX9_38.dll
2008-12-08 11:21 . 2008-05-30 14:11   1,491,992   --a------   c:\windows\system32\D3DCompiler_38.dll
2008-12-08 11:21 . 2008-05-30 14:19   507,400   --a------   c:\windows\system32\XAudio2_1.dll
2008-12-08 11:21 . 2008-03-05 16:03   479,752   --a------   c:\windows\system32\XAudio2_0.dll
2008-12-08 11:21 . 2008-05-30 14:11   467,984   --a------   c:\windows\system32\d3dx10_38.dll
2008-12-08 11:21 . 2008-05-30 14:18   238,088   --a------   c:\windows\system32\xactengine3_1.dll
2008-12-08 11:21 . 2008-03-05 16:03   238,088   --a------   c:\windows\system32\xactengine3_0.dll
2008-12-08 11:21 . 2008-12-08 11:21   107,888   --a------   c:\windows\system32\CmdLineExt.dll
2008-12-08 11:21 . 2008-05-30 14:17   65,032   --a------   c:\windows\system32\XAPOFX1_0.dll
2008-12-08 11:21 . 2008-05-30 14:17   25,608   --a------   c:\windows\system32\X3DAudio1_4.dll
2008-12-08 11:21 . 2008-03-05 16:00   25,608   --a------   c:\windows\system32\X3DAudio1_3.dll
2008-12-08 11:19 . 2008-12-08 11:19   <DIR>   d--------   c:\windows\system32\xlive
2008-12-08 11:19 . 2008-12-08 11:33   <DIR>   d--------   c:\program files\Microsoft Games for Windows - LIVE
2008-12-07 20:28 . 2008-12-07 20:29   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-12-07 10:52 . 2008-12-07 10:52   <DIR>   d--------   c:\program files\RivaTuner v2.20
2008-12-06 22:46 . 2008-12-06 22:46   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\.BitTornado
2008-12-06 15:38 . 2007-05-16 16:45   3,497,832   --a------   c:\windows\system32\d3dx9_34.dll
2008-12-06 15:37 . 2008-12-06 15:37   278,728   --a------   c:\windows\system32\drivers\atksgt.sys
2008-12-06 15:37 . 2008-12-06 15:37   25,416   --a------   c:\windows\system32\drivers\lirsgt.sys
2008-12-06 15:27 . 2008-12-06 15:27   <DIR>   d--------   c:\program files\Alcohol Soft
2008-12-06 12:46 . 2008-04-14 00:15   26,368   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2008-12-06 10:30 . 2008-12-06 10:31   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Pro
2008-12-06 10:29 . 2008-12-06 10:31   <DIR>   d--------   c:\program files\DAEMON Tools Pro
2008-12-06 10:29 . 2008-12-06 10:29   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2008-12-06 10:20 . 2008-12-06 15:25   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-12-05 21:24 . 2008-12-06 16:56   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu
2008-12-05 19:44 . 2008-12-05 19:44   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Thunderbird
2008-12-05 18:43 . 2008-12-05 18:43   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\ProtectDisc
2008-12-05 18:42 . 2008-12-05 18:42   <DIR>   d--------   c:\program files\ProtectDisc Driver Installer
2008-12-05 18:42 . 2008-12-05 18:42   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Synetic
2008-12-05 18:42 . 2008-03-05 15:56   3,786,760   --a------   c:\windows\system32\D3DX9_37.dll
2008-12-05 17:11 . 2008-12-09 10:16   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\uTorrent
2008-12-05 17:10 . 2008-12-05 17:10   <DIR>   d--------   c:\program files\Nowe Gadu-Gadu
2008-12-05 17:10 . 2008-06-14 18:36   273,024   ---------   c:\windows\system32\drivers\bthport.sys
2008-12-05 17:10 . 2008-06-14 18:36   273,024   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-12-05 17:09 . 2008-08-14 14:26   2,190,464   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 17:09 . 2008-08-14 14:26   2,146,816   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 17:09 . 2008-08-14 14:26   2,067,328   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 17:09 . 2008-08-14 14:26   2,025,472   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 17:08 . 2008-10-24 12:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 17:05 . 2008-12-07 14:25   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-12-05 17:05 . 2006-09-16 01:05   23,856   --a------   c:\windows\system32\spupdsvc.exe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 21:42   ---------   d-----w   c:\program files\Mozilla Thunderbird
2008-12-08 10:23   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-07 19:11   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-07 11:39   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-05 15:58   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-05 15:57   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-12-05 15:57   ---------   d-----w   c:\program files\AGEIA Technologies
2008-12-05 15:52   82,380   ----a-w   c:\windows\system32\drivers\AFS2K.SYS
2008-12-05 15:52   ---------   d-----w   c:\program files\Hewlett-Packard
2008-12-05 15:52   ---------   d-----w   c:\program files\Common Files\Hewlett-Packard
2008-12-05 15:52   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Folder przesyłania Share-to-Web
2008-12-05 15:43   ---------   d-----w   c:\program files\CyberLink
2008-12-05 15:43   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-12-05 15:35   ---------   d-----w   c:\program files\UltraISO
2008-12-05 15:35   ---------   d-----w   c:\program files\Common Files\EZB Systems
2008-12-05 15:33   ---------   d-----w   c:\program files\Common Files\Adobe Systems Shared
2008-12-05 15:33   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2008-12-05 15:25   ---------   d-----w   c:\program files\Winamp
2008-12-05 15:25   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Winamp
2008-12-05 15:24   ---------   d-----w   c:\program files\HyperSnap 6
2008-12-05 15:23   ---------   d-----w   c:\program files\Real Alternative
2008-12-05 15:23   ---------   d-----w   c:\program files\Media Player Classic
2008-12-05 15:22   ---------   d-----w   c:\program files\Opera
2008-12-05 15:22   ---------   d-----w   c:\program files\K-Lite Codec Pack
2008-12-05 15:21   ---------   d-----w   c:\program files\The Bat!
2008-12-05 15:19   409,600   ----a-w   c:\windows\system32\wrap_oal.dll
2008-12-05 15:19   114,688   ----a-w   c:\windows\system32\OpenAL32.dll
2008-12-05 15:19   ---------   d-----w   c:\program files\Creative
2008-12-05 15:16   ---------   d-----w   c:\program files\Java
2008-12-05 15:12   ---------   d-----w   c:\program files\Malicious Software Removal Tool
2008-12-05 15:12   ---------   d-----w   c:\program files\Common Files\Java
2008-12-05 15:11   ---------   d-----w   c:\program files\PowerMenu
2008-12-05 15:11   ---------   d-----w   c:\program files\Microsoft Bootvis
2008-12-05 15:11   ---------   d-----w   c:\program files\HighMAT CD Writing Wizard
2008-12-05 15:11   ---------   d-----w   c:\program files\Dir2File
2008-12-05 15:10   ---------   d-----w   c:\program files\Microsoft CopyProfile
2008-12-05 15:05   ---------   d-----w   c:\program files\AutoPatcher
2008-12-05 15:01   ---------   d-----w   c:\program files\Intel
2008-12-05 14:56   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-05 14:55   ---------   d-----w   c:\program files\Usługi online
2008-10-28 16:41   14,303,392   ----a-w   c:\windows\system32\xlive.dll
2008-10-28 16:41   13,643,936   ----a-w   c:\windows\system32\xlivefnt.dll
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-13 08:56   70,936   ----a-w   c:\windows\system32\PhysXLoader.dll
2008-09-15 15:27   1,846,656   ----a-w   c:\windows\system32\win32k.sys
2008-09-10 01:15   1,307,648   ----a-w   c:\windows\system32\msxml6.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-12-09_12.29.17.73   )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-07-14 22:00:00   101,888   ----a-w   c:\windows\system32\VB6STKIT.DLL
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-11-23 203208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 132760]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"!ewido"="c:\program files\ewido anti-spyware 4.0\ewido.exe" [2008-12-09 6283264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Admin\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Tlen.pl\\tlen.exe"=
"d:\\uTorrent\\uTorrent.exe"=
"d:\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"d:\\Rockstar\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Rockstar\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Rockstar\\Rockstar Games Social Club\\RGSCLauncher.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c428142-c2e4-11dd-853f-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\sbbzah5u.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
FF -: plugin - c:\program files\Opera\program\plugins\nppl3260.dll
FF -: plugin - c:\program files\Opera\program\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 15:03:41
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-09 15:04:05
ComboFix-quarantined-files.txt  2008-12-09 14:03:53
ComboFix2.txt  2008-12-09 11:29:34

Przed: 22 879 035 392 bajtów wolnych
Po: 22,869,704,704 bajtów wolnych

207   --- E O F ---   2008-12-07 13:25:10


Przy starcie systemu mam takie cos:



Na moje oko to coś ze sterownikiem karty graficznej Odinstalowałbym i zainstalował jeszcze raz ale manager urządzeń nie działa nadal..

[djarta]

Wg mnie - log jest czysty.

Wykonaj to co jest podane w tym temacie (jeśli wykonałeś/łaś to wcześniej to nie rób tego).

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer ATF-Cleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.


================
K.

Autor postu otrzymał pochwałę

[kajtekjr]

Wykonaj to co jest podane w tym temacie (jeśli wykonałeś/łaś to wcześniej to nie rób tego).

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer ATF-Cleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Wykonane

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

Nie do wykonania.. ..Jak Kasper skanuje kompa wywala BS'a o numerze 0x000000DE po jakiś 3 h skanowania, a gdy włączę i kliknę skan w FixIEDef wywala mi taki błąd:



A manager urządzeń jak nie działał tak nie działa..

[Okocza]

a gdy włączę i kliknę skan w FixIEDef wywala mi taki błąd:

spróbuj w awaryjnym

Autor postu otrzymał pochwałę

[kajtekjr]

Zapomniałem dodać ze w awaryjnym to samo..

Dodano 13.12.2008 14:23:53:
Witam! Możecie looknąć w ten log? Znow mi wywaliło sterownik od grafiki.. A Combo po skanie coś kasował...

Kod: Zaznacz wszystko

ComboFix 08-12-12.05 - Admin 2008-12-13 14:21:00.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2047.1599 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Dane aplikacji\inst.exe
c:\windows\system32\BASSMOD.dll
c:\windows\system32\ff_vfw.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-13 do 2008-12-13  )))))))))))))))))))))))))))))))
.

2008-12-13 13:48 . 2008-12-13 13:48   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\eMule
2008-12-13 13:38 . 2008-12-13 13:38   <DIR>   d--------   c:\program files\ReflexiveArcade
2008-12-13 13:30 . 2008-12-13 13:30   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-13 13:22 . 2008-12-13 13:22   <DIR>   d--------   c:\program files\bfgclient
2008-12-13 13:21 . 2008-12-13 13:22   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\BigFishGamesCache
2008-12-13 13:19 . 2008-12-13 13:19   664   --a------   c:\windows\system32\d3d9caps.dat
2008-12-13 11:53 . 2008-12-13 11:53   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\PlayFirst
2008-12-13 11:53 . 2008-12-13 11:53   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\PlayFirst
2008-12-13 11:13 . 2008-12-13 11:13   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\FarmFrenzy2
2008-12-12 20:48 . 2008-12-12 20:48   <DIR>   d--------   C:\Pro.Evolution.Soccer.2009-RELOADED
2008-12-12 17:45 . 2008-12-13 13:21   <DIR>   d--------   c:\program files\Zylom Games
2008-12-12 17:45 . 2008-12-12 17:45   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\My Games
2008-12-12 14:47 . 2008-12-12 14:47   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Zylom
2008-12-12 14:47 . 2008-12-13 12:16   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Zylom
2008-12-12 14:43 . 2008-12-12 14:43   <DIR>   d--------   c:\windows\Sun
2008-12-12 11:36 . 2008-12-12 11:36   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-12 11:36 . 2008-12-12 11:36   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-12 11:33 . 2008-04-14 00:15   26,368   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2008-12-12 11:11 . 2008-12-12 11:11   <DIR>   d---s----   c:\documents and settings\Admin\UserData
2008-12-12 11:09 . 2008-12-12 11:12   <DIR>   d--------   C:\UniScan
2008-12-12 11:09 . 2008-04-14 00:15   15,104   --a------   c:\windows\system32\drivers\usbscan.sys
2008-12-12 11:09 . 2008-04-14 00:15   15,104   --a--c---   c:\windows\system32\dllcache\usbscan.sys
2008-12-11 20:56 . 2008-12-13 13:18   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\uTorrent
2008-12-11 20:20 . 2008-12-11 20:20   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Nero
2008-12-11 20:09 . 2008-12-11 20:09   <DIR>   d--------   c:\program files\Nero
2008-12-11 20:09 . 2008-12-11 20:18   <DIR>   d--------   c:\program files\Common Files\Nero
2008-12-11 20:09 . 2008-12-11 20:09   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Nero
2008-12-11 19:51 . 2008-12-11 20:00   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu
2008-12-11 19:50 . 2008-12-11 19:51   <DIR>   d--------   c:\program files\Nowe Gadu-Gadu
2008-12-11 19:28 . 2008-12-11 19:28   <DIR>   dr-h-----   c:\documents and settings\Admin\Dane aplikacji\SecuROM
2008-12-11 19:27 . 2008-12-11 19:27   669,184   --a------   c:\windows\system32\pbsvc.exe
2008-12-11 19:27 . 2008-12-11 19:27   103,736   --a------   c:\windows\system32\PnkBstrB.exe
2008-12-11 19:27 . 2008-12-11 19:27   66,872   --a------   c:\windows\system32\PnkBstrA.exe
2008-12-11 19:27 . 2008-12-11 19:27   22,328   --a------   c:\windows\system32\drivers\PnkBstrK.sys
2008-12-11 19:27 . 2008-12-11 19:27   22,328   --a------   c:\documents and settings\Admin\Dane aplikacji\PnkBstrK.sys
2008-12-11 18:55 . 2008-12-11 18:55   <DIR>   d--------   c:\program files\MSBuild
2008-12-11 18:55 . 2008-12-11 18:55   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Talkback
2008-12-11 18:54 . 2008-12-11 18:54   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Thunderbird
2008-12-11 18:53 . 2008-12-11 18:53   <DIR>   d--------   c:\windows\system32\XPSViewer
2008-12-11 18:53 . 2008-12-11 18:53   <DIR>   d--------   c:\program files\Reference Assemblies
2008-12-11 18:53 . 2006-06-29 13:07   14,048   ---------   c:\windows\system32\spmsg2.dll
2008-12-11 18:50 . 2008-12-11 18:50   <DIR>   d--------   c:\windows\system32\xlive
2008-12-11 18:50 . 2008-12-11 19:27   <DIR>   d--------   c:\windows\system32\LogFiles
2008-12-11 18:50 . 2008-12-11 18:50   <DIR>   d--------   c:\windows\system32\drivers\umdf
2008-12-11 18:50 . 2008-12-11 18:50   <DIR>   d--------   c:\windows\Logs
2008-12-11 18:50 . 2008-12-11 19:01   <DIR>   d--------   c:\program files\Microsoft Games for Windows - LIVE
2008-12-11 18:50 . 2008-03-05 15:56   3,786,760   --a------   c:\windows\system32\D3DX9_37.dll
2008-12-11 18:50 . 2008-03-05 15:56   1,420,824   --a------   c:\windows\system32\D3DCompiler_37.dll
2008-12-11 18:50 . 2008-02-05 23:07   462,864   --a------   c:\windows\system32\d3dx10_37.dll
2008-12-11 18:50 . 2007-04-04 18:53   81,768   --a------   c:\windows\system32\xinput1_3.dll
2008-12-11 18:17 . 2008-06-14 18:36   273,024   ---------   c:\windows\system32\drivers\bthport.sys
2008-12-11 18:17 . 2008-06-14 18:36   273,024   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-12-11 18:16 . 2008-08-14 14:26   2,190,464   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-11 18:16 . 2008-08-14 14:26   2,146,816   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-11 18:16 . 2008-08-14 14:26   2,067,328   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-11 18:16 . 2008-08-14 14:26   2,025,472   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-11 18:16 . 2008-10-24 12:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-12-11 18:16 . 2006-10-08 21:51   23,856   --a------   c:\windows\system32\spupdsvc.exe
2008-12-11 18:15 . 2008-12-11 18:58   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-12-11 18:06 . 2008-12-11 18:06   427   --a------   c:\windows\ODBC.INI
2008-12-11 18:05 . 2008-12-11 18:05   <DIR>   d--------   c:\windows\ShellNew
2008-12-11 18:01 . 2008-12-11 18:01   <DIR>   d--------   c:\program files\CyberLink
2008-12-11 18:01 . 2008-12-11 18:01   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-12-11 17:56 . 2008-12-11 17:56   <DIR>   d--------   c:\program files\Common Files\Hewlett-Packard
2008-12-11 17:56 . 2008-12-11 17:56   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Folder przesyłania Share-to-Web
2008-12-11 17:56 . 2008-12-11 17:56   82,380   --a------   c:\windows\system32\drivers\AFS2K.SYS
2008-12-11 17:53 . 2008-12-11 17:56   <DIR>   d--------   c:\program files\Hewlett-Packard
2008-12-11 17:53 . 1998-10-07 12:54   327,168   --a------   c:\windows\IsUn0415.exe
2008-12-11 17:53 . 2008-12-11 17:53   150,314   --a------   c:\windows\hpdj3500.hi1
2008-12-11 17:53 . 2008-12-11 17:53   8,980   --a------   c:\windows\hpdj3500.bu1
2008-12-11 17:52 . 2008-12-11 17:54   158,318   --a------   c:\windows\hpdj3500.his
2008-12-11 17:52 . 2008-12-11 17:54   9,879   --a------   c:\windows\hpdj3500.ini
2008-12-11 17:49 . 2008-12-11 17:49   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Pro
2008-12-11 17:48 . 2008-12-11 17:48   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2008-12-11 17:47 . 2008-12-11 17:50   <DIR>   d--------   c:\program files\DAEMON Tools Pro
2008-12-11 17:43 . 2008-12-11 17:43   <DIR>   d--------   c:\program files\Common Files\Adobe Systems Shared
2008-12-11 17:43 . 2008-12-11 17:43   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2008-12-11 17:35 . 2008-12-11 17:36   <DIR>   d--------   c:\program files\Java
2008-12-11 17:35 . 2008-12-11 17:35   <DIR>   d--------   c:\program files\Common Files\Java
2008-12-11 17:35 . 2008-12-11 17:35   69,632   --a------   c:\windows\system32\javacpl.cpl
2008-12-11 17:24 . 2008-11-13 16:20   203,540   --a------   c:\windows\system32\nvapps.nvb
2008-12-11 17:12 . 2008-12-11 17:12   <DIR>   d--------   c:\windows\tmp
2008-12-11 17:04 . 2008-12-11 17:04   4,444   --a------   c:\windows\system32\pid.PNF
2008-12-11 17:03 . 2008-04-14 22:35   58,880   --a------   c:\windows\system32\drivers\redbook.sys
2008-12-11 17:03 . 2008-04-14 01:17   25,856   --a------   c:\windows\system32\drivers\usbprint.sys
2008-12-11 17:03 . 2001-08-17 22:59   3,072   --a------   c:\windows\system32\drivers\audstub.sys
2008-12-11 17:02 . 2008-04-14 22:50   77,312   --a------   c:\windows\system32\usbui.dll
2008-12-11 17:02 . 2008-04-14 22:50   77,312   --a--c---   c:\windows\system32\dllcache\usbui.dll
2008-12-11 17:01 . 2008-12-11 17:01   <DIR>   dr-h-----   c:\documents and settings\Default User\Ustawienia lokalne
2008-12-11 17:01 . 2008-12-11 17:01   <DIR>   d--------   c:\documents and settings\Default User\Ulubione
2008-12-11 17:01 . 2008-12-11 16:06   <DIR>   d--h-----   c:\documents and settings\Default User\Szablony
2008-12-11 17:01 . 2008-12-11 17:01   <DIR>   d--------   c:\documents and settings\Default User\Pulpit
2008-12-11 17:01 . 2008-12-11 17:01   <DIR>   d--------   c:\documents and settings\Default User\Moje dokumenty
2008-12-11 17:01 . 2008-12-11 17:01   <DIR>   dr-------   c:\documents and settings\Default User\Menu Start
2008-12-11 17:01 . 2008-12-11 17:01   <DIR>   dr-h-----   c:\documents and settings\Default User\Dane aplikacji
2008-12-11 17:01 . 2008-12-11 17:01   <DIR>   d--------   c:\documents and settings\All Users\Ulubione
2008-12-11 17:01 . 2008-12-11 17:01   <DIR>   d--h-----   c:\documents and settings\All Users\Szablony
2008-12-11 17:01 . 2008-12-13 13:25   <DIR>   d--------   c:\documents and settings\All Users\Pulpit
2008-12-11 17:01 . 2008-12-12 20:43   <DIR>   dr-------   c:\documents and settings\All Users\Menu Start
2008-12-11 17:01 . 2008-12-11 18:59   <DIR>   dr-------   c:\documents and settings\All Users\Dokumenty
2008-12-11 17:01 . 2008-12-13 13:30   <DIR>   dr-h-----   c:\documents and settings\All Users\Dane aplikacji
2008-12-11 17:00 . 2008-12-11 16:30   <DIR>   d--h-----   c:\documents and settings\Default User
2008-12-11 17:00 . 2008-12-11 17:48   <DIR>   d--------   c:\documents and settings\All Users
2008-12-11 17:00 . 2008-12-11 16:12   <DIR>   d--------   C:\Documents and Settings
2008-12-11 17:00 . 2008-12-11 17:46   685,816   --a------   c:\windows\system32\drivers\sptd.sys
2008-12-11 17:00 . 2008-12-11 16:11   261   --a------   c:\windows\system32\$winnt$.inf

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 22:56   ---------   d-----w   c:\program files\Mozilla Thunderbird
2008-12-12 18:01   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-12 13:34   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Winamp
2008-12-11 17:51   107,888   ----a-w   c:\windows\system32\CmdLineExt.dll
2008-12-11 17:00   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-11 16:44   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-11 16:29   ---------   d-----w   c:\program files\Real Alternative
2008-12-11 16:29   ---------   d-----w   c:\program files\K-Lite Codec Pack
2008-12-11 16:28   ---------   d-----w   c:\program files\Creative
2008-12-11 16:27   409,600   ----a-w   c:\windows\system32\wrap_oal.dll
2008-12-11 16:27   114,688   ----a-w   c:\windows\system32\OpenAL32.dll
2008-12-11 16:26   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Vso
2008-12-11 15:51   361,344   ----a-w   c:\windows\system32\drivers\tcpip.sys
2008-12-11 15:51   ---------   d-----w   c:\program files\UltraISO
2008-12-11 15:51   ---------   d-----w   c:\program files\Common Files\EZB Systems
2008-12-11 15:50   ---------   d-----w   c:\program files\xp-AntiSpy
2008-12-11 15:50   ---------   d-----w   c:\program files\Winamp
2008-12-11 15:49   ---------   d-----w   c:\program files\HyperSnap 6
2008-12-11 15:47   47,360   ----a-w   c:\windows\system32\drivers\pcouffin.sys
2008-12-11 15:47   47,360   ----a-w   c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys
2008-12-11 15:47   ---------   d-----w   c:\program files\vso
2008-12-11 15:47   ---------   d-----w   c:\program files\Media Player Classic
2008-12-11 15:46   ---------   d-----w   c:\program files\Opera
2008-12-11 15:45   ---------   d-----w   c:\program files\The Bat!
2008-12-11 15:41   ---------   d-----w   c:\program files\Malicious Software Removal Tool
2008-12-11 15:40   ---------   d-----w   c:\program files\PowerMenu
2008-12-11 15:40   ---------   d-----w   c:\program files\Microsoft Bootvis
2008-12-11 15:40   ---------   d-----w   c:\program files\HighMAT CD Writing Wizard
2008-12-11 15:40   ---------   d-----w   c:\program files\Dir2File
2008-12-11 15:39   ---------   d-----w   c:\program files\Microsoft CopyProfile
2008-12-11 15:34   ---------   d-----w   c:\program files\AutoPatcher
2008-12-11 15:25   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-11 15:24   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-12-11 15:24   ---------   d-----w   c:\program files\AGEIA Technologies
2008-12-11 15:18   ---------   d-----w   c:\program files\Intel
2008-12-11 15:09   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-11 15:08   ---------   d-----w   c:\program files\Usługi online
2008-11-12 12:45   453,152   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-10-28 16:41   14,303,392   ----a-w   c:\windows\system32\xlive.dll
2008-10-28 16:41   13,643,936   ----a-w   c:\windows\system32\xlivefnt.dll
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:42   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 01:02   668,672   ----a-w   c:\windows\system32\wininet.dll
2008-10-13 08:56   70,936   ----a-w   c:\windows\system32\PhysXLoader.dll
2008-10-03 10:04   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-09-15 15:27   1,846,656   ----a-w   c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"RGSC"="d:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-12-11 77824]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Admin\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Tlen.pl\\tlen.exe"=
"d:\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\uTorrent\\uTorrent.exe"=
"d:\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\DOKUMENTY\\Madzia\\e\\eMule\\emule.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ff6457-c79a-11dd-9615-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\hr3zxlcf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava11.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava12.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava13.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava14.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJava32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPJPI142_16.dll
FF - plugin: c:\program files\Opera\program\plugins\NPOJI610.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 14:21:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-13 14:22:18
ComboFix-quarantined-files.txt  2008-12-13 13:22:06

Przed: 14 696 783 872 bajtów wolnych
Po: 14,947,676,160 bajtów wolnych

270   --- E O F ---   2008-12-11 17:58:18


[wojtas]

nic nie widać złego..

Autor postu otrzymał pochwałę