ComboFix.txt

Prawdopodobnie mam zainfekowany system ?

Nie mam się o co bać ze stracę rejestr albo jakieś programy przez przywracanie ?


ComboFix 09-05-09.05 - Hubert 2009-05-11 11:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3582.2811 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Hubert\Pulpit\ComboFix.exe
AV: F-Secure Anti-Virus Client Security 6.03 *On-access scanning disabled* (Updated)
FW: F-Secure Anti-Virus Client Security 6.03 *disabled*

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usuni?to )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Hubert\USTAWI~1\Temp\IadHide5.dll
c:\documents and settings\Hubert\Ustawienia lokalne\temp\IadHide5.dll

.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-11 do 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-07 20:36 . 2009-05-07 20:36 -------- d-----w c:\documents and settings\Hubert\Dane aplikacji\OpenFM
2009-05-03 19:42 . 2009-05-03 19:42 250370 ----a-w c:\documents and settings\Hubert\Dane aplikacji\firewall.exe
2009-05-03 19:36 . 2009-05-03 18:05 109058 ----a-w c:\windows\firewall.exe
2009-05-03 16:47 . 2009-05-11 10:03 -------- d-----w c:\program files\Steam
2009-05-03 14:42 . 2009-05-03 20:57 -------- d-----w c:\documents and settings\Hubert\Dane aplikacji\uTorrent
2009-05-03 13:59 . 2009-05-03 14:01 -------- d-----w c:\windows\NV46604248.TMP
2009-05-03 13:16 . 2008-03-09 05:25 236 ---ha-w c:\program files\Common Files\dx.reg
2009-05-03 13:16 . 2008-04-22 20:20 1584149 ----a-w c:\windows\system32\setupapinew.dll
2009-05-03 13:16 . 2008-05-04 15:42 789525 ----a-w c:\windows\system32\rpcrt4new.dll
2009-05-03 13:16 . 2007-04-18 00:13 25037 ----a-w c:\windows\system32\Nucleus.dll
2009-05-03 13:16 . 2006-11-02 10:47 1162656 ----a-w c:\windows\system32\ntdllnew.dll
2009-05-03 13:16 . 2004-12-08 15:57 376832 ----a-w c:\windows\system32\M2000Twn.dll
2009-05-03 13:16 . 2006-11-29 12:06 440080 ----a-w c:\windows\system32\d3dx10.dll
2009-05-03 13:16 . 2008-04-12 16:13 1029126 ----a-w c:\windows\system32\d3d10.dll
2009-05-03 13:09 . 2009-03-09 13:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-05-03 13:09 . 2009-03-09 13:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-05-03 13:09 . 2009-03-09 13:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-05-03 13:09 . 2009-03-16 12:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-05-03 13:09 . 2009-03-16 12:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-05-03 13:09 . 2009-03-16 12:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-05-03 13:09 . 2009-03-16 12:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-15 21:18 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:18 . 2009-03-06 14:22 285696 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 21:18 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 21:18 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:18 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:18 . 2009-02-09 10:53 686592 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 21:18 . 2009-02-09 10:53 731136 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:18 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 21:18 . 2009-02-09 10:53 722944 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 21:13 . 2008-04-21 21:16 218112 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 19:52 . 2009-04-14 20:39 -------- d-----w c:\program files\SopCast

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 10:01 . 2009-03-20 04:45 168664 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-05-11 08:43 . 2008-07-31 21:04 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-11 08:13 . 2009-01-18 18:51 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-10 22:29 . 2008-08-13 23:02 -------- d-----r c:\program files\Xfire
2009-05-10 20:28 . 2001-10-26 18:15 88954 ----a-w c:\windows\system32\perfc015.dat
2009-05-10 20:28 . 2001-10-26 18:15 500636 ----a-w c:\windows\system32\perfh015.dat
2009-05-07 20:23 . 2008-07-31 23:34 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-03 14:00 . 2008-07-31 22:04 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-03 14:00 . 2008-07-31 22:04 -------- d-----r c:\program files\AGEIA Technologies
2009-05-03 13:37 . 2008-09-28 10:40 -------- d-----w c:\program files\SystemRequirementsLab
2009-04-14 21:34 . 2008-07-31 20:04 -------- d-----r c:\program files\Nowe Gadu-Gadu
2009-04-14 11:22 . 2008-08-31 09:22 22328 ----a-w c:\documents and settings\Hubert\Dane aplikacji\PnkBstrK.sys
2009-03-31 20:11 . 2008-08-01 00:07 -------- d-----r c:\program files\Java
2009-03-28 12:15 . 2008-11-11 00:18 -------- d-----w c:\program files\Common Files\Nokia
2009-03-28 12:15 . 2008-11-03 15:09 -------- d-----r c:\program files\Nokia
2009-03-28 12:15 . 2008-11-17 20:49 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-27 06:14 . 2008-07-31 23:42 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-24 22:07 . 2009-03-24 22:07 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-24 02:06 . 2009-03-24 02:06 -------- d-----w c:\program files\Common Files\Inter Cars
2009-03-18 20:37 . 2008-07-31 23:30 76728 ----a-w c:\documents and settings\Hubert\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-03-18 20:36 . 2009-03-18 20:35 -------- d-----w c:\program files\HiYo
2009-03-16 15:03 . 2008-08-01 00:03 -------- d-----r c:\program files\Winamp
2009-03-14 01:16 . 2008-07-31 21:04 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-09 03:19 . 2008-12-05 10:27 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-04 00:44 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:10 . 2004-08-04 00:44 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 14:41 . 2009-01-22 22:52 682280 ----a-w c:\windows\system32\pbsvc.exe
2009-02-20 17:13 . 2004-08-04 00:44 78336 ----a-w c:\windows\system32\ieencode.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid?owe wpisy nie s? pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" ctfmon.exe " = " c:\windows\system32\ctfmon.exe " [2008-04-14 15360]
" MsnMsgr " = " c:\program files\Windows Live\Messenger\msnmsgr.exe " [2009-02-06 3885408]
" NVIDIA nTune " = " c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe " [2007-09-04 81920]
" DAEMON Tools Lite " = " c:\program files\DAEMON Tools Lite\daemon.exe " [2008-07-24 490952]
" Nowe Gadu-Gadu " = " c:\program files\Nowe Gadu-Gadu\gg.exe " [2009-04-20 9818728]
" RGSC " = " e:\gry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe " [2008-12-23 306088]
" Steam " = " c:\program files\Steam\Steam.exe " [2009-05-03 1410296]
" Generic system file " = " c:\windows\firewall.exe " [2009-05-03 109058]
" System generic file " = " c:\documents and settings\Hubert\Dane aplikacji\firewall.exe " [2009-05-03 250370]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" GEST " = " m‘|\ü " [X]
" NokiaMServer " = " c:\program files\Common Files\Nokia\MPlatform\NokiaMServer " [X]
" NvCplDaemon " = " c:\windows\system32\NvCpl.dll " [2009-03-27 13684736]
" NeroFilterCheck " = " c:\windows\system32\NeroCheck.exe " [2001-07-09 155648]
" F-Secure Manager " = " c:\program files\F-Secure\Common\FSM32.EXE " [2005-10-26 122929]
" F-Secure TNB " = " c:\program files\F-Secure\TNB\TNBUtil.exe " [2004-05-27 684032]
" Adobe Photo Downloader " = " c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe " [2005-06-06 57344]
" iConfigg " = " c:\program files\Icon7\iConfig for Gamers\hid.exe " [2008-03-25 266240]
" HP Software Update " = " c:\program files\HP\HP Software Update\HPWuSchd2.exe " [2007-10-14 49152]
" hpqSRMon " = " c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe " [2007-08-22 80896]
" sclauncher " = " c:\program files\SimpleCenter\bin\win\sclauncher.exe " [2007-01-30 94208]
" Adobe Reader Speed Launcher " = " c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe " [2009-02-27 35696]
" Hiyo " = " c:\program files\HiYo\bin\HiYo.exe " [2009-03-19 197936]
" SunJavaUpdateSched " = " c:\program files\Java\jre6\bin\jusched.exe " [2009-03-09 148888]
" NvMediaCenter " = " c:\windows\system32\NvMcTray.dll " [2009-03-27 86016]
" Generic system file " = " c:\windows\firewall.exe " [2009-05-03 109058]
" System generic file " = " c:\documents and settings\Hubert\Dane aplikacji\firewall.exe " [2009-05-03 250370]
" nwiz " = " nwiz.exe " - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
" RTHDCPL " = " RTHDCPL.EXE " - c:\windows\RTHDCPL.EXE [2008-07-31 16806912]
" SoundMan " = " SOUNDMAN.EXE " - c:\windows\SOUNDMAN.EXE [2008-06-18 77824]
" AlcWzrd " = " ALCWZRD.EXE " - c:\windows\ALCWZRD.EXE [2008-06-19 2808832]
" BluetoothAuthenticationAgent " = " bthprops.cpl " - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2008-04-14 15360]

c:\documents and settings\Hubert\Menu Start\Programy\Autostart\
Styler.lnk - c:\documents and settings\Hubert\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-1-27 15086]
Tworzenie wycink?w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-4-29 3145552]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-16 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-1-14 679936]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-7-31 950272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
" UIHost " = " %windir%\Resources\LogonUI\windows7\logonui.exe "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= " Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
" AntiVirusDisableNotify " =dword:00000001
" UpdatesDisableNotify " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE " =
" c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe " =
" %windir%\\Network Diagnostic\\xpnetdiag.exe " =
" e:\\Gry\\MOHA\\UnrealEngine3\\Binaries\\MOHA.exe " =
" c:\\Program Files\\Skype\\Phone\\Skype.exe " =
" c:\\WINDOWS\\system32\\PnkBstrA.exe " =
" c:\\WINDOWS\\system32\\PnkBstrB.exe " =
" e:\\Gry\\COD 4\\iw3mp.exe " =
" e:\\Gry\\GTA IV\\Rockstar Games Social Club\\RGSCLauncher.exe " =
" e:\\Gry\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe " =
" f:\\eMule\\emule.exe " =
" c:\\Program Files\\Xfire\\xfire.exe " =
" c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe " =
" c:\\Program Files\\SimpleCenter\\Home Media Server.exe " =
" c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe " =
" e:\\Gry\\COD 5\\CoDWaWmp.exe " =
" e:\\Gry\\COD 5\\CoDWaW.exe " =

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-07-31 70960]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\FSfilter.sys [2008-07-31 48816]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\win2k\fsgk.sys [2008-07-31 48256]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\FSrec.sys [2008-07-31 16720]
R3 Icon7Fltr;Icon7 Gaming Laser Mouse;c:\windows\system32\drivers\Icon7ms.sys [2009-01-12 10112]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-07-31 450560]
S2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2008-07-31 32807]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS -- & gt; c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87903481-5f3e-11dd-bb97-0060b35f7e7d}]
\Shell\AutoRun\command - I:\launcher.exe
.
.
------- Skan uzupe?niaj?cy -------
.
IE: & Block this popup - c:\program files\F-Secure\Anti-Spyware\blockpopups.htm
IE: E & ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Hubert\Dane aplikacji\Mozilla\Firefox\Profiles\s8kazoi3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 12:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyœlnie uko?czone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-583907252-179605362-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-583907252-179605362-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
" ?? " =hex:93,f3,e2,c6,7b,95,ce,a3,10,8a,fc,3b,64,c3,c3,d0,8e,86,29,ea,55,f5,28,
91,a2,d9,d8,17,f9,92,40,fd,83,09,a9,c6,43,f8,69,47,94,19,38,92,16,d8,e6,dd,\
" ?? " =hex:2b,3f,c9,09,20,08,bb,94,a0,65,4f,13,ad,de,41,68

[HKEY_USERS\S-1-5-21-583907252-179605362-839522115-1003\Software\SecuROM\License information*]
" datasecu " =hex:7b,aa,1b,ad,98,71,34,66,cb,88,46,d3,48,04,81,29,7c,a7,ed,ca,7a,
92,9c,2c,40,8a,23,09,8e,eb,45,f3,3a,2a,47,a9,41,9a,91,52,4c,50,b1,15,b4,b4,\
" rkeysecu " =hex:27,68,8b,5f,5e,61,04,05,77,2d,9b,91,1e,99,76,e4
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------

- - - - - - - & gt; 'lsass.exe'(996)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL

- - - - - - - & gt; 'explorer.exe'(5912)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozosta?e uruchomione procesy ------------------------
.
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Anti-Virus\fsgk32.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\common\FSMA32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\rundll32.exe
c:\program files\Icon7\iConfig for Gamers\Tray.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\F-Secure\common\FSLAUNCH.EXE
.
**************************************************************************
.
Czas uko?czenia: 2009-05-11 12:05 - komputer zosta? uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-05-11 10:05
ComboFix2.txt 2009-05-10 22:50

Przed: 14 485 336 064 bajtów wolnych
Po: 14 616 907 776 bajtów wolnych

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
248 --- E O F --- 2009-04-29 01:01


Pobierz plik - link do postu