Proszę o sprawdzenie loga z programu combofix

PatrykG97 · 4 Lipiec 2011 11:46

ComboFix 11-07-03.02 - Patryk 2011-07-04 13:12:45.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.2047.1604 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Patryk\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Patryk\Application Data\Dealio

c:\documents and settings\Patryk\Application Data\Dealio\res\widgets.xml

c:\documents and settings\Patryk\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml

c:\documents and settings\Patryk\WINDOWS

c:\program files\Search Settings

c:\program files\Search Settings\SeARchsettings.dll

c:\program files\Search Settings\SearchSettings.exe

c:\program files\Search Settings\SearchSettingsRes409.dll

c:\windows\IsUn0415.exe

.

.

((((((((((((((((((((((((( Pliki utworzone od 2011-06-04 do 2011-07-04 )))))))))))))))))))))))))))))))

.

.

2011-07-04 11:17 . 2011-07-04 11:17	53248	----a-w-	c:\temp\catchme.dll

2011-07-03 14:25 . 2011-07-03 14:26	47104	----a-w-	c:\windows\system32\KMVIDC32.DLL

2011-07-02 16:16 . 2011-07-02 16:16	--------	d-----w-	c:\program files\Microsoft Games

2011-07-02 10:30 . 2011-03-19 19:00	151552	----a-w-	c:\windows\system32\ac3acm.acm

2011-07-02 10:30 . 2006-10-18 18:05	232448	----a-w-	c:\windows\system32\mp3fhg.acm

2011-07-02 10:30 . 2011-06-16 08:00	73216	----a-w-	c:\windows\system32\ff_vfw.dll

2011-07-02 10:30 . 2011-06-02 00:15	243200	----a-w-	c:\windows\system32\xvidvfw.dll

2011-07-02 10:30 . 2011-06-02 00:10	644608	----a-w-	c:\windows\system32\xvidcore.dll

2011-07-02 10:30 . 2010-11-03 18:08	237568	----a-w-	c:\windows\system32\yv12vfw.dll

2011-07-02 10:30 . 2011-07-02 10:30	--------	d-----w-	c:\program files\K-Lite Codec Pack

2011-06-30 07:19 . 2001-08-17 11:48	12160	-c--a-w-	c:\windows\system32\dllcache\mouhid.sys

2011-06-30 07:19 . 2001-08-17 11:48	12160	----a-w-	c:\windows\system32\drivers\mouhid.sys

2011-06-30 07:19 . 2008-04-13 17:39	14592	-c--a-w-	c:\windows\system32\dllcache\kbdhid.sys

2011-06-30 07:19 . 2008-04-13 17:39	14592	----a-w-	c:\windows\system32\drivers\kbdhid.sys

2011-06-26 16:41 . 2008-04-14 00:12	26624	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2011-06-26 16:40 . 2011-07-02 10:05	--------	d-----w-	c:\program files\Windows Media Connect 2

2011-06-26 16:23 . 2011-06-26 16:23	892928	----a-w-	c:\windows\system32\iconv.dll

2011-06-24 07:10 . 2011-06-24 07:10	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-24 07:10 . 2011-06-24 07:10	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-18 11:10 . 2011-06-18 11:10	--------	d-----w-	c:\program files\LG Electronics

2011-06-18 11:08 . 2011-06-18 11:08	--------	d-----w-	C:\KP500

2011-06-18 11:07 . 2011-05-10 11:37	655872	----a-w-	c:\windows\system32\msvcr90.dll

2011-06-18 11:07 . 2011-05-10 11:37	568832	----a-w-	c:\windows\system32\msvcp90.dll

2011-06-18 11:07 . 2011-05-10 11:37	224768	----a-w-	c:\windows\system32\msvcm90.dll

2011-06-18 10:14 . 2011-06-18 10:14	--------	d-----w-	c:\program files\Multimedia Card Reader

2011-06-18 08:47 . 2011-06-18 08:48	--------	d-----w-	c:\documents and settings\Patryk\Application Data\Download Manager

2011-06-18 08:39 . 2011-06-18 08:39	--------	d-----w-	c:\program files\Intel Desktop Board

2011-06-17 17:59 . 2008-04-13 23:12	53760	----a-w-	c:\windows\system32\drivers\vfwwdm32.dll

2011-06-17 17:36 . 2001-08-17 11:51	19584	-c--a-w-	c:\windows\system32\dllcache\rasirda.sys

2011-06-17 17:36 . 2001-08-17 11:51	19584	----a-w-	c:\windows\system32\drivers\rasirda.sys

2011-06-17 17:36 . 2008-04-13 23:12	151552	-c--a-w-	c:\windows\system32\dllcache\irftp.exe

2011-06-17 17:36 . 2008-04-13 23:12	151552	----a-w-	c:\windows\system32\irftp.exe

2011-06-17 17:36 . 2008-04-13 23:12	8192	-c--a-w-	c:\windows\system32\dllcache\wshirda.dll

2011-06-17 17:36 . 2008-04-13 23:12	8192	----a-w-	c:\windows\system32\wshirda.dll

2011-06-17 17:36 . 2008-04-13 23:11	28160	-c--a-w-	c:\windows\system32\dllcache\irmon.dll

2011-06-17 17:36 . 2008-04-13 23:11	28160	----a-w-	c:\windows\system32\irmon.dll

2011-06-17 17:36 . 2008-04-13 17:54	88192	-c--a-w-	c:\windows\system32\dllcache\irda.sys

2011-06-17 17:36 . 2008-04-13 17:54	88192	----a-w-	c:\windows\system32\drivers\irda.sys

2011-06-17 17:36 . 2001-08-17 11:51	18688	-c--a-w-	c:\windows\system32\dllcache\irsir.sys

2011-06-17 17:36 . 2001-08-17 11:51	18688	----a-w-	c:\windows\system32\drivers\irsir.sys

2011-06-15 13:18 . 2011-06-15 13:18	--------	d-----w-	c:\documents and settings\Patryk\Application Data\AnvSoft

2011-06-15 13:18 . 2011-06-15 13:18	--------	d-----w-	c:\program files\AnvSoft

2011-06-15 13:05 . 2011-06-15 13:53	--------	d-----w-	c:\windows\SxsCaPendDel

2011-06-15 09:27 . 2011-04-21 13:37	105472	-c----w-	c:\windows\system32\dllcache\mup.sys

2011-06-12 11:12 . 2011-06-12 11:12	--------	d-----w-	c:\program files\Cheat Engine 6.1

2011-06-10 19:01 . 2011-06-10 19:01	--------	d-----w-	c:\documents and settings\Patryk\Local Settings\Application Data\Chromium

2011-06-10 14:52 . 1997-01-18 08:40	299520	----a-w-	c:\windows\uninst.exe

2011-06-06 10:55 . 2011-06-06 10:55	183696	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-06 10:55 . 2011-06-06 10:55	183696	----a-w-	c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

2011-06-05 14:18 . 2011-06-05 14:18	--------	d-----w-	c:\documents and settings\Patryk\dwhelper

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-18 15:14 . 2011-02-25 12:06	22328	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys

2011-06-18 15:14 . 2011-02-25 12:06	103736	----a-w-	c:\windows\system32\PnkBstrB.exe

2011-06-18 11:38 . 2011-05-27 13:05	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 13:12 . 2011-02-25 12:06	66872	----a-w-	c:\windows\system32\PnkBstrA.exe

2011-06-02 13:07 . 2011-06-02 13:07	22328	----a-w-	c:\documents and settings\Patryk\Application Data\PnkBstrK.sys

2011-05-04 02:52 . 2011-02-13 12:44	472808	----a-w-	c:\windows\system32\deployJava1.dll

2011-05-04 00:25 . 2011-02-13 12:44	73728	----a-w-	c:\windows\system32\javacpl.cpl

2011-05-02 15:31 . 2011-02-12 16:50	692736	----a-w-	c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-10 13:00	151552	----a-w-	c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-10 13:00	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 15:51 . 2004-08-10 13:00	832512	----a-w-	c:\windows\system32\wininet.dll

2011-04-25 15:51 . 2004-08-10 13:00	78336	----a-w-	c:\windows\system32\ieencode.dll

2011-04-25 15:51 . 2004-08-10 13:00	1830912	------w-	c:\windows\system32\inetcpl.cpl

2011-04-25 15:51 . 2004-08-10 13:00	17408	----a-w-	c:\windows\system32\corpol.dll

2011-04-25 12:01 . 2004-08-10 13:00	389120	----a-w-	c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-10 13:00	105472	----a-w-	c:\windows\system32\drivers\mup.sys

2011-04-10 07:25 . 2011-04-10 07:25	84480	----a-w-	c:\windows\system32\EasyHook32.dll

2011-04-10 07:25 . 2011-04-10 07:25	172032	----a-w-	c:\windows\system32\AniGIF.ocx

2011-04-09 15:06 . 2011-04-09 15:06	17408	----a-w-	C:\psapi.dll

2011-06-24 07:10 . 2011-03-31 17:41	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]

2011-02-09 18:29	400384	----a-w-	c:\progra~1\ALLPlayer\Iplex\IplexToALLPlayer.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-02-07 1362944]

"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-06-01 13349472]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-02-04 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]

"NvMediaCenter"="NvMCTray.dll" [2010-08-19 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-08-19 13925480]

"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-02-12 180269]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 131072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Patryk\Start Menu\Programs\Startup\

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"d:\\Gry\\Counter-Strike Source\\Counter Strike Source 2011\\hl2.exe"=

"c:\\Documents and Settings\\Patryk\\Desktop\\uTorrent.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"d:\\Gry\\EA Sports\\FIFA 11\\Game\\fifa.exe"=

.

R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2011-02-12 28672]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 136176]

S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]

S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [2011-03-03 16896]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-07 129440]

S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 136176]

S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-03-09 98672]

S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-03-09 14960]

S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-03-09 124016]

S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-03-09 117872]

S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-03-09 25456]

S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-03-09 113904]

S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-03-09 123504]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]

S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]

.

Zawartość folderu 'Zaplanowane zadania'

.

2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 14:26]

.

2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 14:26]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uInternet Connection Wizard,ShellNext = hxxp://www.vobis.pl/

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000

IE: Ściągnij przy poomocy FlashGet3 - c:\documents and settings\Patryk\Application Data\FlashGetBHO\GetUrl.htm

IE: Ściągnij wszystko przy pomocy FlashGet3 - c:\documents and settings\Patryk\Application Data\FlashGetBHO\GetAllUrl.htm

IE: ????3?? - c:\documents and settings\Patryk\Application Data\FlashGetBHO\GetUrl.htm

IE: ????3?????? - c:\documents and settings\Patryk\Application Data\FlashGetBHO\GetAllUrl.htm

LSP: c:\progra~1\SpeedBit Video Accelerator\SBLSP.dll

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Patryk\Application Data\Mozilla\Firefox\Profiles\1w0p1wej.default\

FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=210&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=210&q=

.

- - - - USUNIĘTO PUSTE WPISY - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-04 13:17

Windows 5.1.2600 Service Pack 3 NTFS

.

skanowanie ukrytych procesów ...  

.

skanowanie ukrytych wpisów autostartu ... 

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? 

.

skanowanie ukrytych plików ...  

.

skanowanie pomyślnie ukończone

ukryte pliki: 0

.

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_USERS\S-1-5-21-2025429265-606747145-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]

@="c:\\Documents and Settings\\Patryk\\Application Data\\FlashGetBHO\\GetUrl.htm"

"contexts"=dword:00000022

.

[HKEY_USERS\S-1-5-21-2025429265-606747145-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]

@="c:\\Documents and Settings\\Patryk\\Application Data\\FlashGetBHO\\GetAllUrl.htm"

"contexts"=dword:000000f3

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

.

- - - - - - - > 'lsass.exe'(1120)

c:\progra~1\SpeedBit Video Accelerator\SBLSP.dll

.

Czas ukończenia: 2011-07-04 13:19:23

ComboFix-quarantined-files.txt 2011-07-04 11:19

.

Przed: 168 361 791 488 bytes free

Po: 168 342 212 608 bytes free

.

- - End Of File - - 295A8E7FD07BC8A35965AFFEDEA49B4D

Acorus · 4 Lipiec 2011 12:30

otl-gmer-rsit-dss-inne-instrukcje-t370405.html

Agaton · 4 Lipiec 2011 16:09

PatrykG97 ,

Proszę zapoznać się z tematem TYTUŁOWANIE TEMATÓW DOTYCZĄCYCH LOGÓW i poprawić tytuł na konkretny, mówiący o problemie, w poście dokładnie opisać problem. W celu dokonania zaleconej korekty proszę użyć przycisku Edytuj przy poście otwierającym ten temat.

Wklejanie logów na forum - przeczytaj i zastosuj się do Tematu

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.