LOG z ComoboFix->Prosze o sprawdzenie

[konradlfc]

ComboFix 08-02-17.2 - Liverpool 2008-02-17 20:05:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.638 [GMT 1:00]
Running from: C:\Documents and Settings\Liverpool\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 15:48 . 2008-02-17 15:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-16 20:48 . 2008-02-16 20:49 340 --a------ C:\WINDOWS\wininit.ini
2008-02-16 20:09 . 2008-02-16 20:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-16 09:10 . 2008-02-16 09:10 <DIR> d-------- C:\Program Files\directx
2008-02-16 09:10 . 2008-02-16 19:36 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-16 09:10 . 1998-10-07 13:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2008-02-14 17:00 . 2008-02-14 17:00 <DIR> d-------- C:\Program Files\MoorHunt
2008-02-13 22:57 . 2000-12-08 21:59 122,880 --a------ C:\WINDOWS\UnGins.exe
2008-02-09 14:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-07 15:28 . 2008-02-07 15:28 <DIR> d-------- C:\WINDOWS\Sun
2008-02-06 15:30 . 2008-02-06 15:30 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.1
2008-02-05 13:45 . 2008-02-10 00:57 <DIR> d-------- C:\My Downloads
2008-02-03 19:37 . 2008-02-17 14:19 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-03 19:25 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-03 19:20 . 2008-02-03 19:20 <DIR> d-------- C:\Documents and Settings\Liverpool\Dane aplikacji\Ahead
2008-02-03 19:19 . 2008-02-03 19:19 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-03 19:19 . 2005-07-12 18:06 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
2008-02-03 19:19 . 2005-09-16 13:10 154,568 --------- C:\WINDOWS\UNNeroVision.cfg
2008-02-03 19:19 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-02-03 19:18 . 2008-02-03 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-02-03 19:18 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-02-03 19:18 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-02-03 19:18 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-02-03 19:18 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-02-03 19:18 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-02-03 19:18 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-02-03 19:18 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-02-03 19:17 . 2008-02-03 19:17 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-02-03 19:17 . 2008-02-03 19:25 <DIR> d-------- C:\Program Files\Ahead
2008-02-03 17:50 . 2008-01-01 00:00 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-03 17:50 . 2008-01-01 00:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-02-03 17:50 . 2008-01-31 19:39 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-03 17:50 . 2008-01-01 00:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-03 14:36 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-03 14:36 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-02-03 14:22 . 2008-02-03 14:22 <DIR> d-------- C:\Documents and Settings\Liverpool\Dane aplikacji\Media Player Classic
2008-02-03 14:21 . 2008-02-03 14:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-03 11:10 . 2008-02-03 11:10 <DIR> d-------- C:\Documents and Settings\Liverpool\Dane aplikacji\Auslogics
2008-02-03 10:44 . 2008-02-03 10:44 2,150,912 --a------ C:\WINDOWS\system32\kernel1.exe
2008-02-03 10:44 . 2008-02-02 16:08 223 -rahs---- C:\BOOT.BKK
2008-02-03 10:42 . 2008-02-03 10:42 <DIR> d-------- C:\Program Files\TGTSoft
2008-02-03 10:32 . 2008-02-03 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-02-03 10:30 . 2008-02-03 10:30 <DIR> d-------- C:\Program Files\xp-AntiSpy
2008-02-03 01:36 . 2008-02-03 10:28 2,232 --a------ C:\WINDOWS\system32\nvdb02.adghz
2008-02-03 01:18 . 2008-02-03 10:30 <DIR> d-------- C:\Program Files\Driver Cleaner
2008-02-02 17:56 . 2008-02-02 17:56 <DIR> d-------- C:\Program Files\EA SPORTS
2008-02-02 17:24 . 2008-02-02 17:24 <DIR> dr-h----- C:\Documents and Settings\Liverpool\Dane aplikacji\SecuROM
2008-02-02 17:24 . 2008-02-02 17:24 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-02-02 16:55 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-02 16:54 . 2008-02-03 10:30 <DIR> d-------- C:\Program Files\Real Alternative
2008-02-02 16:54 . 2008-02-02 16:54 <DIR> d-------- C:\Program Files\Media Player Classic
2008-02-02 16:53 . 2003-06-23 02:44 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2008-02-02 16:53 . 2002-01-05 13:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-02-02 16:52 . 2003-02-21 13:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-02-02 16:52 . 2004-02-17 10:11 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2008-02-02 16:31 . 2008-02-17 00:42 <DIR> d-------- C:\Program Files\SopCast
2008-02-02 16:31 . 2008-02-02 19:22 <DIR> d-------- C:\Documents and Settings\Liverpool\Dane aplikacji\SopCast
2008-02-02 16:21 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 16:19 . 2008-02-02 17:41 127,254 --a------ C:\WINDOWS\system32\nvapps.xml
2008-02-02 16:19 . 2007-06-28 17:43 17,254 --a------ C:\WINDOWS\system32\nvwsapps.xml
2008-02-02 16:18 . 2008-02-02 16:19 <DIR> d-------- C:\WINDOWS\nview
2008-02-02 16:18 . 2007-06-28 17:43 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-02-02 16:18 . 2007-06-28 17:43 17,463 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-02-02 16:13 . 2008-02-02 16:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-02 16:07 . 2008-02-02 16:07 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-02-02 16:07 . 2008-02-02 16:07 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-02-02 16:06 . 2008-02-02 16:06 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-02 16:06 . 2008-02-02 16:06 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6845.sys
2008-02-02 15:48 . 2008-02-02 15:55 <DIR> d-------- C:\Program Files\Winamp
2008-02-02 15:48 . 2008-02-02 15:48 <DIR> d-------- C:\Program Files\MarBit
2008-02-02 15:45 . 2008-02-02 16:21 <DIR> d-------- C:\Program Files\Java
2008-02-02 15:43 . 2008-02-02 15:43 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-02 15:39 . 2008-02-16 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-02-02 15:37 . 2008-02-02 15:37 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-02 15:33 . 2008-02-02 15:33 <DIR> d-------- C:\Documents and Settings\Liverpool\Dane aplikacji\Gadu-Gadu
2008-02-02 15:30 . 2008-02-03 01:33 <DIR> d-------- C:\Documents and Settings\Liverpool\Dane aplikacji\Lavasoft
2008-02-02 15:27 . 2008-02-02 15:27 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-02-02 15:27 . 2008-02-10 13:40 <DIR> d-------- C:\Documents and Settings\Liverpool\Gadu-Gadu
2008-02-02 15:26 . 2008-02-02 15:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-02 15:00 . 2008-02-02 15:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-02 13:59 . 2008-02-02 13:59 <DIR> d-------- C:\Program Files\Usługi online
2008-02-02 13:58 . 2008-02-17 15:48 <DIR> dr------- C:\Program Files
2008-02-02 13:58 . 2008-02-02 13:58 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-02-02 13:58 . 2008-02-02 13:58 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-02-02 13:58 . 2008-02-02 13:59 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2008-02-02 13:58 . 2008-02-02 13:58 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2008-02-02 13:58 . 2008-02-02 13:58 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2008-02-02 13:58 . 2008-02-02 13:58 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2008-02-02 13:58 . 2008-02-02 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2008-02-02 13:58 . 2008-02-02 13:58 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2008-02-02 13:58 . 2008-02-17 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2008-02-02 13:58 . 2008-02-03 10:43 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2008-02-02 13:58 . 2008-02-02 14:29 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-02-02 13:57 . 2008-02-16 19:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-02-02 13:57 . 2008-02-02 14:26 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-02-02 13:57 . 2008-02-02 13:58 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2008-02-02 13:57 . 2008-02-17 00:27 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 23:42 --------- d-----w C:\Program Files\ESET
2008-02-16 08:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 14:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-02 13:47 --------- d-----w C:\Program Files\Analog Devices
2008-02-02 13:44 --------- d-----w C:\Program Files\DIFX
2008-02-02 13:37 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-02-02 13:10 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-02-02 13:10 --------- d-----w C:\Program Files\RALINK
2008-02-02 13:07 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-02-02 13:07 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-02-02 13:07 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-02-02 13:01 558,142 ----a-w C:\WINDOWS\java\Packages\CZZP73RP.ZIP
2008-02-02 13:01 155,995 ----a-w C:\WINDOWS\java\Packages\B5R5V5NX.ZIP
2008-02-02 13:01 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-02 14:07 949376]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 17:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Raconfig.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Raconfig.lnk
backup=C:\WINDOWS\pss\Raconfig.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2006-11-16 10:05 1953792 C:\WINDOWS\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
C:\Program Files\Odkurzacz 10.0 Pro\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 19:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 23:22 35328 C:\Program Files\Winamp\winampa.exe

R3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2004-04-22 10:57]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 20:06:16
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-02-17 20:06:27

[pp3088]

Usuń pliki:
C:\WINDOWS\system32\kernel1.exe
C:\WINDOWS\system32\nvdb02.adghz
w trybie awaryjnym.