Oto mój log z ComboFix:
ComboFix 09-05-29.01 - Fischu 2009-05-30 12:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3326.2732 [GMT 2:00]
Uruchomiony z: k:\documents and settings\Fischu\Pulpit\combo\ComboFix.exe
Użyto następujących komend :: k:\documents and settings\Fischu\Pulpit\combo\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090515-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
k:\program files\Norton2009Reset.exe
k:\windows\jestertb.dll
k:\windows\system32\AutoRun.inf
k:\windows\system32\Plugins
k:\windows\system32\Plugins\Hoster\aCallbackMethods.dll
k:\windows\system32\Plugins\Hoster\archivto.dll
k:\windows\system32\Plugins\Hoster\bluehostto.dll
k:\windows\system32\Plugins\Hoster\dataupde.dll
k:\windows\system32\Plugins\Hoster\fastloadnet.dll
k:\windows\system32\Plugins\Hoster\fastshareorg.dll
k:\windows\system32\Plugins\Hoster\fileuploadnet.dll
k:\windows\system32\Plugins\Hoster\megauploadcom.dll
k:\windows\system32\Plugins\Hoster\meinuploadcom.dll
k:\windows\system32\Plugins\Hoster\moosharede.dll
k:\windows\system32\Plugins\Hoster\myvideode.dll
k:\windows\system32\Plugins\Hoster\netloadin.dll
k:\windows\system32\Plugins\Hoster\PluginSettings.ini
k:\windows\system32\Plugins\Hoster\qsharecom.dll
k:\windows\system32\Plugins\Hoster\rapidsharecom.dll
k:\windows\system32\Plugins\Hoster\shareonlinebiz.dll
k:\windows\system32\Plugins\Hoster\shareplacecom.dll
k:\windows\system32\Plugins\Hoster\silofilescom.dll
k:\windows\system32\Plugins\Hoster\speedysharecom.dll
k:\windows\system32\Plugins\Hoster\uploadedto.dll
k:\windows\system32\Plugins\Hoster\yourfilesbiz.dll
k:\windows\system32\Plugins\Hoster\youtubecom.dll
k:\windows\system32\Plugins\YouCrypt\callbackmethods.dll
k:\windows\system32\Plugins\YouCrypt\captcha.dll
k:\windows\system32\Plugins\YouCrypt\cineto.dll
k:\windows\system32\Plugins\YouCrypt\datenbankorg.dll
k:\windows\system32\Plugins\YouCrypt\datenschleuder.dll
k:\windows\system32\Plugins\YouCrypt\ddlscene.dll
k:\windows\system32\Plugins\YouCrypt\ddlwarez.dll
k:\windows\system32\Plugins\YouCrypt\dreidl.dll
k:\windows\system32\Plugins\YouCrypt\dxpdivxvidorg.dll
k:\windows\system32\Plugins\YouCrypt\gameblog.dll
k:\windows\system32\Plugins\YouCrypt\gamezam.dll
k:\windows\system32\Plugins\YouCrypt\gapping.dll
k:\windows\system32\Plugins\YouCrypt\gwarez.dll
k:\windows\system32\Plugins\YouCrypt\linkbank.dll
k:\windows\system32\Plugins\YouCrypt\linksafe.dll
k:\windows\system32\Plugins\YouCrypt\LinkSave.dll
k:\windows\system32\Plugins\YouCrypt\lix.dll
k:\windows\system32\Plugins\YouCrypt\mirrorit.dll
k:\windows\system32\Plugins\YouCrypt\netfolderin.dll
k:\windows\system32\Plugins\YouCrypt\onekh.dll
k:\windows\system32\Plugins\YouCrypt\rapidfolder.dll
k:\windows\system32\Plugins\YouCrypt\rapidlayer.dll
k:\windows\system32\Plugins\YouCrypt\rapidsafede.dll
k:\windows\system32\Plugins\YouCrypt\rapidsafenet.dll
k:\windows\system32\Plugins\YouCrypt\relinkus.dll
k:\windows\system32\Plugins\YouCrypt\RScomLinkList.dll
k:\windows\system32\Plugins\YouCrypt\rslayer.dll
k:\windows\system32\Plugins\YouCrypt\saveraidrush.dll
k:\windows\system32\Plugins\YouCrypt\secured.dll
k:\windows\system32\Plugins\YouCrypt\securnet.dll
k:\windows\system32\Plugins\YouCrypt\serienjunkies.dll
k:\windows\system32\Plugins\YouCrypt\shareonall.dll
k:\windows\system32\Plugins\YouCrypt\shareprotect.dll
k:\windows\system32\Plugins\YouCrypt\stealth.dll
k:\windows\system32\Plugins\YouCrypt\tinyurl.dll
k:\windows\system32\Plugins\YouCrypt\UndergroundCMS.dll
k:\windows\system32\Plugins\YouCrypt\uppicoasis.dll
k:\windows\system32\Plugins\YouCrypt\urlcash.dll
k:\windows\system32\Plugins\YouCrypt\usercashcom.dll
k:\windows\system32\Plugins\YouCrypt\xlinkin.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_.norton2009Reset
((((((((((((((((((((((((( Pliki utworzone od 2009-04-28 do 2009-05-30 )))))))))))))))))))))))))))))))
.
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w k:\windows\system32\xfcodec.dll
2009-05-16 09:36 . 2009-05-16 09:36 64785 ----a-w k:\windows\BricoPackUninst.cmd
2009-05-16 09:34 . 2009-05-16 09:36 6116 ----a-w k:\windows\BricoPackFoldersDelete.cmd
2009-05-16 09:33 . 2009-05-16 09:33 -------- d-----w k:\windows\BricoPacks
2009-05-15 17:19 . 2009-05-15 17:19 604416 ----a-w k:\windows\system32\TUProgSt.exe
2009-05-15 17:19 . 2009-04-27 12:21 28928 ----a-w k:\windows\system32\uxtuneup.dll
2009-05-15 17:19 . 2009-05-15 17:19 361216 ----a-w k:\windows\system32\TuneUpDefragService.exe
2009-05-15 17:17 . 2009-05-15 17:17 -------- d-----w k:\documents and settings\Fischu\Dane aplikacji\TuneUp Software
2009-05-15 17:16 . 2009-05-15 17:16 -------- d-----w k:\documents and settings\All Users\Dane aplikacji\TuneUp Software
2009-05-15 17:16 . 2009-05-16 09:04 -------- d-----w k:\program files\TuneUp Utilities 2009
2009-05-15 17:16 . 2009-05-15 17:16 -------- d-sh--w k:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-15 14:55 . 2009-05-15 14:56 -------- d-----w k:\program files\GTactix
2009-05-14 13:53 . 2009-05-30 10:20 664 ----a-w k:\windows\system32\d3d9caps.dat
2009-05-11 14:09 . 1998-10-07 09:54 327168 ----a-w k:\windows\IsUn0415.exe
2009-05-10 09:39 . 2008-04-14 20:51 221184 ----a-w k:\windows\system32\wmpns.dll
2009-05-09 21:24 . 2008-04-14 20:51 294912 -c----w k:\windows\system32\dllcache\dlimport.exe
2009-05-08 11:41 . 2009-05-09 20:59 -------- d-----w k:\documents and settings\Fischu\Ustawienia lokalne\Dane aplikacji\Rockstar Games
2009-05-08 09:54 . 2009-05-08 09:55 -------- d-----w k:\windows\system32\drivers\umdf
2009-05-08 09:54 . 2009-05-08 09:54 -------- d-----w k:\windows\system32\xlive
2009-05-08 09:54 . 2009-05-09 21:06 -------- d-----w k:\program files\Microsoft Games for Windows - LIVE
2009-05-08 09:28 . 2009-05-08 09:31 -------- d-----w k:\program files\Rockstar Games
2009-05-05 17:08 . 2009-05-05 17:08 -------- d-----w k:\documents and settings\Fischu\Dane aplikacji\Thinstall
2009-05-03 10:11 . 2001-05-18 11:47 -------- d-----w k:\documents and settings\Fischu\Dane aplikacji\Ventrilo
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 10:19 . 2001-05-23 21:08 3232 ----a-w k:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-05-16 09:37 . 2009-01-29 17:14 -------- d-----w k:\program files\CyberLink
2009-05-16 09:37 . 2009-01-09 19:23 -------- d-----w k:\program files\ipla
2009-05-16 09:36 . 2004-08-04 00:44 219648 ----a-w k:\windows\system32\uxtheme.dll
2009-05-16 09:21 . 2009-01-07 21:23 452000 ----a-w k:\documents and settings\Fischu\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-05-16 09:17 . 2009-01-06 18:27 -------- d--h--w k:\program files\InstallShield Installation Information
2009-05-16 09:16 . 2009-02-11 19:39 -------- d-----w k:\program files\PHP
2009-05-16 09:08 . 2009-01-07 16:43 -------- d-----w k:\program files\Valve
2009-05-16 09:08 . 2001-02-17 18:13 -------- d-----w k:\program files\Wiedźmin
2009-05-16 09:05 . 2009-02-01 11:20 -------- d-----w k:\program files\ALLPlayer
2009-05-16 09:05 . 2009-01-13 20:37 -------- d-----w k:\program files\VSD Software
2009-05-15 17:24 . 2001-10-26 16:15 83988 ----a-w k:\windows\system32\perfc015.dat
2009-05-15 17:24 . 2001-10-26 16:15 490808 ----a-w k:\windows\system32\perfh015.dat
2009-05-09 21:28 . 2009-01-06 17:57 86327 ----a-w k:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w k:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w k:\windows\system32\xlivefnt.dll
2009-04-19 15:34 . 2009-04-19 15:34 -------- d-----w k:\program files\Xvid
2009-04-19 15:34 . 2009-04-19 15:34 -------- d-----w k:\program files\FDRLab
2009-04-11 16:22 . 2009-02-27 21:57 -------- d-----w k:\documents and settings\Fischu\Dane aplikacji\mIRC
2009-04-11 16:21 . 2009-02-27 21:57 -------- d-----w k:\program files\mIRC
2009-04-06 13:57 . 2009-04-06 13:57 -------- d-----w k:\documents and settings\Fischu\Dane aplikacji\Nowe Gadu-Gadu
2009-04-06 13:56 . 2009-04-06 13:55 -------- d-----w k:\program files\Nowe Gadu-Gadu
2009-04-05 12:03 . 2009-04-05 12:03 -------- d-----w k:\documents and settings\Fischu\Dane aplikacji\VitySoft
2009-03-25 11:52 . 2009-01-07 21:38 550418 ----a-w k:\windows\system32\x264vfw.dll
2009-01-17 13:24 . 2009-01-17 13:24 1987 ----a-w k:\program files\trapcodeStarglow.log
2009-01-17 13:24 . 2009-01-17 13:24 36868 ----a-w k:\program files\uninst-SoundKeys.exe
2009-01-17 13:23 . 2009-01-17 13:23 1960 ----a-w k:\program files\trapcodeShine.log
2009-01-17 13:22 . 2009-01-17 13:22 36868 ----a-w k:\program files\uninst-Particular.exe
2009-01-17 13:22 . 2009-01-17 13:22 36868 ----a-w k:\program files\uninst-Echospace.exe
2009-01-17 13:21 . 2009-01-17 13:21 4544 ----a-w k:\program files\trapcode3Dstroke.log
2007-07-17 12:13 . 2007-07-12 10:51 61440 ----a-w k:\program files\RGSGrowBounds.aex
2001-03-06 17:11 . 2001-03-06 17:12 39823036 ----a-w k:\program files\boujou 4.msi
2006-05-03 10:06 . 2009-01-18 22:53 163328 --sh--r k:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-01-18 22:53 31232 --sh--r k:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-01-18 22:53 216064 --sh--r k:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="k:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-05-08 306088]
"etmin"="k:\documents and settings\Fischu\Pulpit\etmin.exe" [2008-10-10 24064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="k:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="k:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"avast!"="k:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" - k:\windows\RTHDCPL.EXE [2007-04-12 16132608]
"nwiz"="nwiz.exe" - k:\windows\system32\nwiz.exe [2009-01-15 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="k:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\K:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Monitor Apache Servers.lnk]
path=k:\documents and settings\All Users\Menu Start\Programy\Autostart\Monitor Apache Servers.lnk
backup=k:\windows\pss\Monitor Apache Servers.lnkCommon Startup
[HKLM\~\startupfolder\K:^Documents and Settings^Fischu^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=k:\documents and settings\Fischu\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=k:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\K:^Documents and Settings^Fischu^Menu Start^Programy^Autostart^nero.bat.lnk]
path=k:\documents and settings\Fischu\Menu Start\Programy\Autostart\nero.bat.lnk
backup=k:\windows\pss\nero.bat.lnkStartup
[HKLM\~\startupfolder\K:^Documents and Settings^Fischu^Menu Start^Programy^Autostart^winword.exe.lnk]
path=k:\documents and settings\Fischu\Menu Start\Programy\Autostart\winword.exe.lnk
backup=k:\windows\pss\winword.exe.lnkStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative Live! Cam Manager"="k:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
"CTFMON.EXE"=k:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="k:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="k:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="k:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="k:\program files\Java\jre6\bin\jusched.exe"
"V0420Mon.exe"=k:\windows\V0420Mon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"k:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Polish\\setup.exe"=
"k:\\Program Files\\iTunes\\iTunes.exe"=
"k:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"k:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"k:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"k:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"k:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"k:\\WINDOWS\\system32\\PnkBstrA.exe"=
"k:\\WINDOWS\\system32\\PnkBstrB.exe"=
"k:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"k:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"k:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"k:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"k:\\Program Files\\Xfire\\Xfire.exe"=
"k:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"k:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"k:\\WINDOWS\\system32\\ftp.exe"=
"k:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"k:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"k:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"k:\\Program Files\\GTactix\\GTactix.exe"=
"k:\\WINDOWS\\system32\\dpvsetup.exe"=
"k:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"k:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 hotcore3;hotcore3;k:\windows\system32\drivers\hotcore3.sys [2009-01-07 39472]
R1 aswSP;avast! Self Protection;k:\windows\system32\drivers\aswSP.sys [2009-03-25 114768]
R2 aswFsBlk;aswFsBlk;k:\windows\system32\drivers\aswFsBlk.sys [2009-03-25 20560]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;k:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;k:\windows\system32\TUProgSt.exe [2009-05-15 604416]
S2 Apache2.2;Apache2.2;"c:\serwer\bin\httpd.exe" -k runservice --> c:\serwer\bin\httpd.exe [?]
S3 V0420VID;Live! Cam Vista IM (VF0420);k:\windows\system32\drivers\V0420Vid.sys [2001-02-17 99648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'
2009-05-30 k:\windows\Tasks\1-Click Maintenance.job
- k:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
2009-05-08 k:\windows\Tasks\AppleSoftwareUpdate.job
- k:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
SafeBoot-procexp90.Sys
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 12:21
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="K:\usr/MYSQL/bin/mysqld.exe"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1417001333-1644491937-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:82,f0,1b,21,6f,c4,d5,a5,d3,77,61,eb,59,67,72,ff,5d,b9,cb,b8,d5,
70,c0,fd,f3,91,65,2f,57,3d,de,27,1e,68,90,7f,83,e7,fe,1c,b1,96,e3,72,71,6f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(2748)
k:\windows\system32\WPDShServiceObj.dll
k:\windows\system32\PortableDeviceTypes.dll
k:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
k:\program files\Alwil Software\Avast4\aswUpdSv.exe
k:\program files\Alwil Software\Avast4\ashServ.exe
k:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
k:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
k:\program files\Bonjour\mDNSResponder.exe
k:\program files\Java\jre6\bin\jqs.exe
k:\windows\system32\rundll32.exe
k:\windows\system32\nvsvc32.exe
k:\windows\system32\PnkBstrA.exe
k:\windows\system32\PnkBstrB.exe
k:\windows\system32\wscntfy.exe
k:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
k:\program files\TuneUp Utilities 2009\OneClick.exe
k:\program files\TuneUp Utilities 2009\RegistryCleaner.exe
k:\windows\system32\TuneUpDefragService.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-30 12:24 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-05-30 10:24
Przed: 41 115 340 800 bajtów wolnych
Po: 41 763 241 984 bajtów wolnych
286
Dziękuję za tak szybką odpowiedź.
Pozdrawiam,
Fischu