Problem z wirusem SALITY ..Prosze o Pomoc

allien10 · 17 Marzec 2009 21:01

Witam.

Chciałbym poprosić o pomoc w pokonaniu SALITY, nie mam pojecia co z tym zrobic z robiłem scan Antivirusem i ComboFix’em oto logi:

log z ComboFix’a:

ComboFix 09-03-15.01 - KRUPCZAK 2009-03-17 21:30:09.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.3582.3039 [GMT 1:00]

Uruchomiony z: c:\documents and settings\KRUPCZAK\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\odbcasvc.exe

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ODBCASVC

((((((((((((((((((((((((( Pliki utworzone od 2009-02-17 do 2009-03-17 )))))))))))))))))))))))))))))))

.

2009-03-17 19:21 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\43295700.sys

2009-03-17 14:49 . 2009-03-17 14:49 124,688 --a------ c:\windows\system32\mswinsck.ocx

2009-03-17 14:49 . 2009-03-17 14:49 111,104 --a------ c:\windows\system32\uha.exe

2009-03-17 11:31 . 2008-07-08 14:54 148,496 --a------ c:\windows\system32\drivers\60804452.sys

2009-03-16 21:50 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\fa71513.dll

2009-03-16 21:50 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\d7473b.dll

2009-03-16 20:17 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\2422279a.dll

2009-03-16 20:17 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\208e1a46.dll

2009-03-16 07:48 . 2009-03-16 07:48

2009-03-16 07:32 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\baf99d2.dll

2009-03-16 07:32 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\2b34f4c.dll

2009-03-16 07:07 . 2009-03-17 11:01 111,435 -r-hs---- C:\luk1ylq.com

2009-03-14 17:43 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\6dfc465.dll

2009-03-14 17:43 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\2cb7d06.dll

2009-03-14 17:40 . 2009-03-17 20:20

2009-03-14 17:40 . 2009-03-16 07:18

2009-03-14 17:23 . 2009-03-17 20:20

2009-03-14 09:41 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\220c93dd.dll

2009-03-14 09:41 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\107d62c4.dll

2009-03-13 18:05 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\d089b7c.dll

2009-03-13 18:05 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\1b7e4ea2.dll

2009-03-13 10:32 . 2009-03-13 10:32 108,968 -r-hs---- C:\xdw.com

2009-03-10 18:26 . 2009-03-12 12:28 107,190 -r-hs---- C:\cb.exe

2009-03-10 15:52 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\1b1ac0e9.dll

2009-03-10 15:52 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\14d0276.dll

2009-03-10 15:51 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\4b8dd41.dll

2009-03-10 15:51 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\1275344b.dll

2009-03-10 14:30 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\c4ca10f.dll

2009-03-10 14:30 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\6ddff0.dll

2009-03-09 11:49 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\275735f0.dll

2009-03-09 11:49 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\14899d48.dll

2009-03-09 09:21 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\5b37110.dll

2009-03-09 09:21 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\172bb200.dll

2009-03-08 18:53 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\704cb52.dll

2009-03-08 18:53 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\17db3861.dll

2009-03-08 15:03 . 2009-03-17 13:27

2009-03-07 17:30 . 2009-03-09 09:05 108,664 -r-hs---- C:\i.com

2009-03-07 14:14 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\99df354.dll

2009-03-07 14:14 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\4e3b008.dll

2009-03-07 11:45 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\355bc9c0.dll

2009-03-07 11:45 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\19338058.dll

2009-03-06 19:21 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\b3426fb.dll

2009-03-06 19:21 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\23aca830.dll

2009-03-06 17:57 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\48babbd.dll

2009-03-06 17:57 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\102cc1c3.dll

2009-03-06 12:04 . 2009-03-06 12:04

2009-03-05 10:38 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\ba84c8.dll

2009-03-05 10:38 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\3c42d92.dll

2009-03-03 15:28 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\466a5f0.dll

2009-03-03 15:28 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\18378816.dll

2009-03-03 14:44 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\d82b317.dll

2009-03-03 14:44 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\2fc911a8.dll

2009-03-03 14:42 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\1ac329a4.dll

2009-03-03 14:42 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\13265f7.dll

2009-03-03 14:36 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\79810d2.dll

2009-03-03 14:36 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\3d7cd5c.dll

2009-03-03 14:32 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\7f54d7.dll

2009-03-03 14:32 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\28a55494.dll

2009-03-02 16:52 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\de078d8.dll

2009-03-02 16:52 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\11e547bc.dll

2009-03-02 16:28 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\aec56e4.dll

2009-03-02 16:28 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\212923a4.dll

2009-03-02 16:26 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\5ac8cb.dll

2009-03-02 16:26 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\26bd5e6.dll

2009-03-02 16:14 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\72f1250.dll

2009-03-02 16:14 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\2d7a20b.dll

2009-03-02 14:21 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\3a63384.dll

2009-03-02 14:21 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\1c6d8b9a.dll

2009-03-02 08:17 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\3985401.dll

2009-03-02 08:17 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\2e0bcc4.dll

2009-03-01 21:03 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\edb38dd.dll

2009-03-01 21:03 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\19bccf5a.dll

2009-03-01 18:31 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\90b479a.dll

2009-03-01 18:31 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\10132482.dll

2009-02-28 14:41 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\b7c0c24.dll

2009-02-28 14:41 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\3891b38.dll

2009-02-28 09:31 . 2009-02-28 09:31 108,843 -r-hs---- C:\gi2ky.exe

2009-02-27 12:04 . 2009-03-17 20:20

2009-02-27 12:04 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX

2009-02-27 12:04 . 2005-10-15 12:32 196,608 --a------ c:\windows\system32\pdfcmnnt.dll

2009-02-27 12:04 . 1998-06-24 00:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX

2009-02-27 12:04 . 1998-07-06 00:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL

2009-02-27 11:57 . 2009-02-27 11:57

2009-02-27 00:00 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\30e8d886.dll

2009-02-27 00:00 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\1813cf78.dll

2009-02-26 15:09 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\85b2af0.dll

2009-02-26 15:09 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\2b6f3892.dll

2009-02-26 08:23 . 2009-02-26 08:37 103,663 -r-hs---- C:\wx8o0bt1.com

2009-02-25 20:54 . 2007-04-24 11:33 100,488 -ra------ c:\windows\system32\drivers\s125mgmt.sys

2009-02-25 20:54 . 2007-04-24 11:33 98,696 -ra------ c:\windows\system32\drivers\s125obex.sys

2009-02-25 20:53 . 2007-04-24 11:33 108,680 -ra------ c:\windows\system32\drivers\s125mdm.sys

2009-02-25 20:53 . 2007-04-24 11:33 83,336 -ra------ c:\windows\system32\drivers\s125bus.sys

2009-02-25 20:53 . 2007-04-24 11:33 15,112 -ra------ c:\windows\system32\drivers\s125mdfl.sys

2009-02-25 20:53 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125whnt.sys

2009-02-25 20:53 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125wh.sys

2009-02-25 20:53 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125cmnt.sys

2009-02-25 20:53 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125cm.sys

2009-02-23 20:21 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\19ea3cce.dll

2009-02-23 20:21 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\182c3fe0.dll

2009-02-23 09:25 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\b098a07.dll

2009-02-23 09:25 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\2388461a.dll

2009-02-23 09:00 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\e179d6e.dll

2009-02-23 09:00 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\209b2ca0.dll

2009-02-23 08:57 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\2bd75a0d.dll

2009-02-23 08:57 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\22c34408.dll

2009-02-21 17:09 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\176235a8.dll

2009-02-21 17:09 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\14bdcb0e.dll

2009-02-21 16:29 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\a43e540.dll

2009-02-21 16:29 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\867a8ce.dll

2009-02-20 17:59 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\fee9e7e.dll

2009-02-20 17:59 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\236df9d8.dll

2009-02-20 15:34 . 2009-02-20 11:29 106,970 -r-hs---- C:\w2.com

2009-02-20 12:31 . 2008-04-15 13:00 70,144 --a------ c:\windows\AhnRpta.exe

2009-02-19 19:40 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\5c6845.dll

2009-02-19 19:40 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\12a5d686.dll

2009-02-18 21:13 . 2009-03-17 20:20

2009-02-18 21:13 . 2009-02-18 21:13

2009-02-18 20:24 . 2009-03-17 20:20

2009-02-18 20:24 . 2009-02-18 21:14

2009-02-18 18:21 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\f1a7324.dll

2009-02-18 18:21 . 2008-04-15 13:00 82,432 —h---t- c:\windows\system32\34cbac9d.dll

2009-02-17 11:23 . 2009-02-17 11:23 107,564 -r-hs---- C:\hyetn1i.exe

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-17 20:32 42,858,528 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-03-17 20:31 505,172 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-03-17 19:20 --------- d-----w c:\program files\RegCure

2009-03-17 19:20 --------- d-----w c:\program files\Common Files\Teleca Shared

2009-03-17 19:20 --------- d-----w c:\program files\Common Files\LightScribe

2009-03-17 18:05 --------- d-----w c:\documents and settings\KRUPCZAK\Dane aplikacji\teamspeak2

2009-03-17 12:36 --------- d–h--w c:\program files\InstallShield Installation Information

2009-02-23 21:45 --------- d-----w c:\documents and settings\KRUPCZAK\Dane aplikacji\uTorrent

2009-02-18 18:24 --------- d-----w c:\program files\NAPI-PROJEKT

2009-02-17 10:23 107,564 --sh–r C:\qphdin.com

2009-02-14 15:10 107,898 --sh–r C:\ur0.com

2009-02-14 10:24 --------- d-----w c:\program files\Rockstar Games

2009-02-13 14:27 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-12 13:15 --------- d-----w c:\documents and settings\KRUPCZAK\Dane aplikacji\Teleca

2009-02-12 13:12 --------- d-----w c:\program files\Sony Ericsson

2009-02-12 13:12 --------- d-----w c:\program files\Common Files\Sony Ericsson Shared

2009-02-12 13:12 --------- d-----w c:\documents and settings\KRUPCZAK\Dane aplikacji\Sony Ericsson

2009-02-12 13:12 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Teleca

2009-02-12 13:12 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson

2009-02-12 13:11 --------- d-----w c:\program files\Sony

2009-02-12 08:04 108,067 --sh–r C:\opgde.exe

2009-02-09 12:18 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\NexonEU

2009-02-09 09:21 421,888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe

2009-02-02 19:03 --------- d-----w c:\program files\Common Files\INCA Shared

2009-02-02 18:55 --------- d-----w c:\program files\softnyx

2009-01-31 14:58 109,930 --sh–r C:\a2h2.com

2009-01-31 08:47 109,127 --sh–r C:\hl80c6b1.com

2009-01-24 18:28 --------- d-----w c:\program files\Google

2009-01-22 18:20 107,882 --sh–r C:\w98.com

2009-01-22 14:20 --------- d-s—w c:\program files\Xfire

2009-01-21 23:27 --------- d-----w c:\program files\Winamp Remote

2009-01-21 23:27 --------- d-----w c:\program files\Kalendarz XP

2009-01-21 23:27 --------- d-----w c:\program files\EXPERTool

2008-11-10 23:09 22,328 ----a-w c:\documents and settings\KRUPCZAK\Dane aplikacji\PnkBstrK.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-03-17_13.48.10.56 )))))))))))))))))))))))))))))))))))))))))

.

2009-03-17 20:32:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_430.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “c:\program files\Winamp Toolbar\winamptb.dll” [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-15 15360]

“RGSC”=“d:\gry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe” [2008-12-15 306088]

“DAEMON Tools Lite”=“d:\programy\DAEMON Tools Lite\daemon.exe” [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-05-16 13529088]

“WinampAgent”=“e:\program files\Winamp\winampa.exe” [2008-08-04 36352]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]

c:\documents and settings\KRUPCZAK\Menu Start\Programy\Autostart\

is-AGN9S.lnk - c:\documents and settings\KRUPCZAK\Pulpit\Virus Removal Tool\is-AGN9S\startup.exe [2009-03-17 65536]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

“{BB4C402F-882A-4526-8C08-51278EA437C1}”= “c:\windows\system32\afmain1.dll” [2008-04-15 78848]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk

backup=c:\windows\pss\Kalendarz XP.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^KRUPCZAK^Menu Start^Programy^Autostart^Xfire.lnk]

path=c:\documents and settings\KRUPCZAK\Menu Start\Programy\Autostart\Xfire.lnk

backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

-r------- 2007-08-29 09:55 1966080 c:\windows\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

–a------ 2008-07-24 16:02 490952 d:\programy\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

–a------ 2008-03-20 11:04 2127296 d:\programy\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

-r------- 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

–a------ 2008-05-16 19:31 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-09-19 11:14 16844800 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

“AntiVirusOverride”=dword:00000001

“FirewallOverride”=dword:00000001

“UacDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

“AntiVirusOverride”=dword:00000001

“AntiVirusDisableNotify”=dword:00000001

“FirewallDisableNotify”=dword:00000001

“FirewallOverride”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

“UacDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\WINDOWS\system32\PnkBstrA.exe”=

“c:\WINDOWS\system32\PnkBstrB.exe”=

“c:\Program Files\uTorrent\uTorrent.exe”=

“d:\Gry\Far Cry 2\bin\FarCry2.exe”=

“d:\Gry\Call of Duty 4 - Modern Warfare\iw3mp.exe”=

“d:\Programy\Gadu-Gadu\gg.exe”=

“d:\Gry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe”=

“d:\Gry\GTA IV\Grand Theft Auto IV\GTAIV.exe”=

“\\Michal\warrock\WRLauncher.exe”=

“d:\Gry\Grand Theft Auto Vice City\Combat Arms EU\NMService.exe”=

“c:\Documents and Settings\KRUPCZAK\Pulpit\Instalki\Super_Pi\SUPER_PI.EXE”=

“c:\WINDOWS\AhnRpta.exe”=

R1 is-L3CE5drv;is-L3CE5drv;c:\windows\system32\drivers\60804452.sys [2009-03-17 148496]

S1 is-97H9Pdrv;is-97H9Pdrv;c:\windows\system32\DRIVERS\99032400.sys --> c:\windows\system32\DRIVERS\99032400.sys [?]

S1 is-AGN9Sdrv;is-AGN9Sdrv;c:\windows\system32\drivers\43295700.sys [2009-03-17 148496]

S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]

S3 abp470n5;abp470n5;??\c:\windows\system32\drivers\ntpglu.sys --> c:\windows\system32\drivers\ntpglu.sys [?]

S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2009-02-25 83336]

S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2009-02-25 15112]

S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2009-02-25 108680]

S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2009-02-25 100488]

S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2009-02-25 98696]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2009-02-12 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2009-02-12 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2009-02-12 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2009-02-12 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2009-02-12 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2009-02-12 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2009-02-12 97704]

.

Zawartość folderu ‘Zaplanowane zadania’

2009-03-17 c:\windows\Tasks\RegCure Program Check.job

c:\program files\RegCure\RegCure.exe []

2009-02-13 c:\windows\Tasks\RegCure.job

c:\program files\RegCure\RegCure.exe []

.

- - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.allegro.pl/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

FF - ProfilePath - c:\documents and settings\KRUPCZAK\Dane aplikacji\Mozilla\Firefox\Profiles\b315i9pa.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - www.allegro.pl

FF - component: c:\documents and settings\KRUPCZAK\Dane aplikacji\Mozilla\Firefox\Profiles\b315i9pa.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-17 21:32:44

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1844237615-854245398-682003330-1004\Software\SecuROM\License information*]

“datasecu”=hex:9c,17,c2,19,66,a5,9c,94,f1,01,03,01,d2,d7,da,03,5a,23,99,89,27,

ab,89,df,44,35,54,fe,5b,d8,90,92,2d,99,8a,b3,17,ba,43,a5,7e,98,2a,55,b6,98,\

“rkeysecu”=hex:73,4c,81,91,87,a6,f2,06,0b,a9,7a,f8,d8,9b,dc,6e

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\AhnRpta.exe

c:\program files\Nero\Nero 7\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\documents and settings\KRUPCZAK\Pulpit\Virus Removal Tool\is-AGN9S\is-AGN9S.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Czas ukończenia: 2009-03-17 21:34:16 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-03-17 20:34:14

ComboFix2.txt 2009-03-17 12:49:31

ComboFix3.txt 2009-01-22 13:56:09

Przed: 92 971 012 096 bajtów wolnych

Po: 92,955,914,240 bajtów wolnych

340 — E O F — 2009-02-08 23:34:35

PROSZE O POMOC…