Wirusy,wolny net,log combofixa


(Danusia542) #1

Witam!

Otóż mam taki problem jak w temacie,internet normalnie powinien mieć 1mb/s,a jak sprawdzałem na speedtest.net ma zaledwie 0,05mb/s.Sądze,że jest sporo wirusów,niektóre zostały usuniete przez KISA i Malwarebytes lecz to nie pomogło.Prosilbym was abyście zerkneli w loga z combofixa,i zobaczyli co jest nie tak i czego trzeba się pozbyć.

PS.Wolałbym nie robić formata.

ComboFix 10-01-02.05 - Kamil 2010-01-03 19:31:43.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1623 [GMT 1:00]

Uruchomiony z: D:\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Poprzednie uruchomienie -------

.

c:\documents and settings\All Users\Dane aplikacji\Tibia.bak

c:\program files\Dealio Toolbar\config.ini

c:\program files\Dealio Toolbar\DealioToolbarIE.dll

c:\program files\Dealio Toolbar\Res\amazon.gif

c:\program files\Dealio Toolbar\Res\apple.gif

c:\program files\Dealio Toolbar\Res\barnes.gif

c:\program files\Dealio Toolbar\Res\bestbuy.gif

c:\program files\Dealio Toolbar\Res\dealio_logo.gif

c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif

c:\program files\Dealio Toolbar\Res\ebay.gif

c:\program files\Dealio Toolbar\Res\icon_settings.gif

c:\program files\Dealio Toolbar\Res\macys.gif

c:\program files\Dealio Toolbar\Res\newegg.gif

c:\program files\Dealio Toolbar\Res\overstock.gif

c:\program files\Dealio Toolbar\Res\search-button-hover.gif

c:\program files\Dealio Toolbar\Res\search-button.gif

c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif

c:\program files\Dealio Toolbar\Res\search-chevron.gif

c:\program files\Dealio Toolbar\Res\search_amazon.gif

c:\program files\Dealio Toolbar\Res\search_dealio.gif

c:\program files\Dealio Toolbar\Res\search_ebay.gif

c:\program files\Dealio Toolbar\Res\search_yahoo.gif

c:\program files\Dealio Toolbar\Res\separator.gif

c:\program files\Dealio Toolbar\Res\target.gif

c:\program files\Dealio Toolbar\Res\walmart.gif

c:\program files\Dealio Toolbar\Res\widgets.xml

c:\program files\Dealio Toolbar\SearchSettings.dll

c:\program files\Dealio Toolbar\SearchSettings.exe

c:\program files\Dealio Toolbar\SearchSettingsRes409.dll

c:\program files\Dealio Toolbar\sscfg.ini

c:\program files\Dealio Toolbar\WidgiHelper.exe

c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll

c:\windows\system32\AutoRun.inf

c:\windows\system32\ieuinit.inf

c:\windows\system32\setup.ini


.

((((((((((((((((((((((((( Pliki utworzone od 2009-12-03 do 2010-01-03 )))))))))))))))))))))))))))))))

.


2010-01-03 13:52 . 2010-01-03 13:52	306432	----a-w-	c:\windows\system32\TuneUpDefragService.exe

2010-01-03 13:52 . 2007-12-20 09:41	29440	----a-w-	c:\windows\system32\uxtuneup.dll

2010-01-03 13:52 . 2010-01-03 13:52	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\TuneUp Software

2010-01-03 13:52 . 2010-01-03 13:58	--------	d-----w-	c:\program files\TuneUp Utilities 2008

2010-01-02 20:19 . 2010-01-02 20:20	--------	d-----w-	c:\program files\Farming-Simulator 2009

2010-01-02 19:46 . 2010-01-02 19:48	--------	d-----w-	C:\farma

2010-01-02 14:39 . 2010-01-02 14:39	5061520	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-02 14:27 . 2010-01-02 14:27	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\Malwarebytes

2010-01-02 14:26 . 2009-12-30 13:55	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-02 14:26 . 2010-01-02 18:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware

2010-01-02 14:26 . 2010-01-02 14:26	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2010-01-02 14:26 . 2009-12-30 13:54	19160	----a-w-	c:\windows\system32\drivers\mbam.sys

2010-01-02 13:20 . 2008-04-14 21:50	21504	-c--a-w-	c:\windows\system32\dllcache\hidserv.dll

2010-01-02 13:20 . 2008-04-14 21:50	21504	----a-w-	c:\windows\system32\hidserv.dll

2010-01-02 13:20 . 2008-04-14 20:50	14720	-c--a-w-	c:\windows\system32\dllcache\kbdhid.sys

2010-01-02 13:20 . 2008-04-14 20:50	14720	----a-w-	c:\windows\system32\drivers\kbdhid.sys

2009-12-21 10:08 . 2009-11-24 16:39	1093064	----a-w-	c:\documents and settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\leferjhx.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

2009-12-21 09:34 . 2009-12-21 09:34	--------	d-----w-	c:\windows\Sun

2009-12-20 21:05 . 2009-12-21 17:48	--------	d-----w-	c:\program files\JDownloader

2009-12-20 21:05 . 2009-12-20 21:05	411368	----a-w-	c:\windows\system32\deploytk.dll

2009-12-20 21:05 . 2009-12-20 21:05	--------	d-----w-	c:\program files\Java

2009-12-20 21:04 . 2009-12-20 21:04	152576	----a-w-	c:\documents and settings\Kamil\Dane aplikacji\Sun\Java\jre1.6.0_15\lzma.dll

2009-12-20 17:02 . 2009-12-20 17:04	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\nView_Profiles

2009-12-18 20:08 . 2009-12-18 20:08	--------	d-----w-	c:\documents and settings\Kamil\Ustawienia lokalne\Dane aplikacji\Temp

2009-12-13 09:48 . 2009-12-13 09:48	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\OpenFM

2009-12-12 20:33 . 2009-11-18 12:16	417280	----a-w-	c:\documents and settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\leferjhx.default\extensions\SignPlugin@bph.pl\plugins\NPSignPluginBPH.dll

2009-12-12 20:26 . 2009-12-12 20:26	--------	d-----w-	c:\program files\McAfee Security Scan

2009-12-11 15:26 . 2009-12-11 15:26	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\TuneUp Software

2009-12-09 15:54 . 2010-01-03 17:09	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\skypePM

2009-12-09 15:54 . 2009-12-09 15:54	56	---ha-w-	c:\windows\system32\ezsidmv.dat

2009-12-09 15:52 . 2010-01-03 18:30	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\Skype

2009-12-09 15:52 . 2009-12-09 15:52	--------	d-----w-	c:\program files\Common Files\Skype

2009-12-09 15:52 . 2009-12-09 15:52	--------	d-----r-	c:\program files\Skype

2009-12-09 15:51 . 2009-12-09 15:52	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype

2009-12-07 09:22 . 2009-11-20 11:08	38784	----a-w-	c:\documents and settings\Kamil\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-12-07 09:22 . 2009-11-20 11:08	38784	----a-w-	c:\documents and settings\Default User\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-12-07 09:22 . 2009-12-12 20:27	--------	d-----w-	c:\program files\Common Files\Adobe AIR

2009-12-06 20:21 . 2009-12-06 20:21	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\Search Settings

2009-12-06 20:20 . 2009-12-06 20:20	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\Dealio

2009-12-06 20:18 . 2009-12-11 15:29	--------	d-----w-	c:\program files\eMule

2009-12-06 20:12 . 2009-12-06 20:12	--------	d-----w-	c:\program files\YouTube Downloader

2009-12-06 19:58 . 2009-12-08 11:30	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\BearShareTb

2009-12-06 19:58 . 2009-12-06 19:58	--------	d-----w-	c:\program files\BearShareTb

2009-12-06 19:52 . 2009-12-06 19:55	--------	d-----w-	c:\program files\BearShare


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-03 18:35 . 2009-11-07 14:01	179232	--sha-w-	c:\windows\system32\drivers\fidbox.dat

2010-01-03 18:35 . 2009-11-07 14:01	418848	--sha-w-	c:\windows\system32\drivers\fidbox2.dat

2010-01-03 18:29 . 2009-11-07 14:01	32	--sha-w-	c:\windows\system32\drivers\fidbox.idx

2010-01-03 18:28 . 2009-11-07 14:01	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab

2010-01-03 18:14 . 2009-11-07 14:01	42140	--sha-w-	c:\windows\system32\drivers\fidbox2.idx

2010-01-03 18:14 . 2009-11-09 11:53	779536	----a-w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2010-01-03 13:50 . 2009-11-07 13:29	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard

2010-01-02 13:26 . 2009-11-07 19:11	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-12-20 16:56 . 2009-11-07 13:45	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\Nowe Gadu-Gadu

2009-12-13 12:11 . 2009-11-17 15:09	664	----a-w-	c:\windows\system32\d3d9caps.dat

2009-12-13 06:46 . 2009-12-03 09:58	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\NOS

2009-12-11 15:28 . 2009-11-17 15:53	--------	d-----w-	c:\program files\DivX

2009-12-09 15:14 . 2004-08-04 12:00	85136	----a-w-	c:\windows\system32\perfc015.dat

2009-12-09 15:14 . 2004-08-04 12:00	493976	----a-w-	c:\windows\system32\perfh015.dat

2009-12-07 09:26 . 2009-11-10 17:37	--------	d-----w-	c:\program files\Common Files\Adobe

2009-12-06 13:05 . 2009-11-12 13:50	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\Tibia

2009-12-03 19:12 . 2009-12-03 19:12	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\McAfee

2009-12-03 10:07 . 2009-12-03 10:07	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan

2009-12-03 09:58 . 2009-12-03 09:58	86016	----a-w-	c:\documents and settings\All Users\Dane aplikacji\NOS\Adobe_Downloads\arh.exe

2009-11-29 11:23 . 2009-11-24 12:18	--------	d-----w-	c:\program files\Tasker

2009-11-18 20:00 . 2009-11-18 20:00	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\Datalayer

2009-11-18 20:00 . 2009-11-18 20:00	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\Nokia

2009-11-18 19:57 . 2009-11-18 19:57	--------	d-----w-	c:\program files\DIFX

2009-11-18 19:57 . 2009-11-18 19:56	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PC Suite

2009-11-18 19:57 . 2009-11-18 19:57	--------	d-----w-	c:\program files\Common Files\Nokia

2009-11-18 19:57 . 2009-11-18 19:56	--------	d-----w-	c:\program files\Common Files\PCSuite

2009-11-18 19:57 . 2009-11-18 19:56	--------	d-----w-	c:\program files\Nokia

2009-11-18 19:56 . 2009-11-18 19:56	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\PC Suite

2009-11-18 19:56 . 2009-11-18 19:56	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Downloaded Installations

2009-11-18 19:31 . 2009-11-18 19:31	--------	d-----w-	c:\program files\Audacity

2009-11-18 13:24 . 2009-11-18 13:24	--------	d-----w-	c:\program files\MSXML 4.0

2009-11-17 18:47 . 2009-11-17 18:39	126037	----a-w-	c:\windows\hpoins14.dat

2009-11-17 18:43 . 2009-11-17 18:43	--------	d-----w-	c:\program files\Hewlett-Packard

2009-11-17 18:43 . 2009-11-17 18:43	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard

2009-11-17 18:42 . 2009-11-17 18:42	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard

2009-11-17 18:42 . 2009-11-17 18:42	--------	d-----w-	c:\program files\HP

2009-11-17 15:55 . 2009-11-17 15:53	--------	d-----w-	c:\program files\Google

2009-11-16 14:40 . 2009-11-16 14:40	--------	d-----w-	c:\program files\Opera

2009-11-16 13:48 . 2009-11-07 20:06	69232	----a-w-	c:\documents and settings\Kamil\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-11-15 18:17 . 2009-11-15 18:17	--------	d-----w-	c:\program files\CCleaner

2009-11-12 19:52 . 2009-11-12 19:46	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-11-12 19:51 . 2009-11-12 19:51	--------	d-----w-	c:\program files\Microsoft Works

2009-11-12 19:49 . 2009-11-12 19:49	--------	d-----w-	c:\program files\Microsoft.NET

2009-11-12 19:47 . 2009-11-12 19:47	--------	d-----w-	c:\program files\Microsoft Visual Studio 8

2009-11-12 14:03 . 2009-11-12 14:03	--------	d-----w-	c:\program files\Tibia

2009-11-07 20:20 . 2009-11-07 20:19	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\Ventrilo

2009-11-07 20:19 . 2009-11-07 20:19	--------	d-----w-	c:\program files\Ventrilo

2009-11-07 19:45 . 2009-11-07 13:21	76487	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-07 19:12 . 2009-11-07 19:10	--------	d-----w-	c:\program files\ElfBot NG

2009-11-07 18:46 . 2009-11-07 18:46	--------	d-----w-	c:\program files\Asprate

2009-11-07 17:32 . 2009-11-07 17:32	--------	d-----w-	c:\program files\Realtek

2009-11-07 17:32 . 2009-11-07 17:32	--------	d--h--w-	c:\program files\InstallShield Installation Information

2009-11-07 17:32 . 2009-11-07 17:29	--------	d-----w-	c:\program files\Common Files\InstallShield

2009-11-07 17:29 . 2009-11-07 17:29	--------	d-----w-	c:\program files\VIA

2009-11-07 15:30 . 2009-11-07 14:07	--------	d-----w-	c:\documents and settings\Kamil\Dane aplikacji\DAEMON Tools Lite

2009-11-07 14:51 . 2009-11-07 14:51	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE

2009-11-07 14:48 . 2007-04-28 15:51	112144	----a-w-	c:\windows\system32\drivers\kl1.sys

2009-11-07 14:47 . 2009-11-07 14:47	112144	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys

2009-11-07 14:47 . 2009-11-07 14:01	95259	----a-w-	c:\windows\system32\drivers\klick.dat

2009-11-07 14:47 . 2009-11-07 14:01	108059	----a-w-	c:\windows\system32\drivers\klin.dat

2009-11-07 14:47 . 2009-11-07 14:47	682512	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll

2009-11-07 14:47 . 2009-11-07 14:47	194320	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys

2009-11-07 14:47 . 2009-11-07 14:47	150032	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll

2009-11-07 14:47 . 2009-11-07 14:47	342544	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll

2009-11-07 14:14 . 2009-11-07 14:07	--------	d-----w-	c:\program files\DAEMON Tools Lite

2009-11-07 14:11 . 2009-11-07 14:11	--------	d-----w-	c:\program files\MSBuild

2009-11-07 14:08 . 2009-11-07 14:08	--------	d-----w-	c:\program files\Reference Assemblies

2009-11-07 14:07 . 2009-11-07 14:07	--------	d-----w-	c:\program files\DAEMON Tools Toolbar

2009-11-07 14:07 . 2009-11-07 14:07	691696	----a-w-	c:\windows\system32\drivers\sptd.sys

2009-11-07 14:07 . 2009-11-07 14:07	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite

2009-11-07 14:01 . 2009-11-07 14:01	0	----a-w-	c:\windows\nsreg.dat

2009-11-07 14:01 . 2009-11-07 14:01	--------	d-----w-	c:\program files\Kaspersky Lab

2009-11-07 13:45 . 2009-11-07 13:45	--------	d-----w-	c:\program files\Nowe Gadu-Gadu

2009-11-07 13:38 . 2009-11-07 13:37	--------	d-----w-	c:\program files\Freedom

2009-11-07 13:37 . 2009-11-07 13:37	--------	d-----w-	c:\program files\ZTE ZXDSL 852

2009-11-07 13:22 . 2009-11-07 13:22	--------	d-----w-	c:\program files\microsoft frontpage

2009-11-07 13:20 . 2009-11-07 13:20	--------	d-----w-	c:\program files\Usługi online

2009-11-07 13:19 . 2009-11-07 13:19	21856	----a-w-	c:\windows\system32\emptyregdb.dat

2009-10-29 05:26 . 2004-08-04 12:00	669696	----a-w-	c:\windows\system32\wininet.dll

2009-10-21 05:40 . 2004-08-04 12:00	75776	----a-w-	c:\windows\system32\strmfilt.dll

2009-10-21 05:40 . 2004-08-04 12:00	25088	----a-w-	c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 12:00	265728	----a-w-	c:\windows\system32\drivers\http.sys

2009-10-13 10:34 . 2004-08-04 12:00	271360	----a-w-	c:\windows\system32\oakley.dll

2009-10-12 13:40 . 2004-08-04 12:00	79872	----a-w-	c:\windows\system32\raschap.dll

2009-10-12 13:40 . 2004-08-04 12:00	150016	----a-w-	c:\windows\system32\rastls.dll

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]

2009-08-10 14:06	91576	----a-w-	c:\program files\BearShareTb\BearShareDx.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]


[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-05-28 10486376]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"RGSC"="d:\gta4\Grand Theft Auto IV\RGSC\RGSCLauncher.exe" [2009-11-08 306088]

"bluebirds"="c:\documents and settings\Kamil\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WiseStubReboot"="MSIEXEC" [X]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2009-04-30 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]

"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]


c:\documents and settings\All Users\Menu Start\Programy\Autostart\

McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]

R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2009-11-07 60255]

R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2009-11-07 683791]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-07 691696]

S2 gupdate1ca679e186f8b5c;Usługa Google Update (gupdate1ca679e186f8b5c);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-17 133104]

S3 MBAMProtector;MBAMProtector; [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt	REG_MULTI_SZ hpqcxs08


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Zawartość folderu 'Zaplanowane zadania'


2010-01-03 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 12:31]


2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-17 15:53]


2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-17 15:53]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://search.bearshare.com/

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/bph/SignActivX.cab

FF - ProfilePath - c:\documents and settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\leferjhx.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - www.google.pl

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=

FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll

FF - plugin: c:\documents and settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\leferjhx.default\extensions\SignPlugin@bph.pl\plugins\NPSignPluginBPH.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - USUNIĘTO PUSTE WPISY - - - -


BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll

Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll

HKCU-Run-iGoD - D:\iGoDr0785.exe

HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe

HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe

AddRemove-ElfBot NG_is1 - d:\elf bot 8.42\ElfBot NG\unins000.exe




**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-03 19:35

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(700)

c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\windows\system32\klogon.dll


- - - - - - - > 'lsass.exe'(756)

c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll

c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll


- - - - - - - > 'explorer.exe'(4080)

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSPL.DLL

c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\windows\system32\nvwddi.dll

c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Czas ukończenia: 2010-01-03 19:36:35

ComboFix-quarantined-files.txt 2010-01-03 18:36


Przed: 18 202 226 688 bajtów wolnych

Po: 18 166 755 328 bajtów wolnych


- - End Of File - - 020EB58FA05E35B6E8643291A19E6FA9

(jessica) #2

Nie widać tu takiej infekcji, która byłaby w stanie spowodować zwolnienie netu.

jessi