Cureit nic nie wykrył.
ComboFix 10-03-10.02 - una1 2010-03-10 19:56:42.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1014.640 [GMT 1:00]
Uruchomiony z: c:\documents and settings\una1\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((( Pliki utworzone od 2010-02-10 do 2010-03-10 )))))))))))))))))))))))))))))))
.
2010-12-10 21:03 . 2010-12-10 21:03 0 ----a-w- c:\windows\nsreg.dat
2010-12-10 21:03 . 2010-12-10 21:03 -------- d-----w- c:\documents and settings\una1\Ustawienia lokalne\Dane aplikacji\Mozilla
2010-12-10 21:02 . 2010-12-10 21:02 9035208 ----a-w- c:\program files\Firefox Setup 3.6.exe
2010-03-10 18:52 . 2010-03-10 18:52 -------- d-----w- C:\_arch
2010-03-08 17:43 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-03-08 17:43 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\dllcache\kmixer.sys
2010-03-06 14:03 . 2010-03-06 14:03 -------- d-----w- C:\9bb6de117c05024ea851da58
2010-03-05 06:56 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-05 06:56 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-05 06:55 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-03-03 19:46 . 2008-09-26 17:01 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-03-03 19:46 . 2008-09-26 17:01 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-03-03 19:46 . 2008-09-26 17:01 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-03-03 19:46 . 2008-09-26 17:00 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-03-03 19:46 . 2010-03-03 19:48 -------- d-----w- c:\program files\PLAY ONLINE
2010-03-03 19:43 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-03 19:43 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-16 12:33 . 2010-02-16 12:33 -------- d-sh--w- c:\documents and settings\abit\IECompatCache
2010-02-16 12:22 . 2010-02-16 12:22 -------- d-----w- c:\documents and settings\abit\Dane aplikacji\Intel
2010-02-16 12:17 . 2010-02-16 12:17 -------- d-----w- c:\documents and settings\abit\Ustawienia lokalne\Dane aplikacji\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-04 15:06 . 2008-04-20 18:44 129 ----a-w- c:\documents and settings\una1\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2010-03-10 19:05 . 2009-07-14 20:48 720 ----a-w- c:\documents and settings\All Users\Dane aplikacji\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-03-10 18:59 . 2007-11-25 14:57 547248 ----a-w- c:\windows\system32\perfh015.dat
2010-03-10 18:59 . 2007-11-25 14:57 106558 ----a-w- c:\windows\system32\perfc015.dat
2010-03-08 16:22 . 2010-03-06 14:00 20 ----a-w- c:\documents and settings\LocalService\Dane aplikacji\rbuwzv.dat
2010-03-06 20:19 . 2010-03-05 06:53 16 ----a-w- c:\windows\system32\config\systemprofile\Dane aplikacji\rbuwzv.dat
2010-03-05 07:15 . 2008-12-19 19:23 -------- d-----w- c:\program files\SPSS
2010-03-04 21:54 . 2010-03-04 21:54 161082434 ----a-w- c:\program files\Magda M.[02x05].rmvb
2010-03-02 21:28 . 2009-11-22 11:41 -------- d-----w- c:\program files\###www.WAREZDARK.com###
2010-02-27 22:19 . 2009-05-14 14:27 -------- d-----w- c:\program files\ALLPlayer
2010-02-12 15:03 . 2007-11-25 07:58 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-01-06 19:24 . 2007-11-25 08:05 70792 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-12-31 16:50 . 2007-11-25 14:59 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2007-11-25 14:59 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2007-11-25 14:59 345088 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2007-11-25 14:58 33280 ------w- c:\windows\system32\csrsrv.dll
2009-11-12 16:50 . 2009-11-12 16:50 1133558 ----a-w- c:\program files\setup_epidata_pl.exe
2009-11-02 21:57 . 2009-11-02 21:57 1359360 ----a-w- c:\program files\iview425_setup.exe
2009-07-12 19:20 . 2009-05-14 14:25 6260040 ----a-w- c:\program files\ALLPlayerPL.exe
2009-03-18 22:04 . 2009-03-18 22:04 61204 ----a-w- c:\program files\aukcjoner_net-0.6.exe
2009-01-11 13:18 . 2009-01-11 13:18 30304224 ----a-w- c:\program files\setuppol.exe
2009-01-03 19:58 . 2009-01-03 19:58 1751280 ----a-w- c:\program files\mirc635.exe
2008-04-13 14:54 . 2008-12-14 12:22 5968817 ------w- c:\program files\realalt175.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" PWRMGRTR " = " c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL " [2007-09-05 200704]
" BLOG " = " c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL " [2007-09-05 208896]
" TPFNF7 " = " c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe " [2007-04-09 58416]
" TrackPointSrv " = " tp4serv.exe " [2007-04-26 91184]
" TPHOTKEY " = " c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe " [2007-03-09 66176]
" TpShocks " = " TpShocks.exe " [2007-09-28 181544]
" IgfxTray " = " c:\windows\system32\igfxtray.exe " [2007-09-07 141848]
" HotKeysCmds " = " c:\windows\system32\hkcmd.exe " [2007-09-07 162328]
" Persistence " = " c:\windows\system32\igfxpers.exe " [2007-09-07 137752]
" AwaySch " = " c:\program files\Lenovo\AwayTask\AwaySch.EXE " [2006-11-07 91688]
" TVT Scheduler Proxy " = " c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe " [2007-02-08 536576]
" LPManager " = " c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe " [2007-04-26 120368]
" EZEJMNAP " = " c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe " [2007-03-28 243248]
" AMSG " = " c:\program files\ThinkVantage\AMSG\Amsg.exe " [2007-02-01 419376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2008-04-14 15360]
" DWQueuedReporting " = " c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " [2008-11-04 435096]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-25 50688]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
" NoStartMenuSubFolders " = 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-19 18:52 342848 ------w- c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-08-03 15:35 2630968 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-18 15:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-02-02 04:20 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 15:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 15:50 81920 ------w- c:\program files\Common Files\Installshield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:21 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ------w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2007-02-08 12:19 536576 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-12-01 10:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
" Nero BackItUp Scheduler 4.0 " =2 (0x2)
" LiveUpdate Notice Service " =2 (0x2)
" LiveUpdate Notice Ex " =2 (0x2)
" LiveUpdate " =3 (0x3)
" gusvc " =3 (0x3)
" Diskeeper " =2 (0x2)
" btwdins " =2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
" DisableMonitoring " =dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
" DisableMonitoring " =dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
" DisableMonitoring " =dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE " =
" c:\\Program Files\\DNA\\btdna.exe " =
" c:\\Program Files\\BitTorrent\\bittorrent.exe " =
" %windir%\\Network Diagnostic\\xpnetdiag.exe " =
" c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe " =
" c:\\Program Files\\CADAS\\QET\\JRE\\bin\\javaw.exe " =
" c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE " =
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-09-28 19504]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 569344]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2007-05-10 22832]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-05-22 30336]
.
.
------- Skan uzupe³niaj¹cy -------
.
uStart Page = hxxp://www.pajacyk.pl/
IE: & Przypomnij o aukcji - file://c:\documents and settings\una1\Dane aplikacji\Aukcjoner.net\reminder.htm
IE: & Upoluj aukcjê snajperem - file://c:\documents and settings\una1\Dane aplikacji\Aukcjoner.net\sniper.htm
IE: & Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E & ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Przyciski Aukcjoner.net...
IE: Sprawd/ & oceñ sprzedaj¹cego - file://c:\documents and settings\una1\Dane aplikacji\Aukcjoner.net\feedback.htm
IE: Wylij do urz¹dzenia & Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\una1\Dane aplikacji\Mozilla\Firefox\Profiles\clrkg71i.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX - SPOSÓB POSTÊPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.use_native_colors " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.use_native_popup_windows " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.enable_click_image_resizing " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " accessibility.browsewithcaret_shortcut.enabled " , true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " javascript.options.mem.high_water_mark " , 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " javascript.options.mem.gc_frequency " , 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.auth.force-generic-ntlm " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " svg.smil.enabled " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " ui.trackpoint_hack.enabled " , -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.debug " , false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.agedWeight " , 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.bucketSize " , 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.maxTimeGroupings " , 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.timeGroupingSize " , 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.boundaryWeight " , 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " browser.formfill.prefixWeight " , 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( " html5.enable " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " app.update.download.backgroundInterval " , 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " app.update.url.manual " , " http://www.firefox.com " );
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( " browser.search.param.yahoo-fr-ja " , " mozff " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name " , " chrome://browser/locale/browser.properties " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description " , " chrome://browser/locale/browser.properties " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " xpinstall.whitelist.add " , " addons.mozilla.org " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " xpinstall.whitelist.add.36 " , " getpersonas.com " );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " lightweightThemes.update.enabled " , true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.allTabs.previews " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " plugins.hide_infobar_for_outdated_plugin " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " plugins.update.notifyUser " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " toolbar.customization.usesheet " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.enable " , false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.max " , 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " browser.taskbar.previews.cachetime " , 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 20:06
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomylnie ukoñczone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1993501161-234542876-1892834021-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
" ?? " =hex:e4,8e,42,e3,ef,f9,2d,36,3b,11,86,98,04,a3,4c,f7,77,49,e9,5e,05,bb,16,
a9,19,15,2e,e6,2c,d4,fe,55,f4,9c,55,94,95,18,aa,76,ef,b8,42,33,3c,98,61,ee,\
" ?? " =hex:17,6d,18,83,b1,c8,cb,57,a5,d5,27,fc,cf,53,fd,cc
.
--------------------- Pliki DLL ³adowane pod uruchomionymi procesami ---------------------
- - - - - - - & gt; 'winlogon.exe'(1324)
c:\program files\Lenovo\HOTKEY\tphklock.dll
- - - - - - - & gt; 'Explorer.EXE'(3076)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozosta³e uruchomione procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\tp4serv.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
.
**************************************************************************
.
Czas ukoñczenia: 2010-03-10 20:11:16 - komputer zosta³ uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-03-10 19:11
Przed: 33 291 874 304 bajtów wolnych
Po: 33 231 859 712 bajtów wolnych
- - End Of File - - 96A14B2D79EBFF67D31F02749EA75163