Zamulony komp i wirus?


(Przemozeus) #1

Wczoraj mój Kaspersky znalazł niby jakiegoś wirusa lecz nie potrafił go usunąć. Odpaliłem więc Combofixa który chyba go sprzątnął. Przeprowadziłem skany Kasperskim oraz online mks_vir które nic nie znalazły. Lecz komp jest szaleńczo zamulony. Aha i dzisiaj przywracałem msconfig chociaż wczoraj jeszcze był. Przesyłam loga z HJThins:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:17:21, on 2009-07-01

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Borland\InterBase\bin\ibguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AutoConnect\AutoConnect.exe

C:\Program Files\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

D:\Ad-AwareAE(dobreprogramy.pl).exe

C:\DOCUME~1\User\USTAWI~1\Temp\mia16.tmp\Ad-AwareAE.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (file missing)

O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233076416671

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/999999/defaults/activex/ips/IPSUploader4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C78951B-54E1-49BD-B25E-630A7309A26A}: NameServer = 192.204.159.1,194.204.152.34

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3B8B986-8D0B-4D18-8F6A-64A6E1E1F6CC}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe (file missing)

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: ArcaBit Tasks Service (AVTasks2) - Unknown owner - C:\Program Files\ArcaBit\Common\arcatasksservice.exe (file missing)

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


--

End of file - 8076 bytes

Oraz wczorajszy log wykonany 2 raz już PO niby zwalczeniu wirusa.

ComboFix 09-06-29.07 - User 2009-06-30 19:11.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.570 [GMT 2:00]

Uruchomiony z: C:\ComboFix.exe

.


((((((((((((((((((((((((( Pliki utworzone od 2009-05-28 do 2009-06-30 )))))))))))))))))))))))))))))))

.


2099-04-17 13:20 . 2099-04-17 13:20	--------	d-----w-	c:\program files\Alwil Software

2009-06-30 17:07 . 2009-06-30 17:08	3044714	----a-r-	C:\ComboFix.exe

2009-06-30 16:33 . 2009-06-30 16:33	27656	----a-w-	c:\windows\system32\drivers\pxsec.sys

2009-06-30 16:33 . 2009-06-30 16:33	22024	----a-w-	c:\windows\system32\drivers\pxscan.sys

2009-06-30 16:33 . 2009-06-30 16:33	--------	d-----w-	c:\program files\Prevx

2009-06-30 16:32 . 2009-06-30 16:32	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\PrevxCSI

2009-06-30 11:07 . 2009-06-30 13:13	--------	d-----w-	C:\zepsute przez serwer

2009-06-28 21:04 . 2009-06-28 21:04	54272	----a-w-	c:\documents and settings\User\Dane aplikacji\GanymedeNet\Online Games\Common\ielauncher.exe

2009-06-28 21:04 . 2009-06-28 21:04	4	----a-w-	c:\windows\system32\proc20744962.bin

2009-06-28 20:58 . 2009-06-28 21:52	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\GanymedeNet

2009-06-28 20:57 . 2009-06-28 20:57	--------	d-----w-	c:\program files\Ganymede

2009-06-28 11:58 . 2009-06-28 11:58	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\Notepad++

2009-06-28 11:58 . 2009-06-28 11:58	--------	d-----w-	c:\program files\Notepad++

2009-06-28 11:54 . 2009-06-28 12:04	--------	d-----w-	C:\Z pena webd

2009-06-27 18:12 . 2002-03-02 22:49	416256	----a-w-	c:\windows\system32\glide3x.dll

2009-06-27 08:43 . 2009-06-27 08:43	--------	d-----w-	c:\program files\Valve

2009-06-26 16:19 . 2009-06-26 18:15	--------	d-----w-	C:\Radiohead-Radiohead-(Boxset_Repack)-7CD-2007-EON

2009-06-26 10:36 . 2009-06-26 10:38	--------	d-----w-	C:\newsys

2009-06-26 10:34 . 2009-06-26 10:42	--------	d-----w-	C:\oldsys

2009-06-25 20:48 . 2009-06-25 20:48	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Age of Empires 3

2009-06-25 20:43 . 2008-06-16 13:28	714240	----a-w-	c:\windows\system32\ntdll.dll

2009-06-25 20:43 . 2008-06-16 13:28	714240	----a-w-	C:\NTDLL.DLL

2009-06-25 20:16 . 2009-06-30 17:00	--------	d-----w-	c:\program files\Steam

2009-06-25 18:54 . 2009-06-25 18:54	--------	d-----w-	c:\program files\Microsoft Games

2009-06-23 23:05 . 2009-06-23 23:05	--------	d-----w-	C:\myD2

2009-06-23 23:05 . 2009-06-23 23:09	1305181	----a-w-	C:\myD2.zip

2009-06-23 23:01 . 2009-06-24 08:51	--------	d-----w-	C:\Dupe1.12_By_QQ-Terozen

2009-06-23 10:31 . 2009-06-23 10:31	--------	d-----w-	c:\program files\Ubisoft

2009-06-21 11:05 . 2009-06-21 11:07	--------	d-----w-	C:\AOE III PL 3w1

2009-06-20 14:05 . 2009-06-20 14:05	32784	----a-w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2009-06-19 18:28 . 2009-06-19 18:31	--------	d-----w-	C:\Hunter safe

2009-06-19 04:53 . 2009-01-22 22:32	33288	----a-w-	c:\windows\system32\drivers\abndis.sys

2009-06-18 22:51 . 2009-06-18 22:51	3888	----a-w-	c:\windows\system32\drivers\NTHANDLE.SYS

2009-06-18 22:50 . 2009-06-18 22:50	--------	d-----w-	C:\WhoLockMe200

2009-06-18 16:01 . 2009-06-24 22:19	--------	d-----w-	C:\CS Source

2009-06-17 23:06 . 2008-06-15 21:08	35328	----a-w-	c:\windows\system32\rundll32.exe

2009-06-17 23:01 . 2009-06-17 23:01	--------	d-----w-	C:\Win MX

2009-06-17 22:54 . 2008-06-16 01:28	290816	----a-w-	c:\windows\system32\dllcache\adsiis51.dll

2009-06-17 22:54 . 2008-06-16 01:28	43520	----a-w-	c:\windows\system32\dllcache\admwprox.dll

2009-06-17 16:19 . 2009-06-17 15:56	2706432	----a-w-	C:\rmslt.exe

2009-06-17 14:21 . 2009-06-17 14:21	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\Malwarebytes

2009-06-17 14:21 . 2009-06-17 14:21	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes

2009-06-16 22:21 . 2009-06-30 11:06	--------	d-----w-	C:\lspfix

2009-06-16 22:17 . 2009-06-17 13:34	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy

2009-06-16 21:12 . 2009-06-16 21:12	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab Setup Files

2009-06-16 20:57 . 2009-06-17 22:08	--------	d-----w-	c:\program files\Common Files\Softwin

2009-06-16 11:07 . 2009-06-16 11:07	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\ZipZag

2009-06-16 11:07 . 2009-06-16 22:48	--------	d-----w-	c:\program files\ZipZag

2009-06-13 17:35 . 2007-03-31 21:00	44544	----a-w-	c:\windows\system32\msxml4a.dll

2009-06-13 17:35 . 2009-06-13 17:35	--------	d-----w-	c:\program files\Common Files\SourceTec

2009-06-13 17:34 . 2009-06-20 09:44	--------	d-----w-	c:\program files\SourceTec

2009-06-11 21:50 . 2009-06-27 17:09	--------	d-----w-	C:\Temp

2009-06-11 15:43 . 2009-06-11 15:43	--------	d-----w-	c:\program files\Microsoft SQL Server

2009-06-11 15:43 . 2009-06-11 15:43	--------	d-----w-	c:\program files\Microsoft Silverlight

2009-06-11 15:43 . 2009-06-11 15:43	112640	----a-w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft\VCExpress\9.0\1033\ResourceCache.dll

2009-06-11 15:42 . 2009-06-11 15:42	416	----a-w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2009-06-11 15:40 . 2009-06-11 15:41	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0

2009-06-11 15:40 . 2009-06-11 15:40	--------	d-----w-	c:\program files\Common Files\Merge Modules

2009-06-11 15:39 . 2009-06-11 15:39	--------	d-----w-	c:\program files\Microsoft SDKs

2009-06-11 15:35 . 2009-06-11 20:52	--------	d-----w-	c:\windows\SxsCaPendDel

2009-06-11 15:26 . 2009-03-16 21:36	931672	----a-w-	c:\windows\system32\XAudioD2_4.dll

2009-06-11 15:26 . 2009-03-16 21:35	343368	----a-w-	c:\windows\system32\XactEngineD3_4.dll

2009-06-11 15:26 . 2009-03-16 21:35	125768	----a-w-	c:\windows\system32\XAPOFXD1_3.dll

2009-06-11 15:26 . 2009-03-16 21:35	428888	----a-w-	c:\windows\system32\XactEngineA3_4.dll

2009-06-11 15:26 . 2009-03-16 21:35	4280136	----a-w-	c:\windows\system32\D3dx9d_41.dll

2009-06-11 15:26 . 2009-03-16 21:35	358728	----a-w-	c:\windows\system32\dinput8d.dll

2009-06-11 15:26 . 2009-03-16 21:35	45384	----a-w-	c:\windows\system32\X3DAudioD1_6.dll

2009-06-11 15:26 . 2009-03-16 21:36	3795784	----a-w-	c:\windows\system32\d3dx9d_33.dll

2009-06-11 15:26 . 2009-03-16 21:36	3083592	----a-w-	c:\windows\system32\d3d9d.dll

2009-06-11 15:26 . 2009-03-16 21:35	348504	----a-w-	c:\windows\system32\d3dref9.dll

2009-06-11 15:26 . 2009-03-16 21:35	497480	----a-w-	c:\windows\system32\D3DX10d_41.dll

2009-06-11 15:23 . 2009-06-11 15:26	--------	d-----w-	c:\program files\Microsoft DirectX SDK (March 2009)

2009-06-11 15:23 . 2009-06-11 15:24	--------	d-----w-	c:\windows\Logs

2009-06-11 15:22 . 2009-06-11 15:22	118104	----a-w-	c:\windows\dxsdkuninst.exe

2009-06-11 13:16 . 2009-06-11 18:45	--------	d-----w-	C:\Dev-Cpp

2009-06-11 12:45 . 2001-11-29 06:50	28672	----a-w-	c:\windows\system32\ibxml.dll

2009-06-11 12:45 . 2001-11-29 06:50	376832	----a-w-	c:\windows\system32\gds32.dll

2009-06-11 12:45 . 2001-11-29 06:50	177152	----a-w-	c:\windows\system32\ibinstall.dll

2009-06-11 12:44 . 2009-06-11 12:44	--------	d-----w-	C:\Inprise

2009-06-11 12:38 . 2009-06-11 12:43	--------	d-----w-	c:\program files\Common Files\Borland Shared

2009-06-11 08:12 . 2009-06-11 08:12	1055498	----a-w-	c:\windows\system32\libodbc++.dll

2009-06-11 00:08 . 2009-06-11 00:08	--------	d-----w-	C:\bgi

2009-06-11 00:04 . 2009-06-11 00:04	573440	----a-w-	c:\windows\system32\alleg42.dll

2009-06-10 16:33 . 2009-06-10 16:33	1580550	----a-w-	c:\windows\system32\nvdata.bin

2009-06-10 16:33 . 2009-06-10 16:33	1310720	----a-w-	c:\windows\system32\nvcuvenc.dll

2009-06-10 15:32 . 2009-06-15 19:50	--------	d-----w-	C:\winbgi

2009-06-10 06:28 . 2009-06-10 06:28	3510272	----a-w-	c:\windows\system32\nvgames.dll

2009-06-10 06:28 . 2009-06-10 06:28	5890048	----a-w-	c:\windows\system32\nvdispsr.dll

2009-06-10 06:28 . 2009-06-10 06:28	4022272	----a-w-	c:\windows\system32\nvdisps.dll

2009-06-10 06:28 . 2009-06-10 06:28	86016	----a-w-	c:\windows\system32\nvmctray.dll

2009-06-10 06:28 . 2009-06-10 06:28	168004	----a-w-	c:\windows\system32\nvsvc32.exe

2009-06-10 06:28 . 2009-06-10 06:28	143360	----a-w-	c:\windows\system32\nvcolor.exe

2009-06-10 06:28 . 2009-06-10 06:28	13758464	----a-w-	c:\windows\system32\nvcpl.dll

2009-06-10 06:28 . 2009-06-10 06:28	229376	----a-w-	c:\windows\system32\nvmccs.dll

2009-06-08 19:35 . 2009-06-08 19:35	--------	d-----w-	C:\KOSTKA_pliki

2009-06-03 20:51 . 2009-06-03 20:51	129	----a-w-	c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

2009-06-03 20:51 . 2009-06-03 20:51	--------	d-----w-	c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\ApplicationHistory

2009-06-03 20:49 . 2009-06-03 20:49	--------	d-----w-	c:\program files\Microsoft Visual Studio .NET 2003

2009-06-03 20:43 . 2009-06-03 20:43	--------	d-----w-	c:\windows\system32\URTTEMP

2009-06-02 17:30 . 2009-06-11 17:23	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\Dev-Cpp

2009-06-02 17:23 . 2009-06-02 17:23	--------	d-----w-	c:\windows\system32\&Logs

2009-06-02 17:16 . 2009-06-20 10:05	--------	d-----w-	c:\program files\ArcaBit


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-30 17:08 . 2009-06-20 09:46	7512096	--sha-w-	c:\windows\system32\drivers\fidbox.dat

2009-06-30 17:08 . 2009-06-20 09:46	60816	--sha-w-	c:\windows\system32\drivers\fidbox.idx

2009-06-30 17:08 . 2009-06-20 09:46	639008	--sha-w-	c:\windows\system32\drivers\fidbox2.dat

2009-06-30 17:08 . 2009-06-20 09:46	4312	--sha-w-	c:\windows\system32\drivers\fidbox2.idx

2009-06-30 17:05 . 2008-11-23 14:46	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\uTorrent

2009-06-30 17:00 . 2009-06-20 09:46	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab

2009-06-30 17:00 . 2008-04-15 20:06	--------	d-----w-	c:\program files\AutoConnect

2009-06-27 17:33 . 2009-01-27 16:46	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\mIRC

2009-06-27 11:46 . 2009-01-08 21:42	--------	d-----w-	c:\program files\LookDisk

2009-06-27 10:00 . 2009-01-27 16:46	--------	d-----w-	c:\program files\mIRC

2009-06-26 16:40 . 2008-06-23 14:27	--------	d-----w-	c:\program files\FlashGet

2009-06-26 15:03 . 2008-11-27 16:19	65752	----a-w-	c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-06-25 19:07 . 2008-04-15 19:43	--------	d--h--w-	c:\program files\InstallShield Installation Information

2009-06-21 11:06 . 2008-12-21 12:14	9694	----a-w-	c:\windows\irunin.dat

2009-06-21 11:06 . 2008-12-21 12:14	720896	----a-w-	c:\windows\iun6002.exe

2009-06-20 14:05 . 2008-01-29 15:29	33808	----a-w-	c:\windows\system32\drivers\klbg.sys

2009-06-20 14:05 . 2009-06-20 14:05	227344	----a-w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2009-06-20 14:05 . 2009-06-20 14:05	206088	----a-w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\avp.exe

2009-06-20 14:05 . 2009-06-20 09:46	94643	----a-w-	c:\windows\system32\drivers\klick.dat

2009-06-20 14:05 . 2009-06-20 09:46	105395	----a-w-	c:\windows\system32\drivers\klin.dat

2009-06-20 14:05 . 2009-06-20 14:05	33808	----a-w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2009-06-20 14:05 . 2009-06-20 14:05	206088	----a-w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe

2009-06-20 14:05 . 2009-06-20 14:05	226832	----a-w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2009-06-20 10:05 . 2008-08-15 14:05	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard

2009-06-20 09:46 . 2009-06-20 09:46	--------	d-----w-	c:\program files\Kaspersky Lab

2009-06-19 22:19 . 2008-12-18 17:12	107266	----a-w-	c:\windows\DIIUnin.dat

2009-06-18 19:23 . 2008-11-23 14:40	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help

2009-06-17 22:10 . 2008-12-03 17:04	--------	d---a-w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP

2009-06-17 21:56 . 2008-11-23 13:38	167376	----a-w-	c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\cib6129a.default\FlashGot.exe

2009-06-17 07:43 . 2008-12-28 00:42	45056	----a-w-	c:\documents and settings\User\Dane aplikacji\Microsoft\Installer\{72D14582-8FF9-4678-9099-A04C3ABFDD7E}\Shutd.exe_72D145828FF946789099A04C3ABFDD7E.exe

2009-06-17 07:43 . 2008-12-28 00:42	45056	----a-w-	c:\documents and settings\User\Dane aplikacji\Microsoft\Installer\{72D14582-8FF9-4678-9099-A04C3ABFDD7E}\Shutd.exe1_72D145828FF946789099A04C3ABFDD7E.exe

2009-06-17 07:43 . 2008-01-15 11:42	88576	----a-w-	c:\documents and settings\User\Dane aplikacji\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe

2009-06-17 07:43 . 2008-06-23 12:42	161280	----a-w-	c:\documents and settings\Przemo.MASTER\Dane aplikacji\Mozilla\Firefox\Profiles\cib6129a.default\FlashGot.exe

2009-06-17 07:43 . 2008-07-29 09:51	45056	----a-w-	c:\documents and settings\Przemo.MASTER\Dane aplikacji\Mind Technologies\Visual Mind 10\vmweb\Extractor.exe

2009-06-17 07:43 . 2008-08-07 23:21	45056	----a-w-	c:\documents and settings\Przemo.MASTER\Dane aplikacji\Microsoft\Installer\{72D14582-8FF9-4678-9099-A04C3ABFDD7E}\Shutd.exe_72D145828FF946789099A04C3ABFDD7E.exe

2009-06-17 05:14 . 2008-06-28 09:45	--------	d-----w-	c:\program files\Last.fm

2009-06-17 05:02 . 2008-11-17 21:22	--------	d-----w-	c:\program files\Combined Community Codec Pack

2009-06-17 05:02 . 2008-06-12 17:20	--------	d-----w-	c:\program files\ClonyXXL PL

2009-06-17 04:55 . 2009-04-07 19:58	--------	d-----w-	c:\program files\AutoIt3

2009-06-17 04:55 . 2008-04-17 21:27	--------	d-----w-	c:\program files\ASUS WiFi-AP Solo

2009-06-16 21:52 . 2008-06-04 17:41	--------	d-----w-	c:\program files\SlySoft

2009-06-13 16:07 . 2009-05-03 22:36	--------	d-----w-	c:\program files\Cheat Engine

2009-06-11 15:34 . 2009-03-29 06:10	4316	----a-w-	c:\windows\system32\PerfStringBackup.TMP

2009-06-11 12:45 . 2008-12-01 17:02	--------	d-----w-	c:\program files\Borland

2009-06-10 16:33 . 2009-02-09 12:18	671744	----a-w-	c:\windows\system32\nvcuvid.dll

2009-06-10 16:33 . 2008-12-25 23:08	1720320	----a-w-	c:\windows\system32\nvcuda.dll

2009-06-10 16:33 . 2008-11-23 13:32	457248	----a-w-	c:\windows\system32\nvudisp.exe

2009-06-10 16:33 . 2006-06-01 09:22	9998336	----a-w-	c:\windows\system32\nvoglnt.dll

2009-06-10 16:33 . 2006-06-01 09:22	815104	----a-w-	c:\windows\system32\nvapi.dll

2009-06-10 16:33 . 2006-06-01 09:22	8087712	----a-w-	c:\windows\system32\drivers\nv4_mini.sys

2009-06-10 16:33 . 2006-06-01 09:22	5908608	----a-w-	c:\windows\system32\nv4_disp.dll

2009-06-10 16:33 . 2006-06-01 09:22	151552	----a-w-	c:\windows\system32\nvcodins.dll

2009-06-10 16:33 . 2006-06-01 09:22	151552	----a-w-	c:\windows\system32\nvcod.dll

2009-06-08 10:46 . 2008-06-27 10:00	2704	----a-w-	c:\windows\unins000.dat

2009-06-04 14:39 . 2008-11-23 13:26	457248	----a-w-	c:\windows\system32\NVUNINST.EXE

2009-06-03 20:49 . 2008-06-30 12:03	--------	d-----w-	c:\program files\Microsoft.NET

2009-06-02 18:02 . 2008-12-29 17:43	--------	d-----w-	c:\program files\USDownloader

2009-06-01 17:55 . 2009-05-09 22:13	1360	----a-w-	c:\windows\system32\drivers\fwdrv.err

2009-05-24 21:26 . 2009-05-24 20:33	5	----a-w-	c:\windows\system32\SySmp3con.dat

2009-05-16 17:23 . 2009-05-16 17:23	--------	d-----w-	c:\program files\RegDoctor

2009-05-16 16:35 . 2009-04-15 20:18	--------	d-----w-	c:\program files\One-click Audio Converter

2009-05-16 16:27 . 2009-01-14 17:14	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\SpeedBit

2009-05-16 16:26 . 2008-12-23 11:40	--------	d-----w-	c:\program files\MagicISO

2009-05-16 16:25 . 2008-12-29 21:40	--------	d-----w-	c:\program files\StealthBot

2009-05-16 16:25 . 2009-03-17 17:48	--------	d-----w-	c:\program files\Avira

2009-05-11 16:10 . 2009-05-11 16:10	311936	----a-w-	c:\documents and settings\User\Dane aplikacji\MobMapUpdater\MobMapUpdaterExternals.dll

2009-05-11 16:10 . 2009-05-11 16:10	--------	d-----w-	c:\documents and settings\User\Dane aplikacji\MobMapUpdater

2009-05-11 13:36 . 2009-05-11 13:14	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment

2009-05-10 12:31 . 2009-05-10 12:31	--------	d-----w-	c:\program files\Radmin Viewer 3

2009-05-09 07:49 . 2009-05-09 07:49	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Blizzard

2009-05-09 07:22 . 2009-05-09 07:22	--------	d-----w-	c:\program files\Kongsoft

2009-05-08 20:44 . 2009-05-08 20:44	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\SlySoft

2009-04-05 15:52 . 2009-04-05 12:58	34	----a-w-	c:\documents and settings\User\jagex_runescape_preferences.dat

2009-04-04 07:33 . 2008-12-17 19:48	21840	----atw-	c:\windows\system32\SIntfNT.dll

2009-04-04 07:33 . 2008-12-17 19:48	17212	----atw-	c:\windows\system32\SIntf32.dll

2009-04-04 07:33 . 2008-12-17 19:48	12067	----atw-	c:\windows\system32\SIntf16.dll

2009-04-04 07:21 . 2008-12-18 17:12	2829	----a-w-	c:\windows\DIIUnin.pif

2009-04-04 07:21 . 2008-12-18 17:12	106496	----a-w-	c:\windows\DIIUnin.exe

2008-12-16 16:52 . 2009-03-15 18:51	61440	----a-w-	c:\program files\mozilla firefox\components\FFComm.dll

2008-03-03 10:27 . 2008-03-03 10:27	28672	----a-w-	c:\program files\mozilla firefox\components\FlashgetXpi.dll

2008-08-07 13:09 . 2008-08-07 13:08	24	--sha-w-	c:\windows\SBA13C4C3.tmp

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-02 310784]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-22 270128]

"Steam"="c:\program files\Steam\Steam.exe" [2009-06-25 1217784]

"ctfmon.exe"="ctfmon.exe" - c:\windows\system32\CTFMON.EXE [2001-02-20 8192]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-06-20 206088]

"CnxDslTaskBar"="c:\program files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [BU]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"Resume copy"="copyfstq.exe" - c:\windows\COPYFSTQ.EXE [2002-03-24 46080]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]


c:\documents and settings\User\Menu Start\Programy\Autostart\

Start Firewall.lnk - c:\windows\system32\net.exe [2008-6-16 42496]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)


[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)


[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^ASUS WiFi-AP Solo.lnk]

backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^CloneCD Updater.exe]

backup=c:\windows\pss\CloneCD Updater.exeStartup


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"d:\\Program Files\\Counter-Strike Source\\hl2.exe"=

"d:\\eMule\\emule.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\FlashGet\\FlashGet.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\WINDOWS\\system32\\nwiz.exe"=

"c:\\Program Files\\RivaTuner v2.24\\RivaTuner.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"50000:TCP"= 50000:TCP:ArcaVir CommunicationPort (A)

"50001:TCP"= 50001:TCP:ArcaVir CommunicationPort (S)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)


R0 AFPAnsi;G-DATA UkrywaczAnsi;c:\windows\system32\drivers\AFPAnsi.sys [2008-12-10 31776]

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-06-30 22024]

R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-06-30 27656]

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-04-26 302000]

R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-04-26 72624]

R2 csiscanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-06-30 4368952]

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2008-06-16 14336]

R3 ABndisMP;ABndisMP;c:\windows\system32\drivers\abndis.sys [2009-06-19 33288]

R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2008-11-23 131072]

R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2008-11-23 618112]

R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [2008-11-23 52736]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]

S0 eubajow;eubajow; [x]

S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2009-04-12 4224]

S1 ABTDI;ABTDI;\??\c:\program files\ArcaBit\ArcaVir\ABTDI.sys --> c:\program files\ArcaBit\ArcaVir\ABTDI.sys [?]

S2 AVTasks2;ArcaBit Tasks Service;c:\program files\ArcaBit\Common\arcatasksservice.exe --> c:\program files\ArcaBit\Common\arcatasksservice.exe [?]

S2 SPF4;Sunbelt Personal Firewall 4; [x]

S3 ABndis;ABndis Service;c:\windows\system32\drivers\abndis.sys [2009-06-19 33288]

S3 ALSysIO;ALSysIO;\??\c:\docume~1\User\USTAWI~1\Temp\ALSysIO.sys --> c:\docume~1\User\USTAWI~1\Temp\ALSysIO.sys [?]

S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-11-23 176128]

S3 SNXPCARD;Golden Series Multiport Adapter Driver;c:\windows\system32\drivers\snxpcard.sys [2008-11-23 17536]

S3 SNXPSERX;Golden Series Port Driver;c:\windows\system32\drivers\snxpserx.sys [2008-11-23 54912]

S3 sterownik;sterownik;\??\c:\documents and settings\User\Pulpit\SlySoft_CloneCD_5.3.1.4_full_by_Exody\SlySoft CloneCD 5.3.1.4 full By Exody\sterownik.sys --> c:\documents and settings\User\Pulpit\SlySoft_CloneCD_5.3.1.4_full_by_Exody\SlySoft CloneCD 5.3.1.4 full By Exody\sterownik.sys [?]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix

IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm

IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm

IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - c:\program files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll

TCP: {2C78951B-54E1-49BD-B25E-630A7309A26A} = 192.204.159.1,194.204.152.34

TCP: {A3B8B986-8D0B-4D18-8F6A-64A6E1E1F6CC} = 194.204.159.1 217.98.63.164

DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-30 19:24

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(1112)

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll


- - - - - - - > 'lsass.exe'(1168)

c:\windows\system32\scecli.dll


- - - - - - - > 'explorer.exe'(2852)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\msi.dll

c:\windows2\system32\WPDShServiceObj.dll

c:\windows2\system32\PortableDeviceTypes.dll

c:\windows2\system32\PortableDeviceApi.dll

.

Czas ukończenia: 2009-06-30 19:27

ComboFix-quarantined-files.txt 2009-06-30 17:27

ComboFix2.txt 2009-06-30 17:06

ComboFix3.txt 2009-06-20 09:28

ComboFix4.txt 2009-06-17 13:05

ComboFix5.txt 2009-06-30 17:09


Przed: 12 384 382 976 bajtów wolnych

Po: 12 373 643 264 bajtów wolnych


363

(djkamil09061991) #2

O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (file missing)

O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (file missing)

sfiksuj w hijack


(Przemozeus) #3

No dobra fixnięte ale to nie to.

W folderze windows pojawiło się kilka plików:

Któryś z nich zawiera Trojan.Agent.ATV

Da się z tym walczyć?