Witam!
Dzięki bardzo oto log po ComboFixie
ComboFix 09-07-09.08 - NIKOLA 2009-07-11 21:23.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.225 [GMT 2:00]
Uruchomiony z: c:\program files\pdfforge Toolbar\ComboFix.exe
AV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezydentny antywirus jest aktywny
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\NIKOLA\Dane aplikacji\inst.exe
c:\documents and settings\NIKOLA\Dane aplikacji\wiaserva.log
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\Installer\165f4b.msi
c:\windows\Installer\e261eb.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\dfc3165b.sys
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_dfc3165b
((((((((((((((((((((((((( Pliki utworzone od 2009-06-11 do 2009-07-11 )))))))))))))))))))))))))))))))
.
2009-07-11 18:42 . 2004-08-03 21:08 26624 -c–a-w- c:\windows\system32\dllcache\usbehci.sys
2009-07-11 18:42 . 2004-08-03 21:08 26624 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-07-11 18:42 . 2004-08-03 22:44 7168 -c–a-w- c:\windows\system32\dllcache\hccoin.dll
2009-07-11 18:42 . 2004-08-03 22:44 7168 ----a-w- c:\windows\system32\hccoin.dll
2009-07-11 18:33 . 2009-07-11 18:33 -------- d-----w- c:\documents and settings\NIKOLA\Dane aplikacji\Apple Computer
2009-07-11 17:18 . 2009-07-11 17:18 -------- d-----w- c:\program files\Trend Micro
2009-07-11 17:01 . 2009-07-11 17:01 -------- d-----w- c:\documents and settings\NIKOLA\Dane aplikacji\skypePM
2009-07-11 15:48 . 2009-07-11 15:48 -------- d-----w- c:\documents and settings\NIKOLA\Ustawienia lokalne\Dane aplikacji\GHISLER
2009-07-11 14:31 . 2009-07-11 14:31 -------- d-----w- c:\windows\system32\windows media
2009-07-11 14:30 . 2009-07-11 14:31 -------- d–h--w- c:\windows\msdownld.tmp
2009-07-11 13:30 . 2009-07-11 15:55 -------- d—a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-06-29 07:20 . 2009-06-29 07:20 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-25 16:24 . 2009-06-25 16:24 0 ----a-w- c:\windows\nsreg.dat
2009-06-20 15:57 . 2009-06-20 15:57 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-20 15:57 . 2009-06-20 15:57 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-20 15:57 . 2006-09-07 10:34 347776 ----a-w- c:\windows\system32\drivers\rt73.sys
2009-06-20 15:57 . 2006-06-20 20:53 319488 ----a-w- c:\windows\system32\AegisI5.exe
2009-06-20 15:57 . 2006-06-17 10:29 295018 ----a-w- c:\windows\system32\Install7x.dll
2009-06-20 15:57 . 2005-11-30 09:33 2048 ----a-w- c:\windows\system32\drivers\rt73.bin
2009-06-20 15:56 . 2009-06-20 15:56 -------- d-----w- c:\program files\RALINK
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 19:30 . 2009-03-12 17:44 -------- d-----w- c:\program files\pdfforge Toolbar
2009-07-11 18:44 . 2001-10-26 15:15 74230 ----a-w- c:\windows\system32\perfc015.dat
2009-07-11 18:44 . 2001-10-26 15:15 448004 ----a-w- c:\windows\system32\perfh015.dat
2009-07-11 17:02 . 2008-10-29 08:14 -------- d-----w- c:\documents and settings\NIKOLA\Dane aplikacji\Skype
2009-07-11 17:00 . 2008-04-02 21:10 70400 ----a-w- c:\documents and settings\NIKOLA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-07-11 17:00 . 2008-04-02 21:10 8354 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-11 16:53 . 2009-04-28 09:32 -------- d-----w- c:\documents and settings\NIKOLA\Dane aplikacji\Ulead Systems
2009-07-11 16:53 . 2008-04-03 05:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ulead Systems
2009-07-11 16:53 . 2008-04-03 05:08 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-07-11 16:09 . 2008-04-02 19:29 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-11 14:20 . 2008-04-03 04:57 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-07-11 08:02 . 2009-03-27 08:09 -------- d-----w- c:\program files\Spyware Doctor
2009-07-10 18:53 . 2008-04-02 19:46 -------- d-----w- c:\program files\ESET
2009-07-02 16:22 . 2009-03-27 08:10 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-01 18:02 . 2008-05-20 15:34 -------- d-----w- c:\program files\Ad Muncher
2009-05-20 14:24 . 2008-05-03 09:51 -------- d-----w- c:\program files\Google
2009-05-16 14:43 . 2008-04-21 10:59 -------- d-----w- c:\documents and settings\NIKOLA\Dane aplikacji\Vso
2009-05-13 08:22 . 2009-04-30 13:42 -------- d-----w- c:\program files\BearShare
2008-04-02 21:10 . 2008-04-02 21:10 88 --sh–r- c:\windows\system32\AA6996DE32.sys
2008-10-24 14:36 . 2008-10-19 20:20 88 --sh–r- c:\windows\system32\DF7DD9A129.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“nod32kui”=“c:\program files\Eset\nod32kui.exe” [2008-04-02 949376]
“Ad Muncher”=“c:\program files\Ad Muncher\AdMunch.exe” [2007-11-03 779776]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-6-20 663552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“SynchronousUserGroupPolicy”= 0 (0x0)
“SynchronousMachineGroupPolicy”= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-27 130936]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-04-02 15424]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2008-04-03 75925]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2008-04-03 36423]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [2008-04-03 10005]
S2 gupdate1c98c4cf784ba66;Google Update Service (gupdate1c98c4cf784ba66);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [2005-09-16 150272]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-09-29 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-09-29 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-09-29 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-09-29 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-09-29 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-09-29 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-09-29 97704]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-27 348752]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2008-04-03 9446]
.
Zawartość folderu ‘Zaplanowane zadania’
2009-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 13:30]
2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 13:30]
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
Notify-dimsntfy - (no file)
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uInternet Connection Wizard,ShellNext = iexplore
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_b … u_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_b … u_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_b … nu_ie_link
IE: Don’t filter page with Ad Muncher - http://www.admuncher.com/request_will_b … ie_exclude
IE: Download with &Shareaza - c:\program files\BearShare MP3\RazaWebHook.dll/3000
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_b … _ie_report
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 21:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\program files\Ad Muncher\AM28140.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Czas ukończenia: 2009-07-11 21:38 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-07-11 19:38
Przed: 11 353 997 312 bajtów wolnych
Po: 11 216 384 000 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
186