Chwile temu zeskanowałem oto log :
ComboFix 10-01-21.08 - elektryk 2010-01-22 19:42:04.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1250.48.1045.18.1023.761 [GMT 1:00]
Uruchomiony z: c:\documents and settings\elektryk\Moje dokumenty\Pobieranie\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\elektryk\Dane aplikacji\Desktopicon
c:\documents and settings\elektryk\Dane aplikacji\Desktopicon\eBayShortcuts.exe
c:\windows\system32\ieuinit.inf
c:\windows\system32\qmgr.dll . . . jest zainfekowany!!
.
((((((((((((((((((((((((( Pliki utworzone od 2009-12-22 do 2010-01-22 )))))))))))))))))))))))))))))))
.
2010-01-19 21:02 . 2007-07-26 21:26 1097728 ----a-w- c:\windows\system32\vorbis.dll
2010-01-19 21:02 . 2007-07-26 21:26 974848 ----a-w- c:\windows\system32\vorbisenc.dll
2010-01-19 21:02 . 2007-07-26 21:24 24576 ----a-w- c:\windows\system32\ogg.dll
2010-01-19 21:02 . 2002-10-06 21:42 237568 ----a-w- c:\windows\system32\oggds.dll
2010-01-19 21:02 . 2002-07-31 10:28 239224 ----a-w- c:\windows\system32\unicows.dll
2010-01-19 21:02 . 2002-07-09 22:30 71680 ----a-w- c:\windows\system32\macdll.dll
2010-01-19 21:02 . 2010-01-19 21:02 -------- d-----w- c:\program files\i-Sound Pro
2010-01-19 20:59 . 2010-01-19 20:59 -------- d-----w- c:\program files\Wave Editor
2010-01-19 20:47 . 2010-01-19 20:47 -------- d-----w- c:\program files\Steinberg
2010-01-19 20:37 . 2010-01-19 20:37 -------- d-----w- c:\program files\wavelab
2010-01-19 10:38 . 2010-01-19 10:38 -------- d-----w- C:\FOUND.008
2010-01-18 18:14 . 2010-01-18 18:14 -------- d-----w- C:\FOUND.007
2010-01-18 17:55 . 2010-01-18 17:55 -------- d-----w- c:\program files\CCleaner
2010-01-18 17:19 . 2010-01-18 17:19 -------- d-----w- C:\FOUND.006
2010-01-18 14:47 . 2010-01-18 14:47 -------- d-----w- c:\program files\HDD Health
2010-01-18 14:18 . 2010-01-18 14:19 -------- d-----w- c:\documents and settings\stasiu\Dane aplikacji\Search Settings
2010-01-18 14:18 . 2010-01-18 14:18 -------- d-----w- c:\documents and settings\stasiu\Dane aplikacji\pdfforge
2010-01-16 18:24 . 2010-01-16 18:24 -------- d-----w- c:\documents and settings\kuba\Dane aplikacji\Search Settings
2010-01-16 18:24 . 2010-01-16 18:24 -------- d-----w- c:\documents and settings\kuba\Dane aplikacji\pdfforge
2010-01-16 16:19 . 2010-01-16 16:19 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\pdfMachine
2010-01-16 16:19 . 2010-01-16 16:19 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2010-01-16 16:19 . 2010-01-16 16:19 -------- d-----w- c:\documents and settings\elektryk\Ustawienia lokalne\Dane aplikacji\pdfMachine
2010-01-11 20:25 . 2010-01-11 20:25 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\IObit
2010-01-11 20:25 . 2010-01-11 20:25 -------- d-----w- c:\documents and settings\elektryk\Dane aplikacji\IObit
2010-01-11 20:25 . 2009-11-03 15:57 634640 ----a-w- c:\documents and settings\elektryk\Dane aplikacji\IObit\Common\TB_Helper.exe
2010-01-11 20:25 . 2009-10-21 18:01 52224 ----a-w- c:\documents and settings\elektryk\Dane aplikacji\Mozilla\Firefox\Profiles\iru41znw.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2010-01-11 20:25 . 2009-10-21 18:01 114688 ----a-w- c:\documents and settings\elektryk\Dane aplikacji\Mozilla\Firefox\Profiles\iru41znw.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\npmozax.dll
2010-01-11 20:25 . 2010-01-11 20:25 -------- d-----w- c:\program files\IObit
2010-01-11 20:17 . 2010-01-11 20:17 -------- d-----w- c:\program files\Advanced Spyware Remover
2010-01-10 16:06 . 2010-01-10 16:06 -------- d-----w- c:\documents and settings\elektryk\Ustawienia lokalne\Dane aplikacji\Help
2010-01-02 18:51 . 2010-01-02 18:51 -------- d-----w- c:\documents and settings\kuba\Dane aplikacji\vlc
2009-12-25 14:57 . 2009-12-25 14:57 -------- d-----w- C:\CM60S
2009-12-25 14:56 . 1998-07-30 13:47 363892 ----a-w- c:\windows\ISUN16.EXE
2009-12-25 14:56 . 1995-07-13 18:43 26768 ----a-w- c:\windows\system\CTL3D.DLL
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 10:20 . 2001-10-26 15:15 50748 ----a-w- c:\windows\system32\perfc015.dat
2010-01-16 10:20 . 2001-10-26 15:15 358702 ----a-w- c:\windows\system32\perfh015.dat
2009-11-24 23:54 . 2009-10-29 16:26 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-29 16:27 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-10-29 16:27 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-29 16:27 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-29 16:27 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-29 16:27 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-02 15:42 . 2009-11-02 15:42 5744 ----a-w- c:\windows\system32\drivers\k750wh.sys
2009-11-02 15:42 . 2009-11-02 15:42 6144 ----a-w- c:\windows\system32\drivers\k750cm.sys
2009-11-02 13:03 . 2009-11-02 13:02 44640 ----a-w- c:\documents and settings\elektryk\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-10-29 18:05 . 2009-10-29 18:05 0 ----a-w- c:\windows\nsreg.dat
2009-10-29 06:54 . 2009-10-29 06:54 80007 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-10-29 06:52 . 2009-10-29 06:52 21856 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" MSMSGS " = " c:\program files\Messenger\msmsgs.exe " [2001-08-02 1077277]
" NoAds " = " c:\program files\NoAds\NoAds.exe " [2009-10-29 151552]
" BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} " = " c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe " [2005-09-03 94208]
" NvMediaCenter " = " c:\windows\System32\NVMCTRAY.DLL " [2003-07-31 49152]
" HDDHealth " = " c:\program files\HDD Health\HDDHealth.exe " [2008-06-15 1692672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" SoundMan " = " SOUNDMAN.EXE " [2002-03-21 46592]
" avast! " = " c:\progra~1\ALWILS~1\Avast4\ashDisp.exe " [2009-11-24 81000]
" NeroFilterCheck " = " c:\windows\System32\NeroCheck.exe " [2001-07-09 155648]
" NvCplDaemon " = " c:\windows\System32\NvCpl.dll " [2003-07-31 4616192]
" nwiz " = " nwiz.exe " [2003-07-31 323584]
" Sony Ericsson PC Suite " = " c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe " [2005-10-26 159744]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\System32\CTFMON.EXE " [2001-10-26 13312]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-29 114768]
--- Inne Us³ugi/Sterowniki w Pamiêci ---
*NewlyCreated* - ALG
*NewlyCreated* - IPNAT
.
.
------- Skan uzupe³niaj¹cy -------
.
uStart Page = hxxp://www.google.pl/
IE: E & ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D0F0DF32-CA2B-4ED1-8561-235409B6C8C2} = 192.168.200.254,192.168.203.254
TCP: {F9899A27-88B7-4BB3-8E4B-F394C8021F5B} = 192.168.200.254,192.168.203.254
FF - ProfilePath - c:\documents and settings\elektryk\Dane aplikacji\Mozilla\Firefox\Profiles\iru41znw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137 & SearchSource=3 & q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Encyklopedia PWN
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137 & SearchSource=2 & q=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 19:46
Windows 5.1.2600 FAT NTAPI
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomylnie ukoñczone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1214440339-152049171-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B486F42-9F06-FBFE-0771-996BA40BEB81}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
" haiffpihjdclinpo " =hex:61,61,00,00
" haiffpihdaakmajj " =hex:61,61,00,00
" iamfmebfjdbmgnhofa " =hex:6b,61,6c,69,65,61,6c,6e,6b,6c,6a,68,67,66,68,6e,6c,68,
67,6d,6a,6f,00,00
" hagggeecfbdeplbe " =hex:6a,61,6c,69,64,61,67,6f,64,6b,67,6b,63,69,62,6a,70,70,
65,68,00,04
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1B486F42-9F06-FBFE-0771-996BA40BEB81}\InProcServer32*]
" iakfjhhdogabkfcfan " =hex:61,61,00,00
" iakfjhhdogcbeekkge " =hex:61,61,00,00
" jakffkobmcdmhcddmlae " =hex:6b,61,6c,69,65,61,6c,6e,6b,6c,6a,68,67,66,68,6e,6c,
68,67,6d,6a,6f,00,00
" iakfpghnpdlocnfjgj " =hex:6b,61,69,6a,62,61,62,65,64,68,61,62,6e,70,6a,65,6d,6b,
6d,69,6e,67,00,00
.
--------------------- Pliki DLL ³adowane pod uruchomionymi procesami ---------------------
- - - - - - - & gt; 'winlogon.exe'(708)
c:\windows\system32\ODBC32.dll
- - - - - - - & gt; 'lsass.exe'(764)
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
c:\windows\System32\dssenh.dll
.
------------------------ Pozosta³e uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SOUNDMAN.EXE
c:\windows\System32\RUNDLL32.EXE
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Czas ukoñczenia: 2010-01-22 19:48:03 - komputer zosta³ uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-01-22 18:48
Przed: 16 079 241 216 bajtów wolnych
Po: 16 112 582 656 bajtów wolnych
WinXP_PL_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= " Microsoft Windows Recovery Console " /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= " Microsoft Windows XP Professional " /fastdetect
- - End Of File - - E42E3B22D1AD4634AA8B50591D6B4735