Witam Dziś święto pracy więc i robaki na moim kompie pracują
daję log z combo fix http://wklej.org/id/85135/
Witam Dziś święto pracy więc i robaki na moim kompie pracują
daję log z combo fix http://wklej.org/id/85135/
ComboFix 09-04-30.05 - Daria 2009-05-01 19:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.191.52 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Daria\Pulpit\ComboFix.exe
AV: avast! antivirus 4.7.1043 [VPS 090430-0] *On-access scanning enabled* (Updated)
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-01 do 2009-05-01 )))))))))))))))))))))))))))))))
.
2009-05-01 17:02 . 2009-05-01 17:02 -------- d-----w c:\windows\ERUNT
2009-05-01 17:01 . 2009-05-01 17:02 -------- d-----w c:\documents and settings\Administrator
2009-05-01 16:59 . 2009-05-01 17:08 -------- d-----w C:\SDFix
2009-05-01 15:59 . 2009-05-01 15:59 -------- d-----w c:\documents and settings\Daria\Ustawienia lokalne\Dane aplikacji\IVONA_INST
2009-05-01 14:48 . 2003-06-18 23:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-05-01 14:41 . 2009-05-01 14:42 -------- d-----w c:\windows\SHELLNEW
2009-05-01 14:34 . 2009-05-01 14:34 -------- d--h--r C:\MSOCache
2009-04-30 19:16 . 2009-05-01 09:49 -------- d-----w c:\documents and settings\Daria\Ustawienia lokalne\Dane aplikacji\Ahead
2009-04-30 19:16 . 2009-04-30 19:16 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\LightScribe
2009-04-30 19:11 . 2009-04-30 19:11 -------- d-----w c:\program files\Common Files\LightScribe
2009-04-30 19:09 . 2009-04-30 19:17 -------- d-----w c:\documents and settings\Daria\Dane aplikacji\Ahead
2009-04-30 19:03 . 2009-04-30 19:03 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero
2009-04-30 19:03 . 2009-04-30 19:03 -------- d-----w c:\program files\Nero
2009-04-30 19:03 . 2009-04-30 19:11 -------- d-----w c:\program files\Common Files\Ahead
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 16:43 . 2009-04-28 15:46 -------- d-----w c:\program files\Winamp
2009-05-01 15:48 . 2009-04-28 14:37 17856 ----a-w c:\documents and settings\Daria\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-28 16:02 . 2009-04-28 16:02 -------- d-----w c:\program files\Winamp Remote
2009-04-28 15:53 . 2009-04-28 15:53 -------- d-----w c:\program files\GRETECH
2009-04-28 15:49 . 2009-04-28 15:49 -------- d-----w c:\program files\PhotoScape
2009-04-28 15:41 . 2009-04-28 15:41 -------- d-----w c:\program files\Google
2009-04-28 15:21 . 2009-04-28 15:19 -------- d-----w c:\program files\Skype
2009-04-28 15:19 . 2009-04-28 15:19 -------- d-----w c:\program files\Common Files\Skype
2009-04-28 15:02 . 2009-04-28 15:01 -------- d-----w c:\program files\Gadu-Gadu
2009-04-28 14:54 . 2009-04-28 14:54 -------- d-----w c:\program files\Common Files\xing shared
2009-04-28 14:54 . 2009-04-28 14:54 -------- d-----w c:\program files\Common Files\Real
2009-04-28 14:54 . 2009-04-28 14:53 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-28 14:54 . 2009-04-28 14:53 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-28 14:54 . 2009-04-28 14:54 -------- d-----w c:\program files\Real
2009-04-28 14:53 . 2009-04-28 14:53 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-28 14:53 . 2009-04-28 14:53 -------- d-----w c:\program files\Alwil Software
2009-04-28 14:50 . 2009-04-28 14:50 0 ----a-w c:\windows\nsreg.dat
2009-04-28 14:44 . 2009-04-28 14:44 -------- d-----w c:\program files\C-Media 3D Audio
2009-04-28 14:44 . 2009-04-28 14:41 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-28 14:43 . 2009-04-28 14:40 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-28 14:41 . 2009-04-28 14:40 -------- d-----w c:\program files\VIA
2009-04-28 14:37 . 2001-10-26 14:15 49492 ----a-w c:\windows\system32\perfc015.dat
2009-04-28 14:37 . 2001-10-26 14:15 355486 ----a-w c:\windows\system32\perfh015.dat
2009-04-28 14:32 . 2009-04-28 14:32 -------- d-----w c:\program files\microsoft frontpage
2009-04-28 14:30 . 2001-07-21 20:36 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-28 14:30 . 2009-04-28 14:30 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 14:29 . 2009-04-28 14:29 -------- d-----w c:\program files\Usługi online
2009-04-28 14:27 . 2009-04-28 14:27 21856 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-05-01_13.39.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-01 17:06 . 2009-05-01 17:06 16384 c:\windows\Temp\Perflib_Perfdata_580.dat
+ 1999-11-24 16:40 . 1999-11-24 16:40 40960 c:\windows\system32\VBAME.DLL
+ 2009-05-01 14:48 . 2003-06-18 23:31 18944 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2009-05-01 14:48 . 2003-06-18 23:31 35328 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2009-05-01 14:48 . 2003-06-18 23:31 35328 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 1998-03-24 19:54 . 1998-03-24 19:54 15872 c:\windows\system32\SCP32.DLL
+ 1998-08-09 09:07 . 1998-08-09 09:07 94208 c:\windows\system32\MSSTKPRP.DLL
+ 1999-04-08 09:23 . 1999-04-08 09:23 53248 c:\windows\system32\MFC42PLK.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 32584 c:\windows\system32\FM20ENU.DLL
+ 2009-05-01 14:47 . 2009-05-01 14:47 23040 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-05-01 14:47 . 2009-05-01 14:47 61440 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-05-01 14:47 . 2009-05-01 14:47 27136 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-05-01 14:47 . 2009-05-01 14:47 11264 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-05-01 14:47 . 2009-05-01 14:47 86016 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-05-01 14:47 . 2009-05-01 14:47 12288 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 1999-06-04 13:22 . 1999-06-04 13:22 7680 c:\windows\system32\MSPRPPL.DLL
+ 2009-05-01 14:47 . 2009-05-01 14:47 4096 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-05-01 17:02 . 2009-05-01 17:02 8192 c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2009-05-01 17:02 . 2009-05-01 17:02 8192 c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2002-08-21 03:13 . 2002-08-21 03:13 189952 c:\windows\system32\WISPTIS.EXE
+ 2009-05-01 14:48 . 2003-06-18 23:31 758784 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2009-05-01 14:48 . 2003-06-18 23:31 758784 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2000-04-03 15:52 . 2000-04-03 15:52 151552 c:\windows\system32\RDOCURS.DLL
+ 2000-05-23 20:45 . 2000-05-23 20:45 118784 c:\windows\system32\MSSTDFMT.DLL
+ 2000-05-11 11:06 . 2000-05-11 11:06 397312 c:\windows\system32\MSRDO20.DLL
+ 2002-08-21 03:10 . 2002-08-21 03:10 204800 c:\windows\system32\INKED.DLL
+ 2009-04-28 16:20 . 2009-05-01 16:40 114176 c:\windows\system32\FNTCACHE.DAT
+ 2009-05-01 14:47 . 2009-05-01 14:47 409600 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-05-01 14:47 . 2009-05-01 14:47 286720 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-05-01 14:47 . 2009-05-01 14:47 249856 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-05-01 14:47 . 2009-05-01 14:47 794624 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-05-01 14:47 . 2009-05-01 14:47 135168 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-05-01 14:47 . 2009-05-01 14:47 593920 c:\windows\Installer\{90110415-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-05-01 17:02 . 2009-05-01 17:02 376832 c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-05-01 17:02 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-05-01 17:02 . 2009-05-01 17:02 376832 c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-05-01 17:02 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2003-08-03 16:56 . 2003-08-03 16:56 1146184 c:\windows\system32\FM20.DLL
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-06-20 1056768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 79224]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-28 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-11 147456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9140:TCP"= 9140:TCP:wmzwajay
R2 gbuzcogb;Manager Time;c:\windows\system32\svchost.exe [2004-08-03 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gbuzcogb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{437fc7d0-3403-11de-87dc-0013469f4bfb}]
\Shell\AutoRun\command - G:\juok3st.bat
\Shell\explore\Command - G:\juok3st.bat
\Shell\open\Command - G:\juok3st.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{988d6291-340f-11de-a5bf-806d6172696f}]
\Shell\AutoRun\command - f:\bin\assetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = hxxp://gaduradio.pl/JakInstalowacWinampa.php
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Daria\Dane aplikacji\Mozilla\Firefox\Profiles\x66oe2mc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Daria\Dane aplikacji\Mozilla\Firefox\Profiles\x66oe2mc.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 19:46
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-05-01 19:47
ComboFix-quarantined-files.txt 2009-05-01 17:47
ComboFix2.txt 2009-05-01 14:17
ComboFix3.txt 2009-05-01 13:40
Przed: 36 259 553 280 bajtów wolnych
Po: 36 266 110 976 bajtów wolnych
169[/code]