Mój log


(Kondzio6767) #1

ComboFix 08-08-01.04 - Właściciel 2008-08-02 16:48:27.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.607 [GMT 2:00]

Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))

.

2008-08-01 16:51 . 2008-08-01 16:51

2008-07-29 13:29 . 2008-07-29 13:29

2008-07-23 16:34 . 2008-07-23 16:34

2008-07-23 16:34 . 2008-07-23 16:34

2008-07-21 15:06 . 2008-07-21 15:06

2008-07-21 15:06 . 2008-07-21 15:06

2008-07-21 11:50 . 2008-07-21 11:51 9 --a------ C:\WINDOWS\nfsc_patch.ini

2008-07-19 15:01 . 2008-07-19 15:01

2008-07-18 13:27 . 2008-07-18 13:28

2008-07-17 14:08 . 2008-07-30 20:17

2008-07-09 16:43 . 2008-07-09 17:37

2008-07-09 16:42 . 2008-08-02 10:10

2008-07-07 17:26 . 2008-07-07 17:26

2008-07-06 14:19 . 2008-07-06 14:19

2008-07-06 14:19 . 2008-04-12 19:46 2,751,488 --a------ C:\WINDOWS\Photo! 3D ScreenSaver.scr

2008-07-06 14:13 . 2008-07-06 14:13

2008-07-06 14:06 . 2008-07-06 14:19

2008-07-06 14:05 . 2008-07-06 14:05

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-02 14:45 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Skype

2008-08-02 08:12 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-31 13:14 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-14 11:39 --------- d-----w C:\Program Files\SkanerOnline

2008-07-07 15:26 --------- d-----w C:\Program Files\Tibia

2008-07-01 16:53 32,600 -c--a-w C:\Documents and Settings\Właściciel\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-06-27 11:20 --------- d-----w C:\Program Files\THQ

2008-06-27 10:52 --------- d-----w C:\Program Files\Kingdom Elemental

2008-06-27 10:48 --------- d-----w C:\Program Files\Techland

2008-06-26 12:16 --------- d-----w C:\Program Files\LPM2005NE

2008-06-26 07:55 286,720 ----a-w C:\WINDOWS\iun506.exe

2008-06-13 17:03 --------- d-----w C:\Program Files\TEXTware

2008-06-13 17:03 --------- d-----w C:\Program Files\IDM

2008-06-13 17:02 --------- d-----w C:\Program Files\QuickTime

2008-06-13 17:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\QuickTime

2008-06-13 16:53 --------- d-----w C:\Program Files\Longman

2008-06-13 15:09 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-13 15:08 --------- d-----w C:\Program Files\Modi i Nanna

2008-06-10 10:38 --------- d-----w C:\Program Files\Metin2_PL

2008-06-09 14:24 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Tibia

2008-06-09 13:44 --------- d-----w C:\Program Files\Asprate

2008-06-03 18:17 --------- d-----w C:\Program Files\Google

2008-06-02 14:08 --------- d-----w C:\Program Files\CDex

2008-05-30 14:27 3,126 ----a-w C:\WINDOWS\system32\tempimg.tmp

2008-05-26 16:47 130,048 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe

2006-05-25 22:46 1,635 -c--a-w C:\WINDOWS\inf\COMB9.tmp

2008-01-23 20:41 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3FC7223-752E-495B-9951-CE360FA1180C}]

2007-10-15 15:59 2265088 --a------ C:\Documents and Settings\Właściciel\Dane aplikacji\AD ON Multimedia\Amazon Toolbar\amazon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

\"{BEBD573C-8315-43A8-9EA0-7028D471CC81}\"= \"C:\Documents and Settings\Właściciel\Dane aplikacji\AD ON Multimedia\Amazon Toolbar\amazon.dll\" [2007-10-15 15:59 2265088]

[HKEY_CLASSES_ROOT\clsid\{bebd573c-8315-43a8-9ea0-7028d471cc81}]

[HKEY_CLASSES_ROOT\TBSB05590.TBSB05590.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\TBSB05590.TBSB05590]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

\"{BEBD573C-8315-43A8-9EA0-7028D471CC81}\"= \"C:\Documents and Settings\Właściciel\Dane aplikacji\AD ON Multimedia\Amazon Toolbar\amazon.dll\" [2007-10-15 15:59 2265088]

[HKEY_CLASSES_ROOT\clsid\{bebd573c-8315-43a8-9ea0-7028d471cc81}]

[HKEY_CLASSES_ROOT\TBSB05590.TBSB05590.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\TBSB05590.TBSB05590]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

\"CTFMON.EXE\"=\"C:\WINDOWS\system32\ctfmon.exe\" [2004-08-04 14:00 15360]

\"Skype\"=\"C:\Program Files\Skype\Phone\Skype.exe\" [2006-10-13 18:33 19975208]

\"swg\"=\"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe\" [2008-06-11 14:16 68856]

\"WMPNSCFG\"=\"C:\Program Files\Windows Media Player\WMPNSCFG.exe\" [2006-12-01 11:46 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

\"IgfxTray\"=\"C:\WINDOWS\system32\igfxtray.exe\" [2005-06-08 11:02 94208]

\"HotKeysCmds\"=\"C:\WINDOWS\system32\hkcmd.exe\" [2005-06-08 10:59 77824]

\"Persistence\"=\"C:\WINDOWS\system32\igfxpers.exe\" [2005-06-08 11:03 114688]

\"EasyTuneV\"=\"C:\Program Files\Gigabyte\ET5\GUI.exe\" [2004-06-14 11:54 200704]

\"UMonit\"=\"C:\WINDOWS\system32\umonit.exe\" [2003-08-21 17:47 49152]

\"NeroFilterCheck\"=\"C:\WINDOWS\system32\NeroCheck.exe\" [2001-07-09 11:50 155648]

\"PinnacleDriverCheck\"=\"C:\WINDOWS\system32\PSDrvCheck.exe\" [2004-03-10 16:26 406016]

\"NvCplDaemon\"=\"C:\WINDOWS\system32\NvCpl.dll\" [2005-08-02 16:35 7110656]

\"RemoteControl\"=\"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe\" [2004-11-02 20:24 32768]

\"NvMediaCenter\"=\"C:\WINDOWS\system32\NvMcTray.dll\" [2005-08-02 16:35 86016]

\"NVRTCLK\"=\"C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe\" [2003-12-30 11:44 24576]

\"PathNvidiaTV\"=\"C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe\" [2005-01-27 12:47 20480]

\"OrderReminder\"=\"C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe\" [2005-03-18 13:18 98304]

\"QuickTime Task\"=\"C:\Program Files\QuickTime\qttask.exe\" [2006-11-21 20:32 282624]

\"avast!\"=\"C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe\" [2008-07-19 16:38 78008]

\"Adobe Reader Speed Launcher\"=\"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe\" [2008-06-12 02:38 34672]

\"nwiz\"=\"nwiz.exe\" [2005-08-02 16:35 1519616 C:\WINDOWS\system32\nwiz.exe]

\"RTHDCPL\"=\"RTHDCPL.EXE\" [2005-07-13 10:37 14679552 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

\"CTFMON.EXE\"=\"C:\WINDOWS\system32\CTFMON.EXE\" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Remote Control.lnk - C:\Program Files\KWorld Multimedia\PVR-TV 883 Utilities\C8XRCtl.exe [2005-11-17 12:59:35 57344]

UniSpiker-2.6.lnk - C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2007-09-21 09:05:21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

\"VIDC.MJPG\"= Pvmjpg21.dll

\"VIDC.PIM1\"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTemp

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

\"AntiVirusDisableNotify\"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

\"%windir%\\system32\\sessmgr.exe\"=

\"C:\\eMule\\emule.exe\"=

\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=

\"C:\\Program Files\\Microprose\\Grand Prix 3\\GP3.ICD\"=

\"C:\\games\\RedFaction\\RedFaction.exe\"=

\"C:\\games\\RedFaction\\rf.exe\"=

\"C:\\Program Files\\Skispringen 2006\\skispringen2006.exe\"=

\"C:\\Program Files\\Valve\\hl.exe\"=

\"C:\\Program Files\\Valve\\hlds.exe\"=

\"C:\\Program Files\\Metin2_PL\\metin2.bin\"=

\"C:\\Program Files\\Aspyr Media, Inc\\THAW\\Game\\THAW.exe\"=

\"C:\\Program Files\\Skype\\Phone\\Skype.exe\"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

R2 CX88XBAR;KWorld TV88X Crossbar;C:\WINDOWS\system32\drivers\CX88XBAR.sys [2005-01-18 12:58]

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]

S3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-04-04 03:55]

S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\cdrmkaun.sys []

S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys [2003-08-21 17:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48fe28d2-2ad0-11da-8499-806d6172696f}]

\shell\PlayWithPowerDVD\Command - \"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe\" \"%L\"

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.wp.pl/

O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{6A3FBC63-0A47-4CA5-A2A4-FD76B5CB32B6}: NameServer = 85.255.113.138,85.255.112.171

O17 -: HKLM\CCS\Interface\{90167034-B02F-4ED6-BBD9-E7EF4AD4BD9F}: NameServer = 85.255.113.138,85.255.112.171

O17 -: HKLM\CCS\Interface\{B5D819E4-24CD-4128-9EF5-033BFE577C7D}: NameServer = 85.255.113.138,85.255.112.171

O17 -: HKLM\CCS\Interface\{BD916037-A2D4-4134-BC13-B4E44FB7B301}: NameServer = 85.255.113.138,85.255.112.171

O17 -: HKLM\CCS\Interface\{DDCAC8E6-D40F-4089-87D5-253FE5051F24}: NameServer = 85.255.113.138,85.255.112.171

O17 -: HKLM\CCS\Interface\{F9E649AD-D7CD-4C5C-8845-BF094CF7216F}: NameServer = 85.255.113.138,85.255.112.171

O16 -: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} - hxxp://mks.com.pl/skaner/SkanerOnline.cab

C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf

C:\WINDOWS\system32\SkanerOnlineUninstall.exe

C:\WINDOWS\system32\SkanerOnline.dll

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf

C:\WINDOWS\system32\SkanerOnlineUninstall.exe

C:\WINDOWS\system32\SkanerOnline.dll

O16 -: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf

C:\WINDOWS\system32\SkanerOnlineUninstall.exe

C:\WINDOWS\system32\SkanerOnline.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-02 16:50:38

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

UMonit = C:\WINDOWS\system32\umonit.exe?USB\Vid_05e3&Pid_07108???????6&PI????????B\ROOT_H8??????V????????????????????h??????w?????????????b@?????????????????<$?|?????$?|???w??@????w????????????????????@???????????????t??????????????|X$?|?????$?|Q$?|??????????????@

PathNvidiaTV = C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe??????|E??|N??|??????????????E????????|???????????x????D?|p??|???|?D?|?5?|?C?|????????????????????????X???\<??????????|P???????Q??|????m??|???????????????|???????????|???????????&s?|???|?s?|???[???

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-02 16:52:01

ComboFix-quarantined-files.txt 2008-08-02 14:51:55

ComboFix2.txt 2008-08-02 14:46:57

ComboFix3.txt 2008-08-02 14:27:42

ComboFix4.txt 2008-08-02 14:16:18

ComboFix5.txt 2008-08-02 14:48:07

Pre-Run: 26,227,093,504 bajtĂłw wolnych

Post-Run: 26,211,303,424 bajtĂłw wolnych

184 --- E O F --- 2008-03-06 09:20:34


(huber2t) #2

W logu nic nie widzę

Czy są jakieś problemy?


(JNJN) #3

Przeczytaj tematy przyklejone w tym dziale i popraw posta, opcja edytuj.JNJN


(Leon$) #4

start >> uruchom >> cmd

sc stop cdrmkaun >> Enter

sc delete cdrmkaun >> Enter

Pobierz HijackThis http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654 przeskanuj system daj log

:slight_smile: