Po combofixie nie mam polaczenia, przy kazdym resecie jest zmiana IP. Ręczne ustawienie niczego nie zmienia,nic nie daje też napraw.
Dane kompa: procesor AMD Athlon/m/XP 2500+, 1,84 GHz, 768 MB RAM, karta sieciowa Realtek RTL 8139. W załączniku przesyłam raport Combofixa.
ComboFix 09-06-20.04 - Maria 2009-06-21 21:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.767.425 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Maria\Pulpit\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezydentny antywirus jest aktywny
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\2868fda0.sys
c:\documents and settings\Maria\Dane aplikacji\wiaserva.log
c:\windows\system32\drivers\str.sys
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_2868fda0
((((((((((((((((((((((((( Pliki utworzone od 2009-05-21 do 2009-06-21 )))))))))))))))))))))))))))))))
.
2009-06-20 15:59 . 2009-06-20 15:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-20 05:36 . 2009-06-20 05:36 -------- d-----w- c:\program files\UndeleteMyFiles
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 19:20 . 2009-03-25 17:58 117760 ----a-w- c:\documents and settings\Maria\Dane aplikacji\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-21 18:22 . 2009-01-07 16:32 -------- d-----w- c:\documents and settings\Maria\Dane aplikacji\Skype
2009-06-21 17:04 . 2009-01-07 16:33 -------- d-----w- c:\documents and settings\Maria\Dane aplikacji\skypePM
2009-06-06 05:33 . 2008-01-26 14:43 90140 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-28 04:06 . 2009-03-25 17:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-21 14:43 . 2009-01-25 15:38 -------- d-----w- c:\program files\Spik
2009-05-17 10:01 . 2009-05-17 10:01 -------- d-----w- c:\program files\Babylon
2009-05-11 04:43 . 2009-05-11 04:43 -------- d-----w- c:\program files\The Learning Company
2009-05-10 19:27 . 2009-05-10 19:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage
2009-05-04 16:31 . 2009-05-04 16:30 -------- d-----w- c:\program files\Ares
2009-05-02 12:18 . 2006-09-07 19:19 -------- d-----w- c:\documents and settings\Maria\Dane aplikacji\OpenOffice.ux.pl2
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 13:16 . 2007-06-25 13:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-04-21 15:14 . 2009-04-21 15:13 8605552 ----a-w- c:\documents and settings\All Users\Dane aplikacji\ipla\update.exe
2009-04-13 16:08 . 2009-04-13 16:08 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-03-31 15:48 . 2009-03-31 15:48 152576 ----a-w- c:\documents and settings\Maria\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-30 04:40 . 2006-09-07 14:34 138176 ----a-w- c:\documents and settings\Maria\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-03-29 07:55 . 2001-10-26 16:15 75486 ----a-w- c:\windows\system32\perfc015.dat
2009-03-29 07:55 . 2001-10-26 16:15 451220 ----a-w- c:\windows\system32\perfh015.dat
2009-03-27 05:41 . 2009-03-27 05:41 10134 ----a-r- c:\documents and settings\Maria\Dane aplikacji\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
2007-06-07 11:21 . 2007-06-07 11:21 774144 ----a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2009-01-22 1470464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-03-29 258048]
"ares"="c:\program files\Ares\Ares.exe" [2008-12-13 882176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-28 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-10-31 921600]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2007-04-27 282624]
"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 65536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-01-09 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Maria\Menu Start\Programy\Autostart\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-3-27 390432]
rncsys32.V00Vexe [2009-6-9 0]
rncsys32.V01Vexe [2009-6-9 0]
rncsys32.V02Vexe [2009-6-9 0]
rncsys32.V03Vexe [2009-6-9 0]
rncsys32.V04Vexe [2009-6-9 0]
rncsys32.V05Vexe [2009-6-9 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Mawi_BDE_monitor.exe]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Mawi_BDE_monitor.exe
backup=c:\windows\pss\Mawi_BDE_monitor.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Maria^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.3.lnk]
path=c:\documents and settings\Maria\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.3.lnk
backup=c:\windows\pss\OpenOffice.ux.pl 2.0.3.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ESET\\nod32.exe"=
"c:\\Program Files\\ESET\\nod32kui.exe"=
"c:\\Program Files\\POP Peeper\\POPPeeper.exe"=
"c:\\Program Files\\123 Free Solitaire\\123FreeSolitaire.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spik\\Spik.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"42141:TCP"= 42141:TCP:AresChatServer
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-08 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.74\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.74\MediaManager\grab.html
LSP: c:\windows\system32\imon.dll
Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files\Spik\url_wpmsg.dll
DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} - hxxp://67.15.101.3/g_bin/pl/solitaire_2_0_0_27.cab
DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} - hxxp://67.15.101.3/g_bin/pl/roulette_2_0_0_26.cab
DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} - hxxp://67.15.101.3/g_bin/pl/slots90_2_0_0_34.cab
DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} - hxxp://67.15.101.3/g_bin/pl/pirate_2_0_0_25.cab
DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} - hxxp://67.15.101.33/g_bin/pl/slots70_2_0_0_35.cab
DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://67.15.101.33/g_bin/pl/marbles_2_0_0_32.cab
DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} - hxxp://67.15.101.33/g_bin/pl/breakout_2_0_0_29.cab
DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://67.15.101.3/g_bin/pl/words_2_0_0_46.cab
DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} - hxxp://67.15.101.33/g_bin/pl/mahjong_2_0_0_31.cab
DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} - hxxp://67.15.101.33/g_bin/pl/soccer_2_0_0_19.cab
DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} - hxxp://67.15.101.3/g_bin/pl/billardt_2_0_0_35.cab
DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - hxxp://67.15.101.3/g_bin/pl/snooker_2_0_0_35.cab
DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C6} - hxxp://67.15.101.3/g_bin/pl/billard8UK_2_0_0_28.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 21:19
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1645522239-1292428093-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\imon.dll
- - - - - - - > 'explorer.exe'(2544)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2009-06-21 21:22 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-06-21 19:22
Przed: 64,918,278,144 bajtów wolnych
Po: 64,940,285,952 bajtów wolnych
200 --- E O F --- 2009-04-29 13:16