moze ktos sprawdzic ten log?
Download: http://www.speedyshare.com/814134140.html
lub
ComboFix 09-03-02.03 - XP 2009-03-03 19:28:37.1 - NTFSx86
Uruchomiony z: c:\documents and settings\XP\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dane aplikacji\Starware349
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\FindIt.bmp
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\FindItHot.bmp
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\findithotxp.png
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\finditxp.png
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\logo.bmp
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\logoxp.bmp
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\Reference.bmp
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\referencehotxp.png
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\referencexp.png
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\Weather.bmp
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\WeatherHot.bmp
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\weatherhotxp.png
c:\documents and settings\All Users\Dane aplikacji\Starware349\buttons\weatherxp.png
c:\documents and settings\All Users\Dane aplikacji\Starware349\contexts\error.xml
c:\documents and settings\All Users\Dane aplikacji\Starware349\contexts\related.xml
c:\documents and settings\All Users\Dane aplikacji\Starware349\contexts\travel.xml
c:\program files\FunWebProducts
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\7.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\7.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\SrchAstt\7.bin\MWSSRCAS.DLL
c:\program files\Starware349
c:\program files\Starware349\Setup.exe
c:\winnt\IE4 Error Log.txt
c:\winnt\install.exe
c:\winnt\system32\alog.txt
c:\winnt\system32\cmds.txt
c:\winnt\system32\conf.dat
c:\winnt\system32\cookie1.dat
c:\winnt\system32\f3PSSavr.scr
c:\winnt\system32\ps1.dat
c:\winnt\system32\rc.dat
c:\winnt\system32\setup.ini
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))
.
2009-02-28 17:07 . 2009-03-01 19:07 189,072 --a------ c:\winnt\system32\PnkBstrB.xtr
2009-02-27 21:15 . 2009-03-03 19:05
2009-02-27 21:15 . 2009-02-27 21:15 56 --ah----- c:\winnt\system32\ezsidmv.dat
2009-02-27 21:14 . 2009-02-27 21:14
2009-02-10 21:40 . 2009-02-10 21:40
2009-02-10 20:58 . 2009-02-10 20:58 10,316 --ah----- c:\winnt\system32\mlfcache.dat
2009-02-10 20:56 . 2009-02-27 21:16
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 18:06 --------- d-----w c:\program files\neostrada tp
2009-03-03 18:06 --------- d-----w c:\documents and settings\XP\Dane aplikacji\Skype
2009-03-03 18:05 --------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-03 18:04 --------- d-----w c:\program files\PC Tools AntiVirus
2009-03-01 18:07 189,072 ----a-w c:\winnt\system32\PnkBstrB.exe
2009-03-01 18:07 138,920 ----a-w c:\winnt\system32\drivers\PnkBstrK.sys
2009-02-28 15:21 75,064 ----a-w c:\winnt\system32\PnkBstrA.exe
2009-02-27 20:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-27 20:14 --------- d-----r c:\program files\Skype
2009-02-24 11:22 --------- d-----w c:\documents and settings\XP\Dane aplikacji\Nowe Gadu-Gadu
2009-01-13 13:33 --------- d-----w c:\program files\Common Files\Adobe
2008-10-17 19:43 22,328 -c–a-w c:\documents and settings\XP\Dane aplikacji\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\winnt\system32\ctfmon.exe” [2004-08-04 15360]
“LogitechSoftwareUpdate”=“c:\program files\Logitech\Video\ManifestEngine.exe” [2005-01-18 196608]
“NBJ”=“c:\program files\Ahead\Nero BackItUp\NBJ.exe” [2006-09-15 2048000]
“MSMSGS”=“c:\progra~1\MESSEN~1\msmsgs.exe” [2004-08-03 1694208]
“Nowe Gadu-Gadu”=“c:\program files\Nowe Gadu-Gadu\gg.exe” [2008-06-27 8798816]
“Odkurzacz-MCD”=“g:\odkurzacz\odk_mcd.exe” [2008-08-16 264704]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2009-01-29 23975720]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-03-02 68856]
“Explorer”=“c:\temp_0\windows nt\services\explarer.exe” [2008-04-15 531968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WOOWATCH”=“c:\progra~1\NEOSTR~1\Watch.exe” [2004-08-23 20480]
“WOOTASKBARICON”=“c:\progra~1\NEOSTR~1\GestMaj.exe” [2004-10-14 32768]
“LVCOMSX”=“c:\winnt\system32\LVCOMSX.EXE” [2004-10-08 221184]
“LogitechVideoRepair”=“c:\program files\Logitech\Video\ISStart.exe” [2005-01-18 458752]
“LogitechVideoTray”=“c:\program files\Logitech\Video\LogiTray.exe” [2005-01-18 217088]
“NeroFilterCheck”=“c:\winnt\system32\NeroCheck.exe” [2006-01-12 155648]
“PCTAVApp”=“c:\program files\PC Tools AntiVirus\PCTAV.exe” [2008-04-10 1238928]
“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2007-03-28 593920]
“SunJavaUpdateSched”=“c:\program files\Java\j2re1.4.2_15\bin\jusched.exe” [2007-05-22 32881]
“SoundMan”=“SOUNDMAN.EXE” [2005-02-23 c:\winnt\SOUNDMAN.EXE]
“AdslTaskBar”=“stmctrl.dll” [2006-06-02 c:\winnt\system32\stmctrl.dll]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\winnt\system32\CTFMON.EXE” [2004-08-04 15360]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nlsf”=“move” [X]
“tscuninstall”=“c:\winnt\system32\tscupgrd.exe” [2004-08-04 44544]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BlueSoleil.lnk - f:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-09-06 1044480]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UpdatesDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\BitTorrent\btdownloadgui.exe”=
“c:\WINNT\system32\dpvsetup.exe”=
“d:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe”=
“e:\Documents and Settings\XP\Moje dokumenty\metin2.bin”=
“f:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=
“d:\Metin2_PL\metin2.bin”=
“c:\Program Files\Nowe Gadu-Gadu\gg.exe”=
“e:\Program Files\World of Warcraft\BackgroundDownloader.exe”=
“c:\WINNT\system32\PnkBstrA.exe”=
“c:\WINNT\system32\PnkBstrB.exe”=
“e:\Program Files\Activision\iw3mp.exe”=
“d:\Program Files\IQ Publishing\Dance Party Dance X-Treme\Program\DancePartyXT.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8461:TCP”= 8461:TCP:GoD High Port
“8462:TCP”= 8462:TCP:GoD Low Port
“3724:TCP”= 3724:TCP:Blizzard Downloader: 3724
R3 XDva092;XDva092; [x]
R3 XDva147;XDva147; [x]
R3 XDva157;XDva157; [x]
R3 XDva182;XDva182; [x]
R3 XDva186;XDva186; [x]
R3 XDva197;XDva197; [x]
R3 XDva204;XDva204; [x]
S3 Stmatm;ATM/ADSL miniport;c:\winnt\system32\DRIVERS\stmatm.sys [2003-08-12 60255]
S3 TaurusUsb;ADSL Modem USB Service;c:\winnt\system32\DRIVERS\torususb.sys [2006-05-25 684265]
— Inne Usługi/Sterowniki w Pamięci —
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - atapi
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - AudioSrv
*Deregistered* - AVFilter
*Deregistered* - AVHook
*Deregistered* - AVRec
*Deregistered* - Beep
*Deregistered* - BlueSoleil Hid Service
*Deregistered* - Browser
*Deregistered* - BTHidEnum
*Deregistered* - BTHidMgr
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - FTRTSVC
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LVUSBSta
*Deregistered* - mnmdd
*Deregistered* - Modem
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - PCTAVSvc
*Deregistered* - PnkBstrA
*Deregistered* - PnkBstrB
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfdrv01
*Deregistered* - sfhlp02
*Deregistered* - sfsync02
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - Stmatm
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VComm
*Deregistered* - VcommMgr
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{84b00760-cbff-11dc-9e23-eb0871f39f40}]
\Shell\Auto\command - I:\fun.xls.exe
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Zawartość folderu ‘Zaplanowane zadania’
2009-02-25 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\7.bin\M3PLUGIN.DLL
Notify-WgaLogon - (no file)
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\XP\Menu Start\Programy\IMVU\Run IMVU.lnk
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {FBA99895-152F-4C46-AAD2-65C061E27F50} = 194.204.159.1 217.98.63.164
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://axis-784fce.axiscam.net/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\XP\Dane aplikacji\Mozilla\Firefox\Profiles\h7vem51v.default\
FF - component: c:\documents and settings\XP\Dane aplikacji\Mozilla\Firefox\Profiles\h7vem51v.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJPI142_15.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSWF32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin5.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 19:29:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-329068152-1292428093-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘winlogon.exe’(540)
-
-
-
-
-
c:\winnt\system32\Ati2evxx.dll
-
-
-
-
-
-
- > ‘lsass.exe’(596)
-
-
-
-
-
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Czas ukończenia: 2009-03-03 19:30:45
ComboFix-quarantined-files.txt 2009-03-03 18:30:38
Przed: 1 716 879 360 bajtów wolnych
Po: 1,737,797,632 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
337 — E O F — 2008-09-04 20:03:00