Proszę o pomoc. oto log z combofixa:
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sheanheavel\Pulpit\Ivan Komarenko - Ta Jedna Noc
c:\documents and settings\Sheanheavel\Recent\Thumbs.db
c:\windows\AppPatch\Custom{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32_000006_.tmp.dll
c:\windows\system32\crt.dat
c:\windows\system32\cryptnet32.dll
c:\windows\system32\drivers\str.sys
c:\windows\system32\shimg.dll
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-04-19 do 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-18 16:34 . 2011-05-18 16:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-05 18:18 . 2011-05-05 18:18 -------- d-----w- c:\program files\Common Files\Java
2011-04-28 17:45 . 2001-10-26 15:29 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-04-28 17:45 . 2004-08-03 22:44 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 09:38 . 2008-10-27 09:38 95056 ----a-w- c:\program files\DSETUP.dll
2008-10-27 09:37 . 2008-10-27 09:37 1692496 ----a-w- c:\program files\dsetup32.dll
2008-10-27 09:36 . 2008-10-27 09:36 526160 ----a-w- c:\program files\DXSETUP.exe
2004-10-01 14:00 . 2009-02-01 16:25 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-03-10 07:30 . 2009-03-10 07:30 5817072 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-04-30 11:54 . 2011-04-18 20:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\atapi.sys
[7] 2006-03-02 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 18:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-11-07 21633320]
“VeohPlugin”=“c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe” [2010-04-28 2633976]
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe” [2009-07-26 3883856]
“BitTorrent DNA”=“c:\program files\DNA\btdna.exe” [2009-11-07 323392]
“DrvMon.exe”=“c:\windows\system32\DrvMon.exe” [2006-11-01 53248]
“Gadu-Gadu 10”=“e:\programy\Gadu-Gadu 10\gg.exe” [2010-07-21 12477024]
“DAEMON Tools Lite”=“e:\programy\DAEMON Tools Lite\DTLite.exe” [2010-04-01 357696]
“NokiaOviSuite2”=“c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe” [2011-01-31 703360]
“PC Suite Tray”=“c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe” [2010-12-21 1483264]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2006-03-02 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NokiaMServer”=“c:\program files\Common Files\Nokia\MPlatform\NokiaMServer” [X]
“DiskeeperSystray”=“c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe” [2006-02-24 196709]
“ccApp”=“c:\program files\Common Files\Symantec Shared\ccApp.exe” [2007-01-22 52840]
“ipTray.exe”=“c:\program files\Intel\IDU\iptray.exe” [2006-10-16 2205696]
“Remote Console”=“c:\syam\system_monitor\agent\winvnc.exe” [2009-02-01 368640]
“RemoteControl”=“c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 32768]
“InCD”=“c:\program files\Ahead\InCD\InCD.exe” [2005-07-08 1397760]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“TWCU”=“c:\program files\TP-LINK\TWCU\TWCU.exe” [2006-10-17 380928]
“Symantec PIF AlertEng”=“c:\program files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2008-01-29 583048]
“IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.EXE” [2006-03-02 208952]
“MSPY2002”=“c:\windows\system32\IME\PINTLGNT\ImScInst.exe” [2006-03-02 59392]
“PHIME2002ASync”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2006-03-02 455168]
“PHIME2002A”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2006-03-02 455168]
“Monitor”=“c:\windows\PixArt\PAC207\Monitor.exe” [2006-11-03 319488]
“lxdnmon.exe”=“c:\program files\Lexmark 2600 Series\lxdnmon.exe” [2008-03-27 660136]
“lxdnamon”=“c:\program files\Lexmark 2600 Series\lxdnamon.exe” [2008-03-27 16040]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2008-12-12 143360]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-12-12 172032]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2008-12-12 143360]
“IntelAudioStudio”=“c:\program files\Intel Audio Studio\IntelAudioStudio.exe” [2006-08-02 9134080]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-10-29 249064]
.
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2006-03-02 15360]
“Picasa Media Detector”=“c:\program files\Picasa2\PicasaMediaDetector.exe” [2008-02-26 443968]
.
c:\documents and settings\Sheanheavel\Menu Start\Programy\Autostart\
Styler.lnk - c:\documents and settings\Sheanheavel\Dane aplikacji\Microsoft\Installer{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}_585b207a.exe [2009-4-3 15086]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2009-2-1 882176]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\WINDOWS\system32\lxdncoms.exe”=
“c:\Program Files\Lexmark 2600 Series\lxdnamon.exe”=
“c:\Program Files\Lexmark 2600 Series\frun.exe”=
“c:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe”=
“c:\Program Files\Lexmark 2600 Series\lxdnmon.exe”=
“c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe”=
“c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe”=
“c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe”=
“c:\Program Files\Lexmark 2600 Series\lxdnlscn.exe”=
“c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnwbgw.exe”=
“c:\Program Files\DNA\btdna.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\Program Files\Skype\Phone\Skype.exe”=
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“3894:UDP”= 3894:UDP:SyAM-Desktop-Monitor-Agent-3894
“3930:TCP”= 3930:TCP:SyAM-Desktop-Monitor-Web-Server-3930
“5800:TCP”= 5800:TCP:SyAM-Desktop-Monitor-Remote-console-5800
“5900:TCP”= 5900:TCP:SyAM-Desktop-Monitor-Remote-console-5900
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2009-02-01 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2009-02-01 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-12-21 691696]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2009-02-01 21504]
R2 caniodrvr;caniodrvr;c:\syam\system_monitor\agent\drivers\Caniodrvr.sys [2005-08-24 4096]
R2 DMWebSrv;Desktop Monitor Web Server;c:\syam\jetty\DMWebSrv.exe -s c:\syam\jetty\DMWebSrv.conf – c:\syam\jetty\DMWebSrv.exe -s c:\syam\jetty\DMWebSrv.conf [?]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service – c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-06-28 98984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
S2 bdkbkuzjt;bdkbkuzjt;“c:\docume~1\SHEANH~1\USTAWI~1\Temp\DAT239.tmp.exe” --SERVICE – c:\docume~1\SHEANH~1\USTAWI~1\Temp\DAT239.tmp.exe [?]
S2 SMAgent;Desktop Monitor Agent;c:\syam\system_monitor\agent\smaagent.exe DML 0 – c:\syam\system_monitor\agent\smaagent.exe DML 0 [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service – c:\windows\system32\GameMon.des -service [?]
S3 PAC207;USB PC CAMERA P227;c:\windows\system32\drivers\PFC027.SYS [2007-09-28 614912]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu ‘Zaplanowane zadania’
.
2011-01-28 c:\windows\Tasks\1-Click Maintenance.job
- e:\programy\tune up\SystemOptimizer.exe [2006-10-05 14:09]
.
2011-04-22 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Sheanheavel.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-02-05 11:13]
.
2011-05-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 18:17]
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensaver - c:\windows\system32\GPhotos.scr/200
IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {37EE324E-43F3-4828-9048-4B983AD09C74} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Sheanheavel\Dane aplikacji\Mozilla\Firefox\Profiles\x9ar6yux.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 20:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów …
.
skanowanie ukrytych wpisów autostartu …
.
skanowanie ukrytych plików …
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
“ImagePath”=“c:\windows\system32\GameMon.des -service”
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
-
-
-
-
-
-
- ‘explorer.exe’(3184)
-
-
-
-
-
e:\programy\StylerHelper.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
c:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\acs.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Intel\IDU\awServ.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\syam\jetty\DMWebSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Norton AntiVirus\IWP\NPFMntor.exe
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\syam\java\bin\java.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lexmark 2600 Series\lxdnMsdMon.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
e:\programy\Styler.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Symantec\LiveUpdate\AUpdate.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Czas ukończenia: 2011-05-19 20:33:17 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2011-05-19 18:33
.
Przed: 2 312 847 360 bajtów wolnych
Po: 3 416 055 808 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect /TUTag=PKRNI2 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition (TuneUp Backup)” /noexecute=optin /fastdetect /TUTag=PKRNI2-BAK
.
-
- End Of File - - E0CF7720E02561406CF54822B72D2D1D