ComboFix 09-02-15.01 - Michał 2009-02-17 17:51:34.26 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2047.1546 [GMT 1:00] Uruchomiony z: g:\naprawa\ComboFix.exe * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-17 do 2009-02-17 ))))))))))))))))))))))))))))))) . 2009-02-12 14:18 . 2009-02-12 14:18 1,072 --ah----- C:\aaw7boot.cmd 2009-02-12 13:50 . 2009-02-12 13:50 2009-02-11 10:32 . 2009-02-11 10:32 2009-02-11 10:31 . 2009-02-11 10:35 2009-02-07 11:07 . 2009-02-07 11:07 2009-02-05 21:50 . 2009-02-05 21:50 42,320 --a------ c:\windows\system32\xfcodec.dll 2009-01-30 15:21 . 2009-01-30 15:21 2009-01-28 13:53 . 2009-02-03 17:48 319 --a------ c:\windows\game.ini 2009-01-25 20:32 . 2009-01-25 20:32 2009-01-25 13:21 . 2008-02-28 13:26 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll 2009-01-25 13:21 . 2008-02-28 13:01 774,144 --a------ c:\windows\system32\NEROINSTAEC43759.DB 2009-01-25 13:09 . 2009-01-25 13:09 2009-01-25 12:50 . 2009-01-25 12:55 2009-01-25 12:34 . 2009-01-25 12:34 2009-01-25 12:10 . 2009-01-25 12:10 4,767 --a------ c:\windows\Irremote.ini 2009-01-25 12:05 . 2009-01-25 12:05 2009-01-25 11:00 . 2009-01-25 14:07 2009-01-25 11:00 . 2009-01-25 14:05 2009-01-24 15:42 . 2009-01-24 15:42 2009-01-21 21:14 . 2009-01-21 22:42 2009-01-21 13:32 . 2009-02-17 17:28 2009-01-21 13:06 . 2009-01-21 13:06 2009-01-17 16:55 . 2009-01-17 16:55 2009-01-17 16:55 . 2009-02-08 21:03 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-15 19:28 --------- d-----w c:\documents and settings\Michał\Dane aplikacji\teamspeak2 2009-02-14 20:44 --------- d-----w c:\documents and settings\Michał\Dane aplikacji\Skype 2009-02-12 13:52 --------- d-----w c:\program files\Lavasoft 2009-02-12 12:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-02-11 11:58 729,088 ----a-w c:\windows\iun6002.exe 2009-02-11 11:56 --------- d–h--w c:\program files\InstallShield Installation Information 2009-02-10 16:02 --------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-02-07 07:58 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ubisoft 2009-02-04 19:16 --------- d-----w c:\documents and settings\Michał\Dane aplikacji\gtk-2.0 2009-02-04 07:00 --------- d-----w c:\program files\directx 2009-01-28 12:11 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys 2009-01-25 09:39 --------- d-----w c:\program files\Ahead 2009-01-16 07:43 --------- d-----w c:\program files\ATITool 2009-01-14 21:50 --------- d-----w c:\program files\RivaTuner v2.22 2009-01-14 13:36 5,248 ----a-w c:\windows\system32\drivers\giveio.sys 2009-01-07 13:11 --------- d-----w c:\documents and settings\Anita\Dane aplikacji\Xfire 2009-01-07 13:11 --------- d-----w c:\documents and settings\Anita\Dane aplikacji\Skype 2009-01-04 09:23 --------- d-----w c:\program files\ArcSoft 2009-01-04 09:04 --------- d-----w c:\program files\Common Files\Adobe 2008-12-29 08:30 4,224 ----a-w c:\windows\system32\drivers\NVStrap.sys 2008-11-22 13:46 2,178 ----a-w c:\windows\system32\ealregsnapshot1.reg 2008-11-22 13:39 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-08-28 11:55 24 ----a-w c:\documents and settings\Michał\jagex_runescape_preferences.dat 2008-08-28 11:55 24 ----a-w c:\documents and settings\Michał\jagex_runescape_preferences.dat 2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “DAEMON Tools Pro Agent”=“c:\program files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Flashget”=“c:\program files\FlashGet\flashget.exe” [2007-06-29 1990704] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “vidc.3iv2”= 3ivxVfWCodec.dll “VIDC.HFYU”= huffyuv.dll “VIDC.VP31”= vp31vfw.dll “VIDC.XFR1”= xfcodec.dll [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^Michał^Menu Start^Programy^Autostart^PowerISO Updater.exe] path=c:\documents and settings\Michał\Menu Start\Programy\Autostart\PowerISO Updater.exe backup=c:\windows\pss\PowerISO Updater.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] --a------ 2007-09-06 14:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-03-12 22:43 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D92 Series] --a------ 2006-09-27 05:00 139264 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBZE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet] --a------ 2007-06-29 12:44 1990704 c:\program files\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-02-28 17:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 14:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 14:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 16:29 2221352 d:\nero8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-02-28 09:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2006-04-26 08:29 237568 g:\gry\Nokia\NOKIAP~1\LAUNCH~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon] --a------ 2008-12-29 09:30 2732032 c:\program files\RivaTuner v2.22\RivaTuner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-01-30 11:35 19428392 d:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel] --a------ 2008-01-29 10:19 2157096 c:\program files\VDOTool\TBPANEL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2003-12-13 01:50 33792 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wpkontakt] --a------ 2005-05-04 11:05 25848 c:\program files\Wirtualna Polska\wpkontakt\wpkontakt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2006-07-19 11:03 94208 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] --a------ 2003-11-07 10:50 19968 c:\windows\LOGI_MWX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “WMPNetworkSvc”=3 (0x3) “ServiceLayer”=3 (0x3) “PnkBstrA”=2 (0x2) “PLFlash DeviceIoControl Service”=2 (0x2) “ose”=3 (0x3) “NVSvc”=2 (0x2) “NMIndexingService”=3 (0x3) “Nero BackItUp Scheduler 4.0”=2 (0x2) “Nero BackItUp Scheduler 3”=2 (0x2) “idsvc”=3 (0x3) “IDriverT”=3 (0x3) “Adobe LM Service”=3 (0x3) “aawservice”=2 (0x2) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “DisableNotifications”= 1 (0x1) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “c:\Program Files\FlashGet\flashget.exe”= “g:\Program Files\EA GAMES\Battlefield 2\BF2.exe”= “d:\Program Files\Skype\Phone\Skype.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] “AllowInboundEchoRequest”= 1 (0x1) R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2008-10-28 156800] R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2008-10-28 5248] S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2009-01-14 4224] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2007-06-27 64000] S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [2006-02-04 227200] S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2007-06-27 116992] S3 NTProcDrv;Process creation detector for NT.;??\d:\downloads\NtProcDrv.sys – d:\downloads\NtProcDrv.sys [?] S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344] — Inne Usługi/Sterowniki w Pamięci — *Deregistered* - DwShield000007E6 . Zawartość folderu ‘Zaplanowane zadania’ 2009-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl mStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Stáhnout vše FlashGetem - c:\program files\FlashGet\jc_all.htm IE: Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm IE: Download all links using BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\0p4fj15t.default\ FF - prefs.js: browser.search.selectedEngine - Allegro FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-17 17:52:46 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-436374069-1409082233-725345543-1003\Software\SecuROM\License information*] “datasecu”=hex:3c,1b,6f,54,21,c9,ce,fe,f1,0c,62,75,cc,43,7a,c3,ad,41,7b,12,ab, 7e,be,76,3a,6e,73,d7,92,c0,bd,0e,a0,4a,3e,a4,fe,c6,12,c6,29,18,3b,c6,d6,75,\ “rkeysecu”=hex:5a,98,91,b9,78,41,c6,c7,85,b4,e1,62,38,5c,eb,7b . Czas ukończenia: 2009-02-17 17:55:05 ComboFix-quarantined-files.txt 2009-02-17 16:54:11 ComboFix2.txt 2009-02-11 19:35:00 ComboFix3.txt 2009-02-04 07:20:17 ComboFix4.txt 2010-01-03 20:11:43 Przed: 6 465 839 104 bajtów wolnych Po: 6,452,424,704 bajtów wolnych 212 — E O F — 2009-01-15 10:02:12 prosze o pomoc!!!