Prosze O Sprawdzenia Loga

[emolans]

A wiec mam dziwny problem... cos spowalnia mi komputer ale nie_mam pojecia co to moze byc

oto log z ComboFixa

 

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix 09-01-21.02 - windows 2009-01-23 17:10:47.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.324 [GMT 1:00

Uruchomiony z: c:\documents and settings\windows\Desktop\combo.exe

AV: iolo AntiVirusŽ *On-access scanning disabled* (Updated)

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\windows\Application Data\02000000ba667f58509C.manifest

c:\documents and settings\windows\Application Data\02000000ba667f58509O.manifest

c:\documents and settings\windows\Application Data\02000000ba667f58509P.manifest

c:\documents and settings\windows\Application Data\02000000ba667f58509S.manifest

c:\windows\system32\mfc45.dll

 

.

((((((((((((((((((((((((( Pliki utworzone od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))

.

 

2009-01-22 21:19 . 2009-01-22 21:19 432 --a------ c:\windows\system32\iolo.ini

2009-01-22 21:15 . 2008-11-12 16:05 118,784 --a------ c:\windows\system32\iavlsp.dll

2009-01-21 12:15 . 2009-01-21 12:15 406 --a------ c:\windows\system32\ioloBootDefrag.cfg

2009-01-21 12:14 . 2009-01-21 12:14 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo

2009-01-21 12:13 . 2009-01-22 13:27 <DIR> d-------- c:\documents and settings\windows\Application Data\iolo

2009-01-21 12:13 . 2009-01-22 21:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo

2009-01-21 11:32 . 2009-01-23 09:03 <DIR> d-------- c:\documents and settings\windows\Application Data\VirusRemover2008

2009-01-21 11:32 . 2009-01-21 11:33 399,872 --a------ c:\documents and settings\All Users\Application Data\FreeApp.exe

2009-01-21 11:05 . 2009-01-21 11:21 73,728 --a------ c:\windows\system32\Gj653UwE.exe

2009-01-20 12:45 . 2009-01-20 12:46 <DIR> d-------- c:\program files\Xvid

2009-01-20 12:45 . 2007-06-28 18:52 765,952 --a------ c:\windows\system32\xvidcore.dll

2009-01-20 12:45 . 2007-06-28 18:54 180,224 --a------ c:\windows\system32\xvidvfw.dll

2009-01-20 12:45 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax

2009-01-19 21:42 . 2009-01-19 21:42 <DIR> d-------- c:\windows\Sun

2009-01-19 14:23 . 2009-01-19 14:23 <DIR> d-------- c:\program files\CCleaner

2009-01-19 14:04 . 2005-12-14 22:16 237,568 --a------ c:\windows\system32\mcstabs.ocx

2009-01-19 14:04 . 2000-05-22 17:58 115,920 --a------ c:\windows\system32\msinet.ocx

2009-01-19 14:04 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL

2009-01-19 12:06 . 2009-01-19 12:05 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-19 12:06 . 2009-01-19 12:05 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-19 12:05 . 2009-01-19 12:05 <DIR> d-------- c:\program files\Java

2009-01-18 22:43 . 2009-01-18 22:43 <DIR> d-------- c:\documents and settings\windows\Application Data\Thinstall

2009-01-14 16:32 . 2009-01-19 12:42 79 --a------ c:\windows\xptools.ini

2009-01-14 16:15 . 2009-01-14 16:15 259,584 --a------ c:\windows\system32\xtbaksm.dat

2009-01-14 16:15 . 2009-01-14 16:15 510 --a------ c:\windows\system32\xtupdate.zip

2009-01-14 16:15 . 2009-01-14 16:15 510 --a------ c:\windows\system32\xtupdate.dat

2009-01-14 15:00 . 2009-01-23 09:56 <DIR> d-------- c:\program files\mIRC

2009-01-11 16:50 . 2009-01-23 12:49 <DIR> d-------- c:\program files\Panda Security

2009-01-11 12:37 . 2009-01-23 12:49 <DIR> d-------- c:\program files\SkanerOnline

2009-01-11 11:30 . 2004-08-12 14:31 142,976 --a--c--- c:\windows\system32\dllcache\usbport.sys

2009-01-10 13:07 . 2009-01-16 10:20 <DIR> d-------- C:\PacSteamT

2009-01-09 18:25 . 2009-01-12 15:41 174 --a------ c:\windows\wcx_ftp.ini

2009-01-09 17:19 . 2009-01-09 17:19 <DIR> d-------- C:\totalcmd

2009-01-09 17:19 . 2009-01-12 15:43 807 --a------ c:\windows\wincmd.ini

2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF

2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF

2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF

2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF

2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF

2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF

2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF

2009-01-03 21:46 . 2009-01-03 21:46 <DIR> d-------- c:\program files\Media Player Classic

2009-01-03 21:39 . 2009-01-03 21:39 <DIR> d-------- c:\documents and settings\windows\Application Data\Media Player Classic

2008-12-29 08:39 . 2008-12-29 08:39 <DIR> d-------- c:\documents and settings\windows\DoctorWeb

2008-12-28 15:54 . 2008-12-29 08:23 67,645 --a------ c:\windows\system32\drivers\pshook11.sys

2008-12-28 15:52 . 2008-12-28 15:54 <DIR> d-------- c:\program files\Spyware Nuker 2004

2008-12-28 12:20 . 2008-12-28 12:20 <DIR> d-------- c:\program files\Common Files\PC Tools

2008-12-24 13:21 . 2004-01-11 23:00 348,160 --a------ c:\windows\system32\msvcr71.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-23 10:24 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-01-23 09:21 --------- d-----w c:\program files\Valve

2009-01-23 09:20 --------- d-----w c:\documents and settings\windows\Application Data\mIRC

2009-01-23 08:04 --------- d-----w c:\program files\BearShare

2009-01-23 08:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-22 17:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-20 16:08 --------- d-----w c:\documents and settings\windows\Application Data\uTorrent

2009-01-20 14:05 --------- d-----w c:\program files\NAPI-PROJEKT

2009-01-20 11:59 --------- d-----w c:\program files\Gadu-Gadu

2009-01-18 21:43 --------- d-----w c:\documents and settings\windows\Application Data\Skype

2009-01-18 20:45 --------- d-----w c:\documents and settings\windows\Application Data\skypePM

2009-01-08 16:47 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-03 20:46 --------- d-----w c:\program files\Real Alternative

2008-12-31 15:20 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-12-31 15:20 249,856 ------w c:\windows\Setup1.exe

2008-12-28 09:28 --------- d-----w c:\program files\DevaluateVR

2008-12-28 09:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-28 09:24 --------- d-----w c:\program files\Counter 47

2008-12-28 09:18 --------- d-----w c:\program files\ACE Mega CoDecS Pack

2008-12-28 09:13 --------- d-----w c:\program files\TweakNow RegCleaner Std

2008-12-19 19:58 --------- d-----w c:\program files\Skype

2008-12-19 19:58 --------- d-----w c:\program files\Common Files\Skype

2008-12-19 19:58 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2008-12-07 18:32 --------- d-----w c:\program files\GRETECH

2008-12-03 12:51 --------- d-----w c:\documents and settings\windows\Application Data\teamspeak2

2008-11-29 17:58 --------- d-----w c:\program files\ATI Technologies

2008-08-03 15:40 0 ----a-w c:\program files\AstonWriteTest.txt

2004-03-11 11:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-22_21.05.36.65 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-20 07:59:42 5,120 ----a-r c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe

+ 2009-01-23 08:56:59 5,120 ----a-r c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe

- 2004-08-12 13:23:17 2,804,224 ----a-w c:\windows\system32\dllcache\msi.dll

+ 2005-05-04 13:45:32 2,890,240 -c--a-w c:\windows\system32\dllcache\msi.dll

- 2004-08-12 13:23:18 77,312 ----a-w c:\windows\system32\dllcache\msiexec.exe

+ 2005-05-04 13:45:36 78,848 -c--a-w c:\windows\system32\dllcache\msiexec.exe

- 2004-08-12 13:23:19 331,264 ----a-w c:\windows\system32\dllcache\msihnd.dll

+ 2005-05-04 13:45:36 271,360 -c--a-w c:\windows\system32\dllcache\msihnd.dll

- 2004-08-12 13:23:19 884,736 ----a-w c:\windows\system32\dllcache\msimsg.dll

+ 2005-05-04 13:45:36 884,736 -c--a-w c:\windows\system32\dllcache\msimsg.dll

- 2004-08-12 13:23:21 44,032 ----a-w c:\windows\system32\dllcache\msisip.dll

+ 2005-05-04 13:45:36 15,360 -c--a-w c:\windows\system32\dllcache\msisip.dll

- 2009-01-19 18:25:02 103,032 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-01-23 12:13:39 99,848 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2004-08-12 13:23:17 2,804,224 ----a-w c:\windows\system32\msi.dll

+ 2005-05-04 13:45:32 2,890,240 ----a-w c:\windows\system32\msi.dll

- 2004-08-12 13:23:18 77,312 ----a-w c:\windows\system32\msiexec.exe

+ 2005-05-04 13:45:36 78,848 ----a-w c:\windows\system32\msiexec.exe

- 2004-08-12 13:23:19 331,264 ----a-w c:\windows\system32\msihnd.dll

+ 2005-05-04 13:45:36 271,360 ----a-w c:\windows\system32\msihnd.dll

- 2004-08-12 13:23:19 884,736 ----a-w c:\windows\system32\msimsg.dll

+ 2005-05-04 13:45:36 884,736 ----a-w c:\windows\system32\msimsg.dll

- 2004-08-12 13:23:21 44,032 ----a-w c:\windows\system32\msisip.dll

+ 2005-05-04 13:45:36 15,360 ----a-w c:\windows\system32\msisip.dll

- 2008-11-15 10:15:31 68,344 ----a-w c:\windows\system32\perfc009.dat

+ 2009-01-23 11:51:31 60,564 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-15 10:15:31 433,832 ----a-w c:\windows\system32\perfh009.dat

+ 2009-01-23 11:51:31 398,536 ----a-w c:\windows\system32\perfh009.dat

+ 2009-01-23 16:16:07 16,384 ----atw c:\windows\temp\Perflib_Perfdata_624.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domy�lne, prawidłowe wpisy nie sš pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegedit"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeAnimation"= 0 (0x0)

"NoStrCmpLogical"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 0 (0x0)

"NoStrCmpLogical"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2004-09-07 14:25 1400944 c:\program files\Ahead\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-08-04 09:06 1667584 c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-12-08 16:35 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-07-09 22:33 36352 c:\program files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"330:TCP"= 330:TCP:t

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

S0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\Drivers\AFPAnsi.sys --> c:\windows\system32\Drivers\AFPAnsi.sys [?]

S3 MSXXX1;MSXXX1;c:\documents and settings\windows\Desktop\smiecie\bi0sBase\IfnNfiH.sys [2008-12-18 7552]

.

Zawarto�ć folderu 'Zaplanowane zadania'

 

2009-01-16 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

 

2009-01-21 c:\windows\Tasks\At1.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At10.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At11.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At12.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At13.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At14.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At15.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At16.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-22 c:\windows\Tasks\At17.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At18.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At19.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At2.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-22 c:\windows\Tasks\At20.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-22 c:\windows\Tasks\At21.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At22.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-22 c:\windows\Tasks\At23.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At24.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At25.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At26.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At27.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At28.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At29.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At3.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At30.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At31.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At32.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At33.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At34.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At35.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At36.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At37.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At38.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At39.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At4.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At40.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-22 c:\windows\Tasks\At41.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At42.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At43.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-22 c:\windows\Tasks\At44.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-22 c:\windows\Tasks\At45.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At46.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-22 c:\windows\Tasks\At47.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At48.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At5.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At6.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At7.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-21 c:\windows\Tasks\At8.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

 

2009-01-23 c:\windows\Tasks\At9.job

- c:\windows\system32\Gj653UwE.exe [2009-01-21 11:21]

.

- - - - USUNIĘTO PUSTE WPISY - - - -

 

MSConfigStartUp-lvatogologiw - c:\windows\Inexu.dll

 

 

.

------- Skan uzupełniajšcy -------

.

uStart Page = hxxp://google.bearshare.com/pl

DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devaluatevr.com/instalacion/plugin/devaluatevrplugin.php

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\windows\Application Data\Mozilla\Firefox\Profiles\tdwtydbn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

.

.

------- Skojarzenia plików -------

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-23 17:16:54

Windows 5.1.2600 Service Pack 2 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomy�lnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

 

[HKEY_USERS\S-1-5-21-842925246-813497703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58140C19-A288-E7F0-B70A-BCC7EDCD75B4}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"hajbgffhboneaaif"=hex:61,61,00,00

"jajbgffhboneaaifhibh"=hex:63,61,6b,68,6f,68,00,01

"pabddlojnpoffcdhcejiaeojnapjledm"=hex:64,61,67,6a,63,66,61,6f,00,f8

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Ahead\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2009-01-23 17:21:26 - komputer został uruchomiony ponownie [windows]

ComboFix-quarantined-files.txt 2009-01-23 16:21:21

ComboFix2.txt 2009-01-22 20:07:11

ComboFix3.txt 2008-12-26 18:41:04

ComboFix4.txt 2008-12-25 16:43:28

ComboFix5.txt 2009-01-23 12:06:06

 

Przed: 3,048,185,856 bytes free

Po: 3,095,707,648 bytes free

 

Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=,1,2,3

332 --- E O F --- 2008-12-19 13:04:02

"]KLIK

 

 

jezeli bylo by cos do sfixowania prosil bym o dokladny opis poniewaz jestem w tym ciemny.

Edytowane 23 Stycznia 2009 przez Kolobos

[Kolobos]

Wpisz w Start->Uruchom: cmd i tam:

del /q /f c:\windows\Tasks\At*.job

 

Utworz na pulpicie plik CFscirpt.txt, wklej do niego:

 

File::

c:\windows\system32\Gj653UwE.exe

c:\documents and settings\All Users\Application Data\FreeApp.exe

c:\documents and settings\windows\Desktop\smiecie\bi0sBase\IfnNfiH.sys

c:\windows\system32\drivers\pshook11.sys

 

Folder::

c:\program files\Spyware Nuker 2004

c:\documents and settings\windows\Application Data\VirusRemover2008

 

Driver::

MSXXX1

 

DDS::

uStart Page = hxxp://google.bearshare.com/pl

 

REGLOCK::

[HKEY_USERS\S-1-5-21-842925246-813497703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58140C19-A288-E7F0-B70A-BCC7EDCD75B4}]

 

Zapisz i przeciagnij go na ikone combofix.exe, po wykonaniu daj log, ktory sie utworzy.

[emolans]

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix 09-01-21.02 - windows 2009-01-24 10:50:24.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.341 [GMT 1:00

Uruchomiony z: c:\documents and settings\windows\Desktop\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\windows\Desktop\CFScript.txt
AV: iolo AntiVirus® *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania

FILE ::
c:\documents and settings\All Users\Application Data\FreeApp.exe
c:\documents and settings\windows\Desktop\smiecie\bi0sBase\IfnNfiH.sys
c:\windows\system32\drivers\pshook11.sys
c:\windows\system32\Gj653UwE.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\FreeApp.exe
c:\documents and settings\windows\Application Data\VirusRemover2008
c:\documents and settings\windows\Desktop\smiecie\bi0sBase\IfnNfiH.sys
c:\program files\Spyware Nuker 2004
c:\program files\Spyware Nuker 2004\au040909.exe
c:\windows\system32\drivers\pshook11.sys
c:\windows\system32\Gj653UwE.exe

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSXXX1
-------\Service_MSXXX1


((((((((((((((((((((((((( Pliki utworzone od 2008-12-24 do 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-22 21:19 . 2009-01-22 21:19 432 --a------ c:\windows\system32\iolo.ini
2009-01-22 21:15 . 2008-11-12 16:05 118,784 --a------ c:\windows\system32\iavlsp.dll
2009-01-21 12:15 . 2009-01-21 12:15 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-01-21 12:14 . 2009-01-21 12:14 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2009-01-21 12:13 . 2009-01-22 13:27 <DIR> d-------- c:\documents and settings\windows\Application Data\iolo
2009-01-21 12:13 . 2009-01-22 21:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-01-20 12:45 . 2009-01-20 12:46 <DIR> d-------- c:\program files\Xvid
2009-01-20 12:45 . 2007-06-28 18:52 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-01-20 12:45 . 2007-06-28 18:54 180,224 --a------ c:\windows\system32\xvidvfw.dll
2009-01-20 12:45 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax
2009-01-19 21:42 . 2009-01-19 21:42 <DIR> d-------- c:\windows\Sun
2009-01-19 14:23 . 2009-01-19 14:23 <DIR> d-------- c:\program files\CCleaner
2009-01-19 14:04 . 2005-12-14 22:16 237,568 --a------ c:\windows\system32\mcstabs.ocx
2009-01-19 14:04 . 2000-05-22 17:58 115,920 --a------ c:\windows\system32\msinet.ocx
2009-01-19 14:04 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2009-01-19 12:06 . 2009-01-19 12:05 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-18 22:43 . 2009-01-18 22:43 <DIR> d-------- c:\documents and settings\windows\Application Data\Thinstall
2009-01-14 16:32 . 2009-01-19 12:42 79 --a------ c:\windows\xptools.ini
2009-01-14 16:15 . 2009-01-14 16:15 259,584 --a------ c:\windows\system32\xtbaksm.dat
2009-01-14 16:15 . 2009-01-14 16:15 510 --a------ c:\windows\system32\xtupdate.zip
2009-01-14 16:15 . 2009-01-14 16:15 510 --a------ c:\windows\system32\xtupdate.dat
2009-01-14 15:00 . 2009-01-23 09:56 <DIR> d-------- c:\program files\mIRC
2009-01-11 16:50 . 2009-01-23 12:49 <DIR> d-------- c:\program files\Panda Security
2009-01-11 11:30 . 2004-08-12 14:31 142,976 --a--c--- c:\windows\system32\dllcache\usbport.sys
2009-01-10 13:07 . 2009-01-16 10:20 <DIR> d-------- C:\PacSteamT
2009-01-09 18:25 . 2009-01-12 15:41 174 --a------ c:\windows\wcx_ftp.ini
2009-01-09 17:19 . 2009-01-09 17:19 <DIR> d-------- C:\totalcmd
2009-01-09 17:19 . 2009-01-12 15:43 807 --a------ c:\windows\wincmd.ini
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2009-01-03 21:46 . 2009-01-03 21:46 <DIR> d-------- c:\program files\Media Player Classic
2009-01-03 21:39 . 2009-01-03 21:39 <DIR> d-------- c:\documents and settings\windows\Application Data\Media Player Classic
2008-12-29 08:39 . 2008-12-29 08:39 <DIR> d-------- c:\documents and settings\windows\DoctorWeb
2008-12-28 12:20 . 2008-12-28 12:20 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-12-24 13:21 . 2004-01-11 23:00 348,160 --a------ c:\windows\system32\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 10:24 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-23 09:21 --------- d-----w c:\program files\Valve
2009-01-23 09:20 --------- d-----w c:\documents and settings\windows\Application Data\mIRC
2009-01-23 08:04 --------- d-----w c:\program files\BearShare
2009-01-23 08:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-22 17:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-20 16:08 --------- d-----w c:\documents and settings\windows\Application Data\uTorrent
2009-01-20 14:05 --------- d-----w c:\program files\NAPI-PROJEKT
2009-01-20 11:59 --------- d-----w c:\program files\Gadu-Gadu
2009-01-18 21:43 --------- d-----w c:\documents and settings\windows\Application Data\Skype
2009-01-18 20:45 --------- d-----w c:\documents and settings\windows\Application Data\skypePM
2009-01-08 16:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-03 20:46 --------- d-----w c:\program files\Real Alternative
2008-12-31 15:20 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-12-31 15:20 249,856 ------w c:\windows\Setup1.exe
2008-12-28 09:28 --------- d-----w c:\program files\DevaluateVR
2008-12-28 09:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-28 09:24 --------- d-----w c:\program files\Counter 47
2008-12-28 09:18 --------- d-----w c:\program files\ACE Mega CoDecS Pack
2008-12-28 09:13 --------- d-----w c:\program files\TweakNow RegCleaner Std
2008-12-19 19:58 --------- d-----w c:\program files\Skype
2008-12-19 19:58 --------- d-----w c:\program files\Common Files\Skype
2008-12-19 19:58 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-07 18:32 --------- d-----w c:\program files\GRETECH
2008-12-03 12:51 --------- d-----w c:\documents and settings\windows\Application Data\teamspeak2
2008-11-29 17:58 --------- d-----w c:\program files\ATI Technologies
2008-08-03 15:40 0 ----a-w c:\program files\AstonWriteTest.txt
2004-03-11 11:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-22_21.05.36.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-20 07:59:42 5,120 ----a-r c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2009-01-23 08:56:59 5,120 ----a-r c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2004-08-12 13:23:17 2,804,224 ----a-w c:\windows\system32\dllcache\msi.dll
+ 2005-05-04 13:45:32 2,890,240 -c--a-w c:\windows\system32\dllcache\msi.dll
- 2004-08-12 13:23:18 77,312 ----a-w c:\windows\system32\dllcache\msiexec.exe
+ 2005-05-04 13:45:36 78,848 -c--a-w c:\windows\system32\dllcache\msiexec.exe
- 2004-08-12 13:23:19 331,264 ----a-w c:\windows\system32\dllcache\msihnd.dll
+ 2005-05-04 13:45:36 271,360 -c--a-w c:\windows\system32\dllcache\msihnd.dll
- 2004-08-12 13:23:19 884,736 ----a-w c:\windows\system32\dllcache\msimsg.dll
+ 2005-05-04 13:45:36 884,736 -c--a-w c:\windows\system32\dllcache\msimsg.dll
- 2004-08-12 13:23:21 44,032 ----a-w c:\windows\system32\dllcache\msisip.dll
+ 2005-05-04 13:45:36 15,360 -c--a-w c:\windows\system32\dllcache\msisip.dll
- 2009-01-19 18:25:02 103,032 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-23 12:13:39 99,848 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-12 13:23:17 2,804,224 ----a-w c:\windows\system32\msi.dll
+ 2005-05-04 13:45:32 2,890,240 ----a-w c:\windows\system32\msi.dll
- 2004-08-12 13:23:18 77,312 ----a-w c:\windows\system32\msiexec.exe
+ 2005-05-04 13:45:36 78,848 ----a-w c:\windows\system32\msiexec.exe
- 2004-08-12 13:23:19 331,264 ----a-w c:\windows\system32\msihnd.dll
+ 2005-05-04 13:45:36 271,360 ----a-w c:\windows\system32\msihnd.dll
- 2004-08-12 13:23:19 884,736 ----a-w c:\windows\system32\msimsg.dll
+ 2005-05-04 13:45:36 884,736 ----a-w c:\windows\system32\msimsg.dll
- 2004-08-12 13:23:21 44,032 ----a-w c:\windows\system32\msisip.dll
+ 2005-05-04 13:45:36 15,360 ----a-w c:\windows\system32\msisip.dll
- 2008-11-15 10:15:31 68,344 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-23 11:51:31 60,564 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-15 10:15:31 433,832 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-23 11:51:31 398,536 ----a-w c:\windows\system32\perfh009.dat
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-09-07 14:25 1400944 c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 09:06 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 16:35 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 22:33 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"330:TCP"= 330:TCP:t
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\Drivers\AFPAnsi.sys --> c:\windows\system32\Drivers\AFPAnsi.sys [?]
.
Zawartość folderu 'Zaplanowane zadania'

2009-01-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
.
------- Skan uzupełniający -------
.
DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devaluatevr.com/instalacion/plugin/devaluatevrplugin.php
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\windows\Application Data\Mozilla\Firefox\Profiles\tdwtydbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 10:55:48
Windows 5.1.2600 Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-842925246-813497703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58140C19-A288-E7F0-B70A-BCC7EDCD75B4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hajbgffhboneaaif"=hex:61,61,00,00
"jajbgffhboneaaifhibh"=hex:63,61,6b,68,6f,68,00,01
"pabddlojnpoffcdhcejiaeojnapjledm"=hex:64,61,67,6a,63,66,61,6f,00,f8
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-24 11:00:13 - komputer został uruchomiony ponownie [windows]
ComboFix-quarantined-files.txt 2009-01-24 10:00:11
ComboFix2.txt 2009-01-22 20:07:11
ComboFix3.txt 2008-12-26 18:41:04
ComboFix4.txt 2008-12-25 16:43:28
ComboFix5.txt 2009-01-23 12:06:06

Przed: 3 120 451 584 bytes free
Po: 3,101,564,928 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=,1,2,3
230 --- E O F --- 2008-12-19 13:04:02
"]KLIK

[Kolobos]

Nowy CFScript.txt:

 

Driver::

AFPAnsi

 

File::

c:\windows\Tasks\1-Click Maintenance.job

 

Reglock::

[HKEY_USERS\S-1-5-21-842925246-813497703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58140C19-A288-E7F0-B70A-BCC7EDCD75B4}*]

 

Registry::

[-HKEY_USERS\S-1-5-21-842925246-813497703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58140C19-A288-E7F0-B70A-BCC7EDCD75B4}*]

 

Po wykonaniu daj log.

Edytowane 23 Stycznia 2009 przez Kolobos

[emolans]

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix 09-01-21.02 - windows 2009-01-24 12:15:33.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.315 [GMT 1:00

Uruchomiony z: c:\documents and settings\windows\Desktop\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\windows\Desktop\CFScript.txt
AV: iolo AntiVirus® *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania

FILE ::
c:\windows\Tasks\1-Click Maintenance.job
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\1-Click Maintenance.job

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFPANSI
-------\Service_AFPAnsi


((((((((((((((((((((((((( Pliki utworzone od 2008-12-24 do 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-22 21:19 . 2009-01-22 21:19 432 --a------ c:\windows\system32\iolo.ini
2009-01-22 21:15 . 2008-11-12 16:05 118,784 --a------ c:\windows\system32\iavlsp.dll
2009-01-21 12:15 . 2009-01-21 12:15 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-01-21 12:14 . 2009-01-21 12:14 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2009-01-21 12:13 . 2009-01-22 13:27 <DIR> d-------- c:\documents and settings\windows\Application Data\iolo
2009-01-21 12:13 . 2009-01-22 21:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-01-20 12:45 . 2009-01-20 12:46 <DIR> d-------- c:\program files\Xvid
2009-01-20 12:45 . 2007-06-28 18:52 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-01-20 12:45 . 2007-06-28 18:54 180,224 --a------ c:\windows\system32\xvidvfw.dll
2009-01-20 12:45 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax
2009-01-19 21:42 . 2009-01-19 21:42 <DIR> d-------- c:\windows\Sun
2009-01-19 14:23 . 2009-01-19 14:23 <DIR> d-------- c:\program files\CCleaner
2009-01-19 14:04 . 2005-12-14 22:16 237,568 --a------ c:\windows\system32\mcstabs.ocx
2009-01-19 14:04 . 2000-05-22 17:58 115,920 --a------ c:\windows\system32\msinet.ocx
2009-01-19 14:04 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2009-01-19 12:06 . 2009-01-19 12:05 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-18 22:43 . 2009-01-18 22:43 <DIR> d-------- c:\documents and settings\windows\Application Data\Thinstall
2009-01-14 16:32 . 2009-01-19 12:42 79 --a------ c:\windows\xptools.ini
2009-01-14 16:15 . 2009-01-14 16:15 259,584 --a------ c:\windows\system32\xtbaksm.dat
2009-01-14 16:15 . 2009-01-14 16:15 510 --a------ c:\windows\system32\xtupdate.zip
2009-01-14 16:15 . 2009-01-14 16:15 510 --a------ c:\windows\system32\xtupdate.dat
2009-01-14 15:00 . 2009-01-24 11:09 <DIR> d-------- c:\program files\mIRC
2009-01-11 16:50 . 2009-01-23 12:49 <DIR> d-------- c:\program files\Panda Security
2009-01-11 11:30 . 2004-08-12 14:31 142,976 --a--c--- c:\windows\system32\dllcache\usbport.sys
2009-01-10 13:07 . 2009-01-16 10:20 <DIR> d-------- C:\PacSteamT
2009-01-09 18:25 . 2009-01-12 15:41 174 --a------ c:\windows\wcx_ftp.ini
2009-01-09 17:19 . 2009-01-09 17:19 <DIR> d-------- C:\totalcmd
2009-01-09 17:19 . 2009-01-12 15:43 807 --a------ c:\windows\wincmd.ini
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2009-01-03 21:46 . 2009-01-03 21:46 <DIR> d-------- c:\program files\Media Player Classic
2009-01-03 21:39 . 2009-01-03 21:39 <DIR> d-------- c:\documents and settings\windows\Application Data\Media Player Classic
2008-12-29 08:39 . 2008-12-29 08:39 <DIR> d-------- c:\documents and settings\windows\DoctorWeb
2008-12-28 12:20 . 2008-12-28 12:20 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-12-24 13:21 . 2004-01-11 23:00 348,160 --a------ c:\windows\system32\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 10:28 --------- d-----w c:\documents and settings\windows\Application Data\mIRC
2009-01-23 10:24 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-23 09:21 --------- d-----w c:\program files\Valve
2009-01-23 08:04 --------- d-----w c:\program files\BearShare
2009-01-23 08:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-22 17:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-20 16:08 --------- d-----w c:\documents and settings\windows\Application Data\uTorrent
2009-01-20 14:05 --------- d-----w c:\program files\NAPI-PROJEKT
2009-01-20 11:59 --------- d-----w c:\program files\Gadu-Gadu
2009-01-18 21:43 --------- d-----w c:\documents and settings\windows\Application Data\Skype
2009-01-18 20:45 --------- d-----w c:\documents and settings\windows\Application Data\skypePM
2009-01-08 16:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-03 20:46 --------- d-----w c:\program files\Real Alternative
2008-12-31 15:20 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-12-31 15:20 249,856 ------w c:\windows\Setup1.exe
2008-12-28 09:28 --------- d-----w c:\program files\DevaluateVR
2008-12-28 09:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-28 09:24 --------- d-----w c:\program files\Counter 47
2008-12-28 09:18 --------- d-----w c:\program files\ACE Mega CoDecS Pack
2008-12-28 09:13 --------- d-----w c:\program files\TweakNow RegCleaner Std
2008-12-19 19:58 --------- d-----w c:\program files\Skype
2008-12-19 19:58 --------- d-----w c:\program files\Common Files\Skype
2008-12-19 19:58 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-07 18:32 --------- d-----w c:\program files\GRETECH
2008-12-03 12:51 --------- d-----w c:\documents and settings\windows\Application Data\teamspeak2
2008-11-29 17:58 --------- d-----w c:\program files\ATI Technologies
2008-08-03 15:40 0 ----a-w c:\program files\AstonWriteTest.txt
2004-03-11 11:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot_2009-01-24_10.59.14.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-23 08:56:59 5,120 ----a-r c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2009-01-24 10:06:35 5,120 ----a-r c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-09-07 14:25 1400944 c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 09:06 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 16:35 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 22:33 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"330:TCP"= 330:TCP:t
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

.
.
------- Skan uzupełniający -------
.
DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devaluatevr.com/instalacion/plugin/devaluatevrplugin.php
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\windows\Application Data\Mozilla\Firefox\Profiles\tdwtydbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 12:20:30
Windows 5.1.2600 Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-842925246-813497703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58140C19-A288-E7F0-B70A-BCC7EDCD75B4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hajbgffhboneaaif"=hex:61,61,00,00
"jajbgffhboneaaifhibh"=hex:63,61,6b,68,6f,68,00,01
"pabddlojnpoffcdhcejiaeojnapjledm"=hex:64,61,67,6a,63,66,61,6f,00,f8
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-24 12:25:10 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-01-24 11:25:08
ComboFix2.txt 2009-01-24 10:00:17
ComboFix3.txt 2009-01-22 20:07:11
ComboFix4.txt 2008-12-26 18:41:04
ComboFix5.txt 2009-01-24 11:14:47

Przed: 3 085 852 672 bytes free
Po: 3,071,778,816 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=,1,2,3
188 --- E O F --- 2008-12-19 13:04:02
"]KLIK

[Kolobos]

Ostatni juz CFScript.txt:

 

KillAll::

 

RegNull::

[HKEY_USERS\S-1-5-21-842925246-813497703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58140C19-A288-E7F0-B70A-BCC7EDCD75B4}*]

 

SkipFix::

 

Mam nadzieje, ze tym razem sie usunie ten klucz.

[emolans]

dzienx pomoglo : )