Witam. Przeskanowalem kompa Combofixem i znalzl kilka smieci. Bardzo prosze o sprawdzenie czy nic juz nie zostalo. A przy okazji co to za wirusy ktore on usunal i co one powoduje chodzi mi o ich opis. Thx
ComboFix 09-01-21.04 - Żarko 2009-01-29 7:03:43.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1023.684 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Żarko\Pulpit\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\ssprs.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Pliki utworzone od 2008-12-28 do 2009-01-29 )))))))))))))))))))))))))))))))
.
2009-01-22 16:34 . 2009-01-22 16:34
2009-01-03 08:33 . 2009-01-03 08:33 287 --a------ c:\windows\game.ini
2009-01-03 08:25 . 2009-01-03 08:25
2009-01-03 08:23 . 2009-01-03 08:23
2008-12-29 23:01 . 2008-12-31 16:44
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 06:07 901,152 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-29 06:07 18,762,272 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-29 06:05 87,572 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-29 06:05 255,416 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-29 05:56 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-01-28 18:14 --------- d-----w c:\program files\SpeedFan
2009-01-22 15:35 --------- d–h--w c:\program files\InstallShield Installation Information
2009-01-18 07:21 --------- d-----w c:\program files\Malwarebytes’ Anti-Malware
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-01 10:31 --------- d-----w c:\program files\Valve
2008-12-28 16:26 --------- d-----w c:\program files\BitComet
2008-12-28 09:00 23,648 ----a-w c:\documents and settings\Żarko\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-12-27 15:27 --------- d-----w c:\program files\SPSS Evaluation
2008-12-22 11:18 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2008-12-22 11:18 --------- d-----w c:\documents and settings\Żarko\Dane aplikacji\Malwarebytes
2008-12-15 18:32 --------- d-----w c:\program files\sXe Injected
2008-12-13 12:12 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-13 12:12 --------- d-----w c:\documents and settings\Żarko\Dane aplikacji\skypePM
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-01 17:54 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-11-01 17:54 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-02-21 18:04 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2008-09-27 16:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008092720080928\index.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe” [2006-03-01 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-12-05 8523776]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-12-05 81920]
“DiskeeperSystray”=“c:\program files\Executive Software\Diskeeper\DkIcon.exe” [2005-07-26 184408]
“HPWT myPrintMileage Agent”=“c:\program files\Hewlett-Packard\HP Business Inkjet 1000\Toolbox\mpm.exe” [2005-01-26 102400]
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 155648]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2008-02-08 227856]
“nwiz”=“nwiz.exe” [2007-12-05 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 610365]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
–a------ 2008-11-01 18:54 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Valve\hl.exe”=
“c:\Program Files\BearShare\BearShare.exe”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\WINDOWS\system32\dpvsetup.exe”=
“c:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Polish\setup.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“25230:TCP”= 25230:TCP:BitComet 25230 TCP
“25230:UDP”= 25230:UDP:BitComet 25230 UDP
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
R3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2007-12-28 17616]
R3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2007-12-28 69680]
.
Zawartość folderu ‘Zaplanowane zadania’
2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Skan uzupełniający -------
.
IE: c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Żarko\Dane aplikacji\Mozilla\Firefox\Profiles\xyor4mdl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 07:07:19
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- ‘winlogon.exe’(956)
-
-
-
-
-
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
-
-
-
-
-
-
- ‘lsass.exe’(1012)
-
-
-
-
-
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-29 7:09:29 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-01-29 06:09:25
Przed: 10 629 865 472 bajtów wolnych
Po: 10,560,147,456 bajtów wolnych
159 — E O F — 2009-01-15 05:34:33