Mam strasznie zamulony komputer. zrobiłem loga z combofixa i nie wiem czy wszystko jest ok. Czyszczenie komputera nic nie pomaga.daje loga i dzięki z pomoc.
ComboFix 08-10-17.01 - Blemer 2008-10-18 14:18:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.238 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Blemer\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
/wow section nieukończony
((((((((((((((((((((((((( Pliki utworzone od 2008-09-18 do 2008-10-18 )))))))))))))))))))))))))))))))
.
2008-10-18 14:10 . 2008-10-18 14:12
2008-10-15 22:09 . 2008-10-15 22:10 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-15 22:05 . 2008-08-14 15:26 2,190,464 -----c— C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 22:05 . 2008-08-14 15:26 2,146,816 -----c— C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 22:05 . 2008-08-14 15:26 2,067,328 -----c— C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 22:05 . 2008-08-14 15:26 2,025,472 -----c— C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 22:05 . 2008-09-15 17:27 1,846,656 -----c— C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 22:05 . 2008-09-08 12:41 333,824 -----c— C:\WINDOWS\system32\dllcache\srv.sys
2008-10-04 14:57 . 2008-10-04 14:59
2008-10-04 14:57 . 2008-10-04 14:57
2008-09-30 11:44 . 2008-09-30 11:46
2008-09-30 10:37 . 2008-04-11 21:06 691,712 -----c— C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-30 10:37 . 2008-06-14 19:36 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-30 10:18 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-30 10:10 . 2008-09-30 10:10
2008-09-30 10:10 . 2008-09-30 10:10
2008-09-30 10:10 . 2008-09-30 10:10
2008-09-30 10:07 . 2008-09-30 10:07
2008-09-30 09:46 . 2004-08-04 00:35 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 06:28 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-10-18 06:04 --------- d-----w C:\Documents and Settings\Blemer\Dane aplikacji\AVG7
2008-10-16 06:08 --------- d-----w C:\Program Files\eMule
2008-10-14 10:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy
2008-10-14 07:15 --------- d-----w C:\Program Files\Spybot - Search Destroy
2008-10-02 20:27 --------- d-----w C:\Program Files\Malwarebytes’ Anti-Malware
2008-09-15 15:27 1,846,656 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 07:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-15 07:36 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-14 13:33 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-09-14 10:17 --------- d-----w C:\Program Files\Spyware Doctor
2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-29 13:11 --------- d-----w C:\Program Files\Anti Trojan Elite
2008-08-26 21:39 --------- d-----w C:\Documents and Settings\Blemer\Dane aplikacji\Malwarebytes
2008-08-26 21:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2008-08-26 21:20 449,846 ----a-w C:\HaxFix.exe
2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-20 13:08 --------- d-----w C:\Program Files\Gadu-Gadu
2008-08-19 23:36 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-08-14 13:26 2,190,464 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,067,328 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ares”=“C:\Program Files\Ares\Ares.exe” [2008-02-20 963072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Ashampoo FireWall”=“C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” [2007-04-05 3251800]
“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2008-07-22 579584]
“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-04-10 1107848]
“Anti Trojan Elite”=“C:\Program Files\Anti Trojan Elite\TJEnder.exe” [2008-06-09 3579904]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe” [2008-07-21 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.divxa32”= msaud32_divx.acm
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ATI CATALYST – pasek zadań.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ATI CATALYST – pasek zadań.lnk
backup=C:\WINDOWS\pss\ATI CATALYST – pasek zadań.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
–a------ 2008-06-09 20:17 3579904 C:\Program Files\Anti Trojan Elite\TJEnder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
–a------ 2008-02-20 16:33 963072 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
–a------ 2005-08-06 01:07 61440 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
–a------ 2008-04-14 19:21 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
–a------ 2008-04-10 15:14 1107848 C:\Program Files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
–a------ 2008-03-03 14:44 266240 C:\Program Files\Odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
–a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Program Files\Spybot - Search Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2008-07-09 23:33 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
–a------ 2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\Grisoft\AVG7\avginet.exe”=
“C:\Program Files\Grisoft\AVG7\avgamsvr.exe”=
“C:\Program Files\Grisoft\AVG7\avgcc.exe”=
“C:\Program Files\Grisoft\AVG7\avgemc.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Ares\Ares.exe”=
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 45056]
R3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 5969]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 69656]
*Newly Created Service* - CATCHME
.
Zawartość folderu ‘Zaplanowane zadania’
2008-08-23 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Blemer\Dane aplikacji\Mozilla\Firefox\Profiles\46wk9cz2.default\
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 14:19:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
“ImagePath”="??\C:\DOCUME~1\Blemer\USTAWI~1\Temp\ASFWHide"
.
Czas ukończenia: 2008-10-18 14:21:17
ComboFix-quarantined-files.txt 2008-10-18 12:21:11
Przed: 8 916 918 272 bajtów wolnych
Po: 8,907,288,576 bajtów wolnych
160 — E O F — 2008-10-15 20:10:52