Mam taki problem i nie wiem co zrobić ;/
Tu macie loga z CF :
ComboFix 10-03-27.04 - Hom 2010-03-28 18:18:49.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1535.1195 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Hom\Moje dokumenty\Pobieranie\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dane aplikacji\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Dane aplikacji\HotbarSA
c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSA.dat
c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSA_hpk.dat
c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSA_kyf.dat
c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSAAbout.mht
c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSAau.dat
c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSAEULA.mht
c:\documents and settings\All Users\Menu Start\Programy\Hotbar
c:\documents and settings\All Users\Menu Start\Programy\Hotbar\About Hotbar.lnk
c:\documents and settings\All Users\Menu Start\Programy\Hotbar\Hotbar Customer Support Center.lnk
c:\documents and settings\All Users\Menu Start\Programy\Hotbar\Hotbar Games!.lnk
c:\documents and settings\All Users\Menu Start\Programy\Hotbar\Hotbar Videos!.lnk
c:\documents and settings\All Users\Menu Start\Programy\Hotbar\Reset Cursor.lnk
c:\documents and settings\Hom\Dane aplikacji\Hotbar
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.txt
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.xip
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.res
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.res
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.res
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.res
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.res
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.res
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.xip
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\layout.cdf
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\layout.xip
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.txt
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.txt
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.xip
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.res
c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.xip
c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\history
c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\Weather_XML\Default
c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\Weather_XML\Genera1
c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\Weather_XML\General
c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherDPA\Links
c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherDPA\Weather_XML\Display
c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherDPA\Weather_XML\Loading
c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherDPA\Weather_XML\screen2
c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherDPA\WeatherPreferences
c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherStartup.xml
c:\documents and settings\Hom\Dane aplikacji\WeatherDPA
c:\program files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\Alcmtr.exe
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
((((((((((((((((((((((((( Pliki utworzone od 2010-02-28 do 2010-03-28 )))))))))))))))))))))))))))))))
.
2010-03-28 15:42 . 2010-03-28 15:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-03-28 15:11 . 2010-03-28 15:11 -------- d-----w- c:\program files\counter-strike
2010-03-28 14:11 . 2010-03-28 14:35 -------- d-----w- c:\program files\Valve
2010-03-27 11:49 . 2010-03-27 11:49 -------- d-----w- c:\documents and settings\Hom\Dane aplikacji\Media Player Classic
2010-03-27 11:49 . 2010-03-28 10:56 -------- d-----w- c:\program files\Real Alternative
2010-03-27 11:48 . 2008-12-07 19:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-27 11:48 . 2007-07-05 03:33 892928 ----a-w- c:\windows\system32\iconv.dll
2010-03-27 11:48 . 2010-03-27 11:48 -------- d-----w- c:\program files\NAPI-PROJEKT
2010-03-27 11:48 . 2010-03-27 11:48 -------- d-----w- c:\program files\ALLPlayer
2010-03-26 19:06 . 2010-03-27 08:34 -------- d-----w- c:\program files\BarDiscover
2010-03-26 19:06 . 2010-03-26 19:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\BarDiscover
2010-03-26 16:39 . 2010-03-26 16:40 -------- d-----w- c:\program files\TP
2010-03-26 16:39 . 1999-03-23 08:12 299520 ----a-w- c:\windows\uninst.exe
2010-03-26 16:39 . 2010-03-26 16:39 -------- d-----w- c:\documents and settings\Hom\WINDOWS
2010-03-26 15:17 . 2010-03-26 15:17 -------- d-----w- c:\documents and settings\Hom\Ustawienia lokalne\Dane aplikacji\Stardock
2010-03-26 14:54 . 2010-03-26 14:54 -------- d-----w- c:\program files\CursorXP
2010-03-26 14:46 . 2010-03-26 14:46 -------- d-----w- c:\program files\Mintra Systems
2010-03-24 15:06 . 2010-03-24 15:06 -------- d-----w- c:\program files\Common Files\Spolszczenie do Lineage II
2010-03-24 14:56 . 2009-04-06 08:08 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-03-21 16:02 . 2010-03-21 16:02 -------- d-----w- c:\windows\Logs
2010-03-15 12:31 . 2010-03-15 12:31 -------- d-----w- c:\documents and settings\Hom\Dane aplikacji\TeamViewer
2010-03-15 12:31 . 2010-03-15 12:31 -------- d-----w- c:\program files\TeamViewer
2010-03-10 16:28 . 2010-03-10 16:32 -------- d-----w- c:\documents and settings\Hom\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
2010-03-10 16:28 . 2010-03-28 16:24 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
2010-03-10 16:28 . 2010-03-10 16:28 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-08 06:57 . 2010-03-08 06:57 -------- d-----w- c:\documents and settings\Hom\Dane aplikacji\Juce VST Host
2010-02-28 20:49 . 2010-02-28 21:02 -------- d-----w- c:\program files\18 Wheels of Steel Across America
2010-02-28 14:08 . 2010-02-28 14:08 -------- d-----w- c:\program files\[UnFair-Games] M2 Multi Hack v7.0.exe
2010-02-27 10:44 . 2010-02-27 10:44 -------- d-----w- c:\documents and settings\Hom\Dane aplikacji\Nvu
2010-02-27 10:44 . 2010-02-27 10:44 -------- d-----w- c:\program files\Nvu
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 16:24 . 2009-12-29 12:37 -------- d-----w- c:\program files\Common Files\Akamai
2010-03-28 16:00 . 2010-01-23 10:09 -------- d-----w- c:\program files\Spyware Terminator
2010-03-28 15:51 . 2009-11-20 13:56 -------- d-----w- c:\documents and settings\Hom\Dane aplikacji\foobar2000
2010-03-28 15:35 . 2010-01-23 10:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator
2010-03-27 11:42 . 2009-12-13 14:18 -------- d-----w- c:\program files\McFunSoft Video Solution
2010-03-26 17:54 . 2009-12-28 15:40 -------- d-----w- c:\documents and settings\Hom\Dane aplikacji\uTorrent
2010-03-24 14:39 . 2009-11-20 13:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 15:46 . 2010-03-26 19:08 61712 ----a-w- c:\documents and settings\All Users\Dane aplikacji\BarDiscover\bardiscover117.exe
2010-03-18 17:21 . 2009-12-02 14:19 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-03-08 14:46 . 2009-11-20 12:30 42632 ----a-w- c:\documents and settings\Hom\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-03-08 06:59 . 2009-12-28 15:07 -------- d-----w- c:\program files\Gravity
2010-03-06 07:10 . 2010-01-21 09:34 -------- d-----w- c:\program files\BearShare
2010-03-03 15:11 . 2010-02-01 17:26 -------- d-----w- c:\documents and settings\Hom\Dane aplikacji\dvdcss
2010-02-19 07:35 . 2010-02-19 07:21 -------- d-----w- c:\program files\MTA San Andreas
2010-02-15 18:00 . 2010-03-27 11:49 94208 ----a-w- c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\nprpjplug.dll
2010-02-15 18:00 . 2010-03-27 11:49 140864 ----a-w- c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\nppl3260.dll
2010-02-10 17:39 . 2010-02-10 17:39 -------- d-----w- c:\program files\The Logo Creator v5
2010-02-04 18:31 . 2010-02-04 18:31 -------- d-----w- c:\documents and settings\Hom\Dane aplikacji\Nokia Multimedia Player
2010-01-31 15:36 . 2010-01-31 15:36 221184 ----a-w- c:\windows\system32\UAService7.exe
2010-01-31 15:36 . 2010-01-31 15:36 -------- d--h--r- c:\documents and settings\All Users\Dane aplikacji\SecuROM
2010-01-31 15:27 . 2010-01-31 15:27 -------- d-----w- c:\program files\Atari
2010-01-31 14:23 . 2010-01-31 14:23 4096 ----a-w- c:\windows\d3dx.dat
2010-01-31 14:13 . 2010-01-31 14:13 -------- d-----w- c:\program files\Piranha Bytes
2010-01-23 12:38 . 2010-01-23 12:38 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-23 12:38 . 2010-01-23 12:38 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-23 10:13 . 2010-01-23 10:13 135936 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-23 10:09 . 2010-01-23 10:09 5632 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdel.exe
2010-01-23 10:09 . 2010-01-23 10:09 5632 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator\fileobjinfo.sys
2010-01-14 20:13 . 2010-01-14 20:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-14 20:13 . 2010-01-14 20:13 152576 ----a-w- c:\documents and settings\Hom\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-14 20:09 . 2010-01-14 20:09 79488 ----a-w- c:\documents and settings\Hom\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-11 18:10 . 2009-12-13 14:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-11 18:10 . 2009-12-13 14:18 47360 ----a-w- c:\documents and settings\Hom\Dane aplikacji\pcouffin.sys
2010-01-11 18:10 . 2009-12-13 14:18 47360 ----a-w- c:\documents and settings\Hom\Dane aplikacji\pcouffin.sys
2010-01-11 18:10 . 2009-12-13 14:18 151552 ----a-w- c:\documents and settings\Hom\Dane aplikacji\ezpinst.exe
2010-01-11 18:10 . 2009-12-13 14:18 151552 ----a-w- c:\documents and settings\Hom\Dane aplikacji\ezpinst.exe
2010-01-10 15:56 . 2009-12-04 08:57 50 ----a-w- c:\windows\system32\bridf08b.dat
2010-01-01 14:09 . 2001-10-26 17:15 77684 ----a-w- c:\windows\system32\perfc015.dat
2010-01-01 14:09 . 2001-10-26 17:15 457738 ----a-w- c:\windows\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"Gadu-Gadu 10"="d:\program files\Gadu-Gadu 10\gg.exe" [2010-01-20 12137064]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2007-03-02 255488]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1589248]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 104304]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 16208384]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 284200]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 124192]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 406816]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 163840]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-14 149280]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-23 2900992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Hom\Menu Start\Programy\Autostart\
spoolsvcs.exe [2010-2-28 566045]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\M2\\metin2.bin"=
"e:\\M2\\metin2client.bin"=
"e:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"d:\\Nowy folder\\metin2.bin"=
"d:\\Nowy folder\\metin2client.bin"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\m22\\XLasT.exe"=
"e:\\xworld\\X-World.exe"=
"e:\\avalon\\Metin2Mod.bin"=
"d:\\Nowy folder\\Metin2Mod.bin"=
"d:\\Nowy folder\\metin2modpl.bin"=
"e:\\m22\\Metin2Mod.bin"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"e:\\metek\\matieedit\\Luncher xLasT.exe"=
"c:\\windows\\system32\\nwiz.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\DOCUME~1\\Hom\\USTAWI~1\\Temp\\pvpv.exe"=
"c:\\DOCUME~1\\Hom\\USTAWI~1\\Temp\\winavssj.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-28 717296]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 81688]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-01-23 135936]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
R2 BarDiscover Service;BarDiscover Service;c:\documents and settings\All Users\Dane aplikacji\BarDiscover\bardiscover117.exe [2010-03-26 61712]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
S3 FileObjInfo;STFileDriver;c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator\fileobjinfo.sys [2010-01-23 5632]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-13 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-13 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - ABP470N5
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.entretieneteds.vze.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hom\Dane aplikacji\Mozilla\Firefox\Profiles\lvsh30pf.default\
FF - prefs.js: browser.startup.homepage - google.pl
FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\nppl3260.dll
FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin.dll
FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin2.dll
FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin3.dll
FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin4.dll
FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin5.dll
FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
AddRemove-Gothic : Negreth (prolog) - c:\program files\Gothic II\Uninstal.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 18:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x898DB1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> 0x8986b1f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xba4ecba0
PacketIndicateHandler -> NDIS.sys @ 0xba4f9b21
SendHandler -> NDIS.sys @ 0xba4d787b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-2000478354-329068152-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:03,f5,8f,bd,d0,33,2a,ca,72,4c,3b,db,3a,9d,9c,40,d4,f1,d9,98,e6,41,97,
1a,d0,41,1e,29,30,87,7b,1f,e6,1a,0a,33,31,40,99,54,5a,fd,d7,44,ab,50,83,1f,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):66,8f,53,b8,eb,04,2b,26,2d,14,ad,ba,10,ce,32,c5,f6,ef,db,a8,c0,
53,ab,5d,b9,12,78,22,f4,1b,7c,63,23,0b,3a,42,e6,6f,7a,a5,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7ab8eff4-b6f4-4260-9d44-cdfc1946e6ca}]
@Denied: (Full) (Everyone)
"Model"=dword:00000168
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,02,83,28,a5,e9,6c,4e,bb,77,b8,b8,60,ba,22,8f,4f,c3,c5,71,9b,26,4f,
5f,9d,4b,1e,f7,3a,60,2c,00,42,8d,da,3a,ee,4c,43,9d,07,f6,35,31,2e,aa,e0,22,\
"??"=hex:09,73,f3,ad,82,e7,3b,29,4f,02,aa,d9,82,d7,18,09
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(3376)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSPL.DLL
c:\program files\BarDiscover\bardiscover.dll
c:\windows\system32\nvwddi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\windows\system32\rundll32.exe
c:\documents and settings\Hom\Menu Start\Programy\Autostart\spoolsvcs.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NetLimiter 2 Monitor\nlsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UAService7.exe
c:\program files\NetLimiter 2 Monitor\NLClient.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\BarDiscover\bardiscover.exe
c:\docume~1\Hom\USTAWI~1\Temp\pvpv.exe
c:\docume~1\Hom\USTAWI~1\Temp\winavssj.exe
.
**************************************************************************
.
Czas ukończenia: 2010-03-28 18:29:14 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-03-28 16:29
Przed: 3 850 829 824 bajtów wolnych
Po: 3 759 362 048 bajtów wolnych
- - End Of File - - 00F1E48D1305CA1C642B24CEF953A661
[/code]
Da sie to jakoś naprawić ? ;/