ComboFix 09-02-12.03 - Greg 2009-02-14 21:57:27.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.1014.608 [GMT 1:00] Uruchomiony z: c:\documents and settings\Greg\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090214-0] *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-14 do 2009-02-14 ))))))))))))))))))))))))))))))) . 2009-02-14 13:12 . 2009-02-14 13:12 2009-02-12 22:44 . 2009-02-12 22:44 2009-02-12 21:33 . 2009-02-12 21:33 2009-02-12 21:33 . 2009-02-12 21:33 2009-02-12 15:35 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys 2009-02-12 15:35 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\dllcache\usbser.sys 2009-02-11 14:34 . 2009-02-11 14:34 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf 2009-02-11 14:34 . 2009-02-11 14:34 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf 2009-02-11 14:33 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll 2009-02-10 21:22 . 2009-02-10 21:22 2009-02-10 21:22 . 2008-07-23 17:50 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2009-02-10 21:22 . 2008-07-04 07:34 860,160 --a------ c:\windows\system32\lameACM.acm 2009-02-10 21:22 . 2008-01-10 13:15 755,027 --a------ c:\windows\system32\xvidcore.dll 2009-02-10 21:22 . 2008-07-25 09:34 683,520 --a------ c:\windows\system32\divx.dll 2009-02-10 21:22 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll 2009-02-10 21:22 . 2008-01-10 13:16 159,839 --a------ c:\windows\system32\xvidvfw.dll 2009-02-10 21:22 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm 2009-02-10 21:22 . 2008-07-25 09:34 81,920 --a------ c:\windows\system32\dpl100.dll 2009-02-10 21:22 . 2008-06-12 19:36 7,680 --a------ c:\windows\system32\ff_vfw.dll 2009-02-10 21:22 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2009-02-10 21:22 . 2007-10-03 16:03 414 --a------ c:\windows\system32\lame_acm.xml 2009-02-10 21:22 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini 2009-02-09 20:17 . 2009-02-09 20:17 2009-02-09 20:17 . 2009-02-09 20:17 2009-02-09 20:17 . 2009-02-09 20:17 2009-02-09 20:16 . 2009-02-09 20:16 2009-02-09 20:16 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2009-02-09 20:15 . 2009-02-09 20:15 2009-02-09 20:15 . 2009-02-09 20:15 2009-02-09 20:15 . 2009-02-09 20:15 2009-02-09 20:15 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll 2009-02-09 20:15 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2009-02-09 20:15 . 2008-09-15 07:56 91,136 --a------ c:\windows\system32\nmwcdcls.dll 2009-02-09 20:15 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2009-02-09 20:15 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys 2009-02-09 20:15 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-02-09 20:15 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2009-02-09 20:13 . 2009-02-09 20:14 2009-02-08 16:09 . 2009-02-08 16:09 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-08 16:04 . 2009-02-08 16:04 2009-02-08 16:04 . 2009-02-08 16:04 2009-02-08 16:03 . 2009-02-08 16:03 2009-02-08 16:03 . 2009-02-08 16:03 2009-01-31 23:28 . 2009-01-31 23:28 2009-01-21 09:27 . 2008-04-14 01:12 7,680 --a------ c:\windows\system32\spdwnwxp.exe 2009-01-21 09:26 . 2006-12-28 20:01 19,569 --a------ c:\windows\003279_.tmp 2009-01-20 10:29 . 2009-01-20 10:29 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-01-16 20:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] “CTSyncU.exe”=“c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe” [2006-11-23 851968] “ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2004-08-10 15360] “updateMgr”=“c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 313472] “AutoConnect”=“c:\program files\AutoConnect\AutoConnect.exe” [2006-12-03 310784] “BitTorrent DNA”=“c:\program files\DNA\btdna.exe” [2009-02-08 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] “igfxtray”=“c:\windows\system32\igfxtray.exe” [2006-03-23 94208] “igfxhkcmd”=“c:\windows\system32\hkcmd.exe” [2006-03-23 77824] “igfxpers”=“c:\windows\system32\igfxpers.exe” [2006-03-23 118784] “ehTray”=“c:\windows\ehome\ehtray.exe” [2005-08-05 64512] “ntiMUI”=“c:\program files\NewTech Infosystems\NTI CD DVD-Maker 7\ntiMUI.exe” [2006-05-15 45056] “ADMTray.exe”=“c:\acer\Empowering Technology\admtray.exe” [2005-10-24 2462208] “IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.E XE” [2004-08-10 208952] “MSPY2002”=“c:\windows\system32\IME\PINTLGNT\ImScI nst.exe” [2004-08-10 59392] “PHIME2002ASync”=“c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE” [2004-08-10 455168] “PHIME2002A”=“c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE” [2004-08-10 455168] “QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2006-10-12 98304] “ePower_DMC”=“c:\acer\Empowering Technology\ePower\ePower_DMC.exe” [2006-08-10 352256] “Acer ePower Management”=“c:\acer\Empowering Technology\ePower\Acer ePower Management.exe” [2006-05-22 3080704] “eRecoveryService”=“c:\acer\Empowering Technology\eRecovery\Monitor.exe” [2006-01-24 397312] “eDataSecurity Loader”=“c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe” [2005-12-27 69632] “BJCFD”=“c:\program files\BroadJump\Client Foundation\CFD.exe” [2003-01-27 376912] “SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-02-08 136600] “AzMixerSel”=“c:\program files\Realtek\InstallShield\AzMixerSel.exe” [2005-12-21 53248] “LManager”=“c:\progra~1\LAUNCH~1\LManager.exe” [2006-07-20 593920] “avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp. exe” [2009-02-05 81000] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 c:\windows\system32\bthprops.cpl] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-10 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-11-24 962661] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @=“Driver” [HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk backup=c:\windows\pss\AOL Companion.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^Greg^Start Menu^Programs^Startup^WallMaster.lnk] path=c:\documents and settings\Greg\Start Menu\Programs\Startup\WallMaster.lnk backup=c:\windows\pss\WallMaster.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] --a------ 2004-03-19 14:17 78960 c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “BthServ”=2 (0x2) “AOL ACS”=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusDisableNotify”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “c:\Program Files\Common Files\AOL\ACS\AOLacsd.exe”= “c:\Program Files\Common Files\AOL\ACS\AOLDial.exe”= “c:\Program Files\Messenger\MSMSGS.EXE”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “c:\Program Files\AOL 9.0\waol.exe”= “c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”= “c:\Program Files\Gadu-Gadu\gg.exe”= “c:\WINDOWS\System32\DPVSETUP.EXE”= “c:\Program Files\Mozilla Firefox\FIREFOX.EXE”= “c:\Program Files\DNA\btdna.exe”= “c:\Program Files\BitTorrent\bittorrent.exe”= “c:\Program Files\SopCast\SopCast.exe”= “c:\Program Files\SopCast\adv\SopAdver.exe”= [HKLM~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] “25777:TCP”= 25777:TCP:BitComet 25777 TCP “25777:UDP”= 25777:UDP:BitComet 25777 UDP “22615:TCP”= 22615:TCP:BitComet 22615 TCP “22615:UDP”= 22615:UDP:BitComet 22615 UDP R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 114768] R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaF sLoc.sys [2005-10-15 12106] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2008-04-06 20560] R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296] R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.s ys [2005-01-14 4010] R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2005-09-13 4392] S3 CEUSBAUDigiTech USB MIDI Driver (MIDI);c:\windows\system32\drivers\ceusbaud.sys [2003-11-01 17920] — Inne Usługi/Sterowniki w Pamięci — *NewlyCreated* - INT15.SYS [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{36d2026e-ac1f-11dc-83b9-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{36d2026f-ac1f-11dc-83b9-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{c9dcb2f4-ac13-11dc-83b8-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{c9dcb2f5-ac13-11dc-83b8-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{c9dcb2f6-ac13-11dc-83b8-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{c9dcb2f7-ac13-11dc-83b8-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{c9dcb2f8-ac13-11dc-83b8-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe HKCU-Run-way tool - c:\docume~1\Greg\APPLIC~1\DRIVEB~1\FunkObjSeek.exe HKLM-Run-AVFX Engine - c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe HKLM-Run-OCAudioIni - c:\program files\One-click Audio Converter\OCAudioIni.exe HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe MSConfigStartUp-Motive SmartBridge - c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe MSConfigStartUp-Run - c:\windows\system32\include\vsserv.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.ask.com/?o=101764l=dis uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}sourceid=ie7rls=com.micros oft:en-USie=utf8oe=utf8 mStart Page = hxxp://zzz.uv.ro/adver.html/ mSearch Bar = hxxp://zzz.uv.ro/adver.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://eu-housecall.trendmicro-europe.c … hcImpl.cab DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://67.15.101.3/g_bin/pl/words_2_0_0_49.cab FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\qvt9wnx4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=ie=UTF-8oe=UTF-8q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - http://www.google.pl FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi … t=gc=1q= FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-14 22:03:35 Windows 5.1.2600 Service Pack 2 FAT NTAPI skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************** ************************ . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-3823592994-2320634651-661099925-1005\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved{F2EFC84F-9B1F-A015-B452-7E3094BF85BD}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) “iakeheddncmbcjnldh”=hex:6b,61,6f,63,62,70,6e,70,6 8,6f,61,63,6c,6c,6b,66,6a,6e, 69,67,69,6b,00,00 “haednkbgnlnhaahm”=hex:6b,61,61,64,6a,6f,62,6f,6a, 70,70,65,67,62,63,69,64,6e, 6b,68,6c,6c,00,00 [HKEY_USERS\S-1-5-21-3823592994-2320634651-661099925-1005\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*] “??”=hex:16,dc,06,33,6d,1c,79,1d,ff,d6,91,88,f9,0d ,5e,25,38,e2,0f,5a,47,89,57, 6b,42,aa,c1,a9,da,12,aa,5c,e4,09,55,62,16,af,87,2f ,41,c7,33,d9,8d,e6,7d,43,\ “??”=hex:ec,ab,78,26,4d,f4,9c,fc,3f,fe,1c,dc,be,67 ,74,64 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - ‘explorer.exe’(2716) c:\windows\system32\MSNChatHook.dll c:\windows\system32\sysenv.dll c:\windows\system32\MSVCR71.dll . Czas ukończenia: 2009-02-14 22:08:35 ComboFix-quarantined-files.txt 2009-02-14 21:08:28 Przed: 8˙588˙476˙416 bytes free Po: 9,049,686,016 bytes free 236 — E O F — 2009-02-12 22:00:38 Mił ktoś taki problem, proszę o pomoc, nie chcę robić formata, usunąłem już całą zawartość folderu TEMP. Ps. mam jeszcze jedne pytanie, ten laptop dostałem prawie 2 lata temu od cioci z Anglii i jest w nim oryginalny system Windows XP, jak mogę zrobić aby po formatowanie mieć nadal legalny system. Nie mam żadnej płytki z windowsem. Pod laptopem jest naklejka: Windows XP Media Center Edition 2005 i klucz do windows. Dziękuję z pomoc i odpowiedź, pozdrawiam, turbin