sseb utworzono 11 maja 2009 utworzono 11 maja 2009 $this_var = "ComboFix 09-05-11.01 - Pan 2009-05-11 20:07.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3071.2573 [GMT 2:00]Uruchomiony z: c:\documents and settings\Pan\Pulpit\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated).((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\acovcnt.exec:\windows\system32\drivers\UACbpjduirj.sysc:\windows\system32\micr0st.dllc:\windows\system32\UACbevxvamr.dllc:\windows\system32\UACdyirjlkd.dllc:\windows\system32\uacinit.dllc:\windows\system32\UACkvvdlfto.dllc:\windows\system32\UAClotkylkb.logc:\windows\system32\UACrvmsrprt.datc:\windows\system32\UACtpdwyktl.logc:\windows\system32\UACuwkberql.logc:\windows\system32\UACwkakctql.dllc:\windows\system32\UACxltoqvsc.dll.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_UACd.sys((((((((((((((((((((((((( Pliki utworzone od 2009-04-11 do 2009-05-11 ))))))))))))))))))))))))))))))).2009-05-11 17:54 . 2009-05-11 17:55 -------- d-----w C:\Combo2009-05-10 13:38 . 2009-05-10 12:53 15688 ----a-w c:\windows\system32\lsdelete.exe2009-05-10 12:55 . 2009-05-10 12:55 -------- d-----w c:\documents and settings\LocalService\Pulpit2009-05-10 12:55 . 2009-05-10 12:55 -------- d-----w c:\documents and settings\LocalService\Dane aplikacji\Teleca2009-05-10 12:55 . 2009-05-10 12:55 -------- d-----w c:\documents and settings\LocalService\Dane aplikacji\Sony Ericsson2009-05-10 12:53 . 2009-05-10 12:53 64160 ----a-w c:\windows\system32\drivers\Lbd.sys2009-05-10 12:51 . 2009-05-10 12:59 -------- dc-h--w c:\documents and settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}2009-05-10 12:51 . 2009-05-10 12:51 -------- d-----w c:\program files\Lavasoft2009-05-10 12:51 . 2009-05-10 12:53 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft2009-04-30 15:16 . 2009-04-30 15:16 107888 ----a-w c:\windows\system32\CmdLineExt.dll2009-04-30 12:06 . 2009-05-10 12:29 -------- d-----w c:\program files\Spybot - Search & Destroy2009-04-30 12:06 . 2009-05-10 12:44 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-04-29 08:15 . 2009-05-08 08:39 11952 ----a-w c:\windows\system32\avgrsstx.dll2009-04-29 08:15 . 2009-05-08 08:39 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys2009-04-29 08:15 . 2009-05-08 08:39 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys2009-04-29 08:14 . 2009-05-11 16:11 -------- d-----w c:\windows\system32\drivers\Avg2009-04-29 08:14 . 2009-05-08 21:45 -------- d-----w c:\documents and settings\Pan\Dane aplikacji\AVGTOOLBAR2009-04-29 08:14 . 2009-04-29 08:14 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\avg82009-04-29 00:51 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys2009-04-29 00:51 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys2009-04-29 00:51 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys2009-04-29 00:51 . 2009-04-29 00:52 -------- d-----w c:\program files\Common Files\PC Tools2009-04-29 00:51 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys2009-04-29 00:51 . 2009-04-29 00:51 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Tools2009-04-29 00:51 . 2009-05-08 08:41 -------- d-----w c:\program files\Spyware Doctor2009-04-29 00:51 . 2009-04-29 00:51 -------- d-----w c:\documents and settings\Pan\Dane aplikacji\PC Tools2009-04-28 23:43 . 2009-04-28 23:43 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-01 08:18 . 2009-03-08 13:00 -------- d-----w c:\program files\NAPI-PROJEKT2009-04-29 00:42 . 2009-03-16 15:35 -------- d-----w c:\program files\Rockstar Games2009-04-29 00:42 . 2009-02-24 00:09 -------- d--h--w c:\program files\InstallShield Installation Information2009-04-29 00:10 . 2008-04-15 12:00 84612 ----a-w c:\windows\system32\perfc015.dat2009-04-29 00:10 . 2008-04-15 12:00 491782 ----a-w c:\windows\system32\perfh015.dat2009-04-28 23:57 . 2009-03-16 16:53 863896 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-04-11 10:12 . 2009-03-16 22:25 664 ----a-w c:\windows\system32\d3d9caps.dat2009-03-30 14:55 . 2009-03-30 14:55 -------- d-----w c:\program files\IrfanView2009-03-27 19:47 . 2009-02-24 09:28 -------- d-----w c:\program files\Gadu-Gadu2009-03-27 19:43 . 2009-03-27 19:32 -------- d-----w c:\program files\Nowe Gadu-Gadu2009-03-23 22:18 . 2009-02-24 01:04 23048 ----a-w c:\documents and settings\Pan\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-03-21 18:15 . 2009-03-21 18:16 410984 ----a-w c:\windows\system32\deploytk.dll2009-03-21 18:15 . 2009-03-21 18:15 -------- d-----w c:\program files\Java2009-03-20 23:45 . 2009-03-20 23:41 -------- d-----w c:\program files\Common Files\Teleca Shared2009-03-20 23:41 . 2009-03-20 23:41 -------- d-----w c:\program files\Common Files\Sony Ericsson Shared2009-03-20 23:41 . 2009-03-20 23:41 -------- d-----w c:\program files\Sony Ericsson2009-03-20 22:38 . 2009-03-20 22:38 -------- d-----w c:\program files\BearPaw 2448TA Pro2009-03-17 16:13 . 2009-03-17 16:13 -------- d-----w c:\program files\Lavalys2009-03-16 16:34 . 2009-03-16 16:15 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE2009-03-12 21:00 . 2009-02-24 00:05 -------- d-----w c:\program files\ASUS2009-03-06 14:22 . 2008-04-15 12:00 285696 ----a-w c:\windows\system32\pdh.dll2009-03-03 00:10 . 2008-04-15 12:00 826368 ----a-w c:\windows\system32\wininet.dll2009-02-25 20:36 . 2009-02-23 21:58 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-02-24 09:29 . 2009-02-24 09:29 56 ---ha-w c:\windows\system32\ezsidmv.dat2009-02-24 01:19 . 2009-02-24 01:19 319488 -c--a-w c:\windows\HideWin.exe2009-02-24 01:03 . 2009-02-24 01:03 0 -c--a-w c:\windows\ativpsrm.bin2009-02-23 21:58 . 2008-04-15 12:00 67 --sha-w c:\windows\Fonts\desktop.ini2009-02-23 21:56 . 2009-02-23 21:56 21856 ----a-w c:\windows\system32\emptyregdb.dat2009-02-20 17:13 . 2008-04-15 12:00 78336 ----a-w c:\windows\system32\ieencode.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]2007-06-01 16:08 143360 ----a-w c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 847872]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-02 8105984]"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-10-02 1368064]"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-10-02 1191936]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-03-31 266240]"Net4Switch"="c:\program files\ASUS\Net4Switch\Net4Switch.exe" [2007-11-20 1145400]"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-01-24 1208320]"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-01-15 851968]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 148888]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-10 516440]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-30 16864768][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]c:\documents and settings\Pan\Menu Start\Programy\Autostart\Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Aspwdflt]2008-04-19 22:11 1556480 ----a-w c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2009-05-08 08:39 11952 ----a-w c:\windows\system32\avgrsstx.dllHKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"wave5"= serwvdrv.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Opera\\opera.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"="c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"="c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="c:\\Program Files\\AVG\\AVG8\\avgemc.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-05-10 64160]R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-29 130424]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-04-29 325896]R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-04-29 108552]R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-29 908568]R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-29 298776]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 953168]S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2009-02-24 41656]S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-04-29 348752][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62d127c9-083e-11de-b692-002243a0cf10}]\Shell\AutoRun\command - f:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe\Shell\open\command - f:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe.Zawartość folderu 'Zaplanowane zadania'2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:53].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exeHKLM-Run-NWEReboot - (no file).------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000IE: Wyślij do interfejsu Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-11 20:15Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... C:\ADSM_PData_0150skanowanie pomyślnie ukończoneukryte pliki: 1**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-725345543-1078145449-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:e5,aa,bd,7c,90,ba,dd,b4,b8,39,50,62,b3,3f,9c,fa,75,e5,b6,91,fd,e6,fc, 6b,ab,61,af,b5,6d,e6,55,94,c6,6e,31,1e,6b,36,3b,1c,5d,8d,82,06,ab,6f,eb,f0,\"??"=hex:cc,e1,41,b7,44,bf,16,2d,46,d1,da,2d,9d,04,db,a2[HKEY_USERS\S-1-5-21-725345543-1078145449-1801674531-1004\Software\SecuROM\License information*]"datasecu"=hex:8e,40,65,74,6a,6d,13,0a,96,79,3d,18,42,56,04,98,a7,2d,0f,1c,b5, 0f,4b,83,e2,b4,d3,e8,8a,82,0f,74,0b,ad,88,16,99,c0,05,76,12,38,78,12,8e,ba,\"rkeysecu"=hex:06,a8,5f,96,47,e5,ed,5b,ef,50,c4,d2,d5,f4,0f,8a.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(956)c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dllc:\windows\system32\Ati2evxx.dllc:\windows\system32\netprovcredman.dll- - - - - - - > 'explorer.exe'(6364)c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dllc:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dllc:\windows\system32\btmmhook.dllc:\program files\Sony Ericsson\Mobile2\File Manager\FM.dllc:\windows\system32\MSVCR71.dllc:\program files\Common Files\Teleca Shared\tlib_log.dllc:\program files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dllc:\program files\Common Files\Teleca Shared\TC Device Mgmt.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\btncopy.dllc:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dllc:\program files\Nokia\Nokia PC Suite 6\PCSCM.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\ati2evxx.exec:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exec:\program files\Intel\WiFi\bin\S24EvMon.exec:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exec:\program files\ATKGFNEX\GFNEXSrv.exec:\windows\system32\ati2evxx.exec:\program files\Intel\WiFi\bin\EvtEng.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exec:\program files\AVG\AVG8\avgrsx.exec:\progra~1\AVG\AVG8\avgnsx.exec:\program files\AVG\AVG8\avgcsrvx.exec:\windows\system32\wbem\wmiapsrv.exec:\windows\system32\wbem\unsecapp.exec:\windows\system32\wscntfy.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exec:\windows\system32\ACEngSvr.exec:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXEc:\windows\system32\wbem\unsecapp.exec:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exec:\program files\OpenOffice.org 3\program\soffice.exec:\program files\OpenOffice.org 3\program\soffice.binc:\program files\Skype\Plugin Manager\skypePM.exec:\program files\Common Files\Teleca Shared\Generic.exec:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe.**************************************************************************.Czas ukończenia: 2009-05-11 20:19 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-05-11 18:19Przed: 6 630 195 200 bajtów wolnychPo: 7 362 224 128 bajtów wolnychWindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect261 --- E O F --- 2009-04-16 01:14";
Gość komentarz 11 maja 2009 komentarz 11 maja 2009 Wklej do Notatnika: File::C:\ADSM_PData_0150Folder::f:\systemRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"=-"MSMSGS"=-"PcSync"=-"Gadu-Gadu"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATKOSD2"=-"Wireless Console 2"=-"IntelZeroConfig"=-"IntelWireless"=-"StartCCC"=-"ADSMTray"=-"Net4Switch"=-"SMSERIAL"=-"Power_Gear"=-"PCSuiteTrayApplication"=-"DataLayer"=-"ACMON"=-"Sony Ericsson PC Suite"=-"SunJavaUpdateSched"=-"RTHDCPL"=-[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62d127c9-083e-11de-b692-002243a0cf10}] >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. .
sseb komentarz 11 maja 2009 Autor komentarz 11 maja 2009 Dzięki wielkie, wklejam co wyszło: $this_var = "ComboFix 09-05-11.01 - Pan 2009-05-12 0:11.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3071.2331 [GMT 2:00]Uruchomiony z: c:\documents and settings\Pan\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\Pan\Pulpit\CFScript.txt.txtAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)FILE ::C:\ADSM_PData_0150.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\acovcnt.exe.((((((((((((((((((((((((( Pliki utworzone od 2009-04-11 do 2009-05-11 ))))))))))))))))))))))))))))))).2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\documents and settings\Pan\Dane aplikacji\Malwarebytes2009-05-11 18:20 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys2009-05-11 18:20 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-05-11 18:20 . 2009-05-11 18:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware2009-05-11 17:54 . 2009-05-11 17:55 -------- d-----w C:\Combo2009-05-10 13:38 . 2009-05-10 12:53 15688 ----a-w c:\windows\system32\lsdelete.exe2009-05-10 12:55 . 2009-05-10 12:55 -------- d-----w c:\documents and settings\LocalService\Pulpit2009-05-10 12:55 . 2009-05-10 12:55 -------- d-----w c:\documents and settings\LocalService\Dane aplikacji\Teleca2009-05-10 12:55 . 2009-05-10 12:55 -------- d-----w c:\documents and settings\LocalService\Dane aplikacji\Sony Ericsson2009-05-10 12:53 . 2009-05-10 12:53 64160 ----a-w c:\windows\system32\drivers\Lbd.sys2009-05-10 12:51 . 2009-05-10 12:59 -------- dc-h--w c:\documents and settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}2009-05-10 12:51 . 2009-05-10 12:51 -------- d-----w c:\program files\Lavasoft2009-05-10 12:51 . 2009-05-10 12:53 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft2009-04-30 15:16 . 2009-04-30 15:16 107888 ----a-w c:\windows\system32\CmdLineExt.dll2009-04-30 12:06 . 2009-05-10 12:29 -------- d-----w c:\program files\Spybot - Search & Destroy2009-04-30 12:06 . 2009-05-10 12:44 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-04-29 08:15 . 2009-05-08 08:39 11952 ----a-w c:\windows\system32\avgrsstx.dll2009-04-29 08:15 . 2009-05-08 08:39 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys2009-04-29 08:15 . 2009-05-08 08:39 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys2009-04-29 08:14 . 2009-05-11 16:11 -------- d-----w c:\windows\system32\drivers\Avg2009-04-29 08:14 . 2009-05-08 21:45 -------- d-----w c:\documents and settings\Pan\Dane aplikacji\AVGTOOLBAR2009-04-29 08:14 . 2009-04-29 08:14 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\avg82009-04-29 00:51 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys2009-04-29 00:51 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys2009-04-29 00:51 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys2009-04-29 00:51 . 2009-04-29 00:52 -------- d-----w c:\program files\Common Files\PC Tools2009-04-29 00:51 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys2009-04-29 00:51 . 2009-04-29 00:51 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Tools2009-04-29 00:51 . 2009-05-08 08:41 -------- d-----w c:\program files\Spyware Doctor2009-04-29 00:51 . 2009-04-29 00:51 -------- d-----w c:\documents and settings\Pan\Dane aplikacji\PC Tools2009-04-28 23:43 . 2009-04-28 23:43 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-01 08:18 . 2009-03-08 13:00 -------- d-----w c:\program files\NAPI-PROJEKT2009-04-29 00:42 . 2009-03-16 15:35 -------- d-----w c:\program files\Rockstar Games2009-04-29 00:42 . 2009-02-24 00:09 -------- d--h--w c:\program files\InstallShield Installation Information2009-04-29 00:10 . 2008-04-15 12:00 84612 ----a-w c:\windows\system32\perfc015.dat2009-04-29 00:10 . 2008-04-15 12:00 491782 ----a-w c:\windows\system32\perfh015.dat2009-04-28 23:57 . 2009-03-16 16:53 863896 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-04-11 10:12 . 2009-03-16 22:25 664 ----a-w c:\windows\system32\d3d9caps.dat2009-03-30 14:55 . 2009-03-30 14:55 -------- d-----w c:\program files\IrfanView2009-03-27 19:47 . 2009-02-24 09:28 -------- d-----w c:\program files\Gadu-Gadu2009-03-27 19:43 . 2009-03-27 19:32 -------- d-----w c:\program files\Nowe Gadu-Gadu2009-03-23 22:18 . 2009-02-24 01:04 23048 ----a-w c:\documents and settings\Pan\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-03-21 18:15 . 2009-03-21 18:16 410984 ----a-w c:\windows\system32\deploytk.dll2009-03-21 18:15 . 2009-03-21 18:15 -------- d-----w c:\program files\Java2009-03-20 23:45 . 2009-03-20 23:41 -------- d-----w c:\program files\Common Files\Teleca Shared2009-03-20 23:41 . 2009-03-20 23:41 -------- d-----w c:\program files\Common Files\Sony Ericsson Shared2009-03-20 23:41 . 2009-03-20 23:41 -------- d-----w c:\program files\Sony Ericsson2009-03-20 22:38 . 2009-03-20 22:38 -------- d-----w c:\program files\BearPaw 2448TA Pro2009-03-17 16:13 . 2009-03-17 16:13 -------- d-----w c:\program files\Lavalys2009-03-16 16:34 . 2009-03-16 16:15 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE2009-03-06 14:22 . 2008-04-15 12:00 285696 ----a-w c:\windows\system32\pdh.dll2009-03-03 00:10 . 2008-04-15 12:00 826368 ----a-w c:\windows\system32\wininet.dll2009-02-25 20:36 . 2009-02-23 21:58 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-02-24 09:29 . 2009-02-24 09:29 56 ---ha-w c:\windows\system32\ezsidmv.dat2009-02-24 01:19 . 2009-02-24 01:19 319488 -c--a-w c:\windows\HideWin.exe2009-02-24 01:03 . 2009-02-24 01:03 0 -c--a-w c:\windows\ativpsrm.bin2009-02-23 21:58 . 2008-04-15 12:00 67 --sha-w c:\windows\Fonts\desktop.ini2009-02-23 21:56 . 2009-02-23 21:56 21856 ----a-w c:\windows\system32\emptyregdb.dat2009-02-20 17:13 . 2008-04-15 12:00 78336 ----a-w c:\windows\system32\ieencode.dll.((((((((((((((((((((((((((((( SnapShot@2009-05-11_18.16.03 ))))))))))))))))))))))))))))))))))))))))).+ 2009-05-11 21:42 . 2009-05-11 21:42 16384 c:\windows\Temp\Perflib_Perfdata_2d8.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]2007-06-01 16:08 143360 ----a-w c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-10 516440][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]c:\documents and settings\Pan\Menu Start\Programy\Autostart\Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Aspwdflt]2008-04-19 22:11 1556480 ----a-w c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2009-05-08 08:39 11952 ----a-w c:\windows\system32\avgrsstx.dllHKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"wave5"= serwvdrv.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Opera\\opera.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"="c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"="c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="c:\\Program Files\\AVG\\AVG8\\avgemc.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-05-10 64160]R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-29 130424]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-04-29 325896]R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-04-29 108552]R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-29 908568]R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-29 298776]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 953168]S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2009-02-24 41656]S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-04-29 348752].Zawartość folderu 'Zaplanowane zadania'2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:53]..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000IE: Wyślij do interfejsu Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-12 00:13Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... C:\ADSM_PData_0150skanowanie pomyślnie ukończoneukryte pliki: 1**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-725345543-1078145449-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:e5,aa,bd,7c,90,ba,dd,b4,b8,39,50,62,b3,3f,9c,fa,75,e5,b6,91,fd,e6,fc, 6b,ab,61,af,b5,6d,e6,55,94,c6,6e,31,1e,6b,36,3b,1c,5d,8d,82,06,ab,6f,eb,f0,\"??"=hex:cc,e1,41,b7,44,bf,16,2d,46,d1,da,2d,9d,04,db,a2[HKEY_USERS\S-1-5-21-725345543-1078145449-1801674531-1004\Software\SecuROM\License information*]"datasecu"=hex:8e,40,65,74,6a,6d,13,0a,96,79,3d,18,42,56,04,98,a7,2d,0f,1c,b5, 0f,4b,83,e2,b4,d3,e8,8a,82,0f,74,0b,ad,88,16,99,c0,05,76,12,38,78,12,8e,ba,\"rkeysecu"=hex:06,a8,5f,96,47,e5,ed,5b,ef,50,c4,d2,d5,f4,0f,8a.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(952)c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dllc:\windows\system32\Ati2evxx.dllc:\windows\system32\netprovcredman.dll.Czas ukończenia: 2009-05-11 0:14ComboFix-quarantined-files.txt 2009-05-11 22:14ComboFix2.txt 2009-05-11 18:19Przed: 7 344 398 336 bajtów wolnychPo: 7 334 432 768 bajtów wolnych181 --- E O F --- 2009-04-16 01:14";
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.