muuuulący komp <LoGi>

[adamsio]

Kod: Zaznacz wszystko

ComboFix 09-02-02.04 - Kamil 2009-02-03 17:44:00.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1023.635 [GMT 1:00]
Uruchomiony z: d:\downloads\Narzędzia Systemowe\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: Outpost Firewall Pro *disabled*
 * Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kamil\Dane aplikacji\inst.exe
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\winitn.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-03 do 2009-02-03  )))))))))))))))))))))))))))))))
.

2009-01-24 13:21 . 2009-01-24 13:21   <DIR>   d--------   c:\documents and settings\Kamil\Dane aplikacji\Agnitum
2009-01-24 13:20 . 2009-02-03 14:16   <DIR>   d--------   c:\windows\system32\Filt
2009-01-24 13:20 . 2009-01-24 13:20   <DIR>   d--------   c:\program files\Agnitum
2009-01-24 13:20 . 2007-12-20 17:47   443,424   --a------   c:\windows\system32\drivers\SandBox.sys
2009-01-24 13:20 . 2007-12-12 14:55   200,464   --a------   c:\windows\system32\drivers\afw.sys
2009-01-24 13:20 . 2007-10-29 16:45   49   --a------   c:\windows\transp.gif
2009-01-24 13:19 . 2009-01-24 13:19   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Agnitum
2009-01-23 17:31 . 2009-01-23 17:31   <DIR>   d--------   c:\program files\Lavalys
2009-01-22 20:46 . 2009-01-22 20:46   <DIR>   d--------   c:\program files\VSO
2009-01-22 20:46 . 2006-05-20 16:16   1,184,984   --a------   c:\windows\system32\wvc1dmod.dll
2009-01-22 20:46 . 2006-05-11 19:21   626,688   --a------   c:\windows\system32\vp7vfw.dll
2009-01-22 20:46 . 2006-09-29 12:24   217,127   --a------   c:\windows\system32\drv43260.dll
2009-01-22 20:46 . 2006-09-29 12:25   208,935   --a------   c:\windows\system32\drv33260.dll
2009-01-22 20:46 . 2006-09-29 12:26   176,165   --a------   c:\windows\system32\drv23260.dll
2009-01-22 20:46 . 2002-12-10 02:20   102,439   --a------   c:\windows\system32\sipr3260.dll
2009-01-22 20:46 . 2007-03-18 20:37   65,602   --a------   c:\windows\system32\cook3260.dll
2009-01-22 20:38 . 2009-01-29 17:12   <DIR>   d--------   c:\documents and settings\Kamil\Dane aplikacji\Vso
2009-01-22 20:38 . 2009-01-22 20:47   47,360   --a------   c:\windows\system32\drivers\pcouffin.sys
2009-01-22 20:38 . 2009-01-22 20:47   47,360   --a------   c:\documents and settings\Kamil\Dane aplikacji\pcouffin.sys
2009-01-22 20:01 . 2008-03-21 13:57   14,640   ---------   c:\windows\system32\spmsgXP_2k3.dll
2009-01-22 20:01 . 2009-01-22 20:01   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-22 20:01 . 2009-01-22 20:01   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-22 19:59 . 2009-01-22 20:01   <DIR>   d--------   c:\documents and settings\Kamil\Dane aplikacji\PC Suite
2009-01-22 19:59 . 2009-01-22 20:05   <DIR>   d--------   c:\documents and settings\Kamil\Dane aplikacji\Nokia
2009-01-22 19:59 . 2009-01-22 19:59   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\PC Suite
2009-01-22 19:56 . 2009-01-22 19:56   <DIR>   d--------   c:\program files\PC Connectivity Solution
2009-01-22 19:56 . 2009-01-22 19:56   <DIR>   d--------   c:\program files\Common Files\PCSuite
2009-01-22 19:56 . 2009-01-22 19:56   <DIR>   d--------   c:\program files\Common Files\Nokia
2009-01-22 19:56 . 2008-09-15 07:56   22,016   --a------   c:\windows\system32\drivers\ccdcmbo.sys
2009-01-22 19:56 . 2008-08-26 09:26   18,816   --a------   c:\windows\system32\drivers\pccsmcfd.sys
2009-01-22 19:56 . 2008-09-15 07:56   8,064   --a------   c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-01-22 19:56 . 2008-09-15 07:56   8,064   --a------   c:\windows\system32\drivers\usbser_lowerflt.sys
2009-01-22 19:55 . 2009-01-22 19:57   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2009-01-22 19:55 . 2009-01-22 19:56   <DIR>   d--------   c:\program files\Nokia
2009-01-22 19:55 . 2008-09-15 07:29   1,112,288   --a------   c:\windows\system32\wdfcoinstaller01007.dll
2009-01-22 19:55 . 2008-09-15 07:56   659,968   --a------   c:\windows\system32\nmwcdcocls.dll
2009-01-22 19:55 . 2008-09-15 07:56   17,664   --a------   c:\windows\system32\drivers\ccdcmb.sys
2009-01-22 19:53 . 2009-01-22 19:53   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Installations
2009-01-22 19:37 . 2008-04-13 19:45   26,112   --a------   c:\windows\system32\drivers\usbser.sys
2009-01-22 19:37 . 2008-04-13 19:45   26,112   --a--c---   c:\windows\system32\dllcache\usbser.sys
2009-01-22 19:33 . 2009-01-22 19:33   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-01-22 19:32 . 2009-01-22 19:32   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-21 13:16 . 2009-01-22 19:57   <DIR>   d--------   c:\documents and settings\Kamil\Dane aplikacji\Comodo
2009-01-20 21:04 . 2009-01-20 21:04   249,592   --a------   c:\windows\system32\cssdll32.dll
2009-01-20 18:32 . 2009-02-03 11:21   <DIR>   d--------   C:\Downloads
2009-01-18 21:18 . 2009-01-18 21:21   <DIR>   d--------   c:\program files\DC++
2009-01-18 13:24 . 2009-01-18 13:24   <DIR>   d--------   c:\program files\USB Steering Wheel
2009-01-18 13:24 . 2006-07-17 10:56   30,923   --a------   c:\windows\system32\drivers\FT3893.sys
2009-01-18 13:10 . 2006-05-13 10:11   40,960   --a------   c:\windows\system32\restart.exe
2009-01-18 13:10 . 2005-11-17 08:10   36,864   --a------   c:\windows\system32\Sign2k.exe
2009-01-18 13:10 . 2006-05-13 10:02   32,768   --a------   c:\windows\system32\Removejoy.exe
2009-01-18 13:10 . 2004-03-30 19:37   25,600   --a------   c:\windows\system32\remove.exe
2009-01-18 13:10 . 2004-03-29 17:59   20,992   --a------   c:\windows\system32\rescan.exe
2009-01-12 20:51 . 2009-02-03 11:29   <DIR>   d--------   c:\program files\BitComet
2009-01-11 19:21 . 2009-01-11 19:21   <DIR>   d--------   c:\documents and settings\Kamil\Dane aplikacji\Kerio
2009-01-11 17:10 . 2009-01-11 17:10   <DIR>   d--------   c:\windows\Sun
2009-01-11 14:25 . 2009-01-11 14:25   479,298   --a------   c:\windows\system32\wbocx.ocx
2009-01-11 14:25 . 2009-01-11 14:25   172,032   --a------   c:\windows\system32\AniGIF.ocx
2009-01-11 14:25 . 2009-01-11 14:25   50,688   --a------   c:\windows\system32\wbhelp2.dll
2009-01-11 12:06 . 2009-02-03 12:07   138,184   --a------   c:\windows\system32\drivers\PnkBstrK.sys
2009-01-11 12:06 . 2009-01-11 12:19   66,872   --a------   c:\windows\system32\PnkBstrA.exe
2009-01-11 12:05 . 2009-02-03 12:07   183,112   --a------   c:\windows\system32\PnkBstrB.exe
2009-01-10 16:24 . 2009-01-10 16:24   <DIR>   d--------   c:\documents and settings\Kamil\Dane aplikacji\Media Player Classic
2009-01-10 16:23 . 2009-01-10 16:23   <DIR>   d--------   c:\program files\Real Alternative
2009-01-10 14:02 . 2009-01-10 14:02   <DIR>   d--------   c:\program files\ffdshow
2009-01-10 14:02 . 2008-12-08 12:53   57,344   --a------   c:\windows\system32\ff_vfw.dll
2009-01-10 14:02 . 2008-12-08 12:53   50,688   --a------   c:\windows\system32\ff_acm.acm
2009-01-10 14:02 . 2007-07-10 17:10   547   --a------   c:\windows\system32\ff_vfw.dll.manifest
2009-01-09 15:51 . 2009-01-09 15:51   <DIR>   d--------   c:\documents and settings\Kamil\Dane aplikacji\gtk-2.0
2009-01-09 15:51 . 2009-01-09 15:51   <DIR>   d--------   c:\documents and settings\Kamil\.thumbnails
2009-01-09 15:29 . 2009-01-09 16:04   <DIR>   d--------   c:\documents and settings\Kamil\.gimp-2.6
2009-01-09 15:29 . 2009-01-09 15:29   <DIR>   d--------   c:\documents and settings\Kamil\.gegl-0.0
2009-01-08 10:15 . 1999-01-10 10:00   34,816   --a------   c:\windows\system32\DLPortIO.DLL
2009-01-08 10:15 . 1999-01-10 10:00   3,584   --a------   c:\windows\system32\drivers\DLPortIO.SYS

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 16:46   ---------   d-----w   c:\documents and settings\Kamil\Dane aplikacji\skypePM
2009-02-03 16:46   ---------   d-----w   c:\documents and settings\Kamil\Dane aplikacji\Skype
2009-01-19 16:01   ---------   d-----w   c:\program files\EA Games
2009-01-17 16:46   ---------   d-----w   c:\documents and settings\Kamil\Dane aplikacji\Image Zone Express
2009-01-12 20:14   ---------   d-----w   c:\program files\ALLPlayer
2009-01-11 18:50   9,876   ----a-w   c:\windows\system32\drivers\kwflower.log
2009-01-11 18:50   7,485   ----a-w   c:\windows\system32\drivers\kwfupper.log
2009-01-11 14:04   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-11 13:56   ---------   d-----w   c:\program files\DAP
2009-01-11 13:53   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\SpeedBit
2009-01-10 20:12   90,112   ----a-w   c:\windows\system32\agsaami.dll
2009-01-10 20:12   610,304   ----a-w   c:\windows\system32\agsaamg.dll
2009-01-10 20:12   372,736   ----a-w   c:\windows\system32\agsaamc.dll
2009-01-10 20:12   237,568   ----a-w   c:\windows\system32\lame_enc.dll
2009-01-10 20:12   2,535,424   ----a-w   c:\windows\system32\agsaamj.dll
2008-12-30 15:04   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-19 11:47   ---------   d-----w   c:\program files\Teamspeak2_RC2
2008-12-19 11:47   ---------   d-----w   c:\documents and settings\Kamil\Dane aplikacji\teamspeak2
2008-12-17 20:28   ---------   d-----w   c:\program files\NAPI-PROJEKT
2008-12-16 19:13   ---------   d-----w   c:\program files\Skype
2008-12-16 19:13   ---------   d-----w   c:\program files\Common Files\Skype
2008-12-16 19:13   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Skype
2008-12-16 15:14   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-16 15:14   ---------   d-----w   c:\program files\Realtek
2008-12-16 13:07   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\EDA
2008-12-15 20:37   ---------   d-----w   c:\documents and settings\Kamil\Dane aplikacji\Leadertech
2008-12-15 20:23   ---------   d-----w   c:\documents and settings\Kamil\Dane aplikacji\HP
2008-12-15 20:22   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\HP
2008-12-15 20:21   ---------   d-----w   c:\program files\HP
2008-12-15 20:21   ---------   d-----w   c:\program files\Common Files\HP
2008-12-15 20:20   ---------   d-----w   c:\program files\Hewlett-Packard
2008-12-15 20:19   ---------   d-----w   c:\program files\Common Files\Hewlett-Packard
2008-12-15 20:07   410,984   ----a-w   c:\windows\system32\deploytk.dll
2008-12-15 20:07   ---------   d-----w   c:\program files\Java
2008-12-15 19:45   ---------   d-----w   c:\program files\Valve
2008-12-15 19:37   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\2E1D4
2008-12-15 19:09   ---------   d-----w   c:\documents and settings\Kamil\Dane aplikacji\OpenOffice.ux.pl
2008-12-15 19:08   ---------   d-----w   c:\program files\Alcohol Soft
2008-12-15 19:07   ---------   d-----w   c:\documents and settings\Kamil\Dane aplikacji\Ahead
2008-12-15 19:07   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Ahead
2008-12-15 19:06   ---------   d-----w   c:\program files\Common Files\Ahead
2008-12-15 19:05   ---------   d-----w   c:\program files\Nero
2008-12-15 19:05   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Nero
2008-12-15 18:55   ---------   d-----w   c:\program files\ESET
2008-12-15 18:55   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ESET
2008-12-15 18:53   ---------   d-----w   c:\program files\OpenOffice.ux.pl 3
2008-12-15 18:53   ---------   d-----w   c:\program files\JRE
2008-12-15 18:53   ---------   d-----w   c:\program files\Common Files\Java
2008-12-15 18:24   ---------   d-----w   c:\program files\Winamp
2008-12-15 18:24   ---------   d-----w   c:\documents and settings\Kamil\Dane aplikacji\Winamp
2008-12-15 18:09   ---------   d-----w   c:\documents and settings\Kamil\Dane aplikacji\Gadu-Gadu
2008-12-15 18:08   ---------   d-----w   c:\program files\Gadu-Gadu
2008-12-15 17:19   ---------   d-----w   c:\documents and settings\Administrator\Dane aplikacji\InstallShield
2008-12-15 17:18   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-15 17:05   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-15 17:04   ---------   d-----w   c:\program files\Usługi online
2008-12-11 10:57   333,952   ----a-w   c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-12-11 6959104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2007-12-23 738304]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2007-12-19 405504]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kamil^Menu Start^Programy^Autostart^OpenOffice.ux.pl 3.0.lnk]
path=c:\documents and settings\Kamil\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk
backup=c:\windows\pss\OpenOffice.ux.pl 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
--a------ 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-12-11 20:59 6959104 c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-06-29 19:16 1373480 c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-12-15 20:49 1410296 c:\progra~1\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-15 21:07 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\master_adams\\counter-strike\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26868:TCP"= 26868:TCP:BitComet 26868 TCP
"26868:UDP"= 26868:UDP:BitComet 26868 UDP

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2003-07-02 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2003-07-02 124160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-01-24 443424]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-01-24 1232896]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPortIO.SYS [2009-01-08 3584]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-01-24 200464]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-01-24 32896]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-01-23 22640]
S3 FT3893;FT3893 Filter;c:\windows\system32\drivers\FT3893.sys [2009-01-18 30923]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-06-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.comodo.com/search/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
FF - ProfilePath - c:\documents and settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\t5zpcaze.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.start.tcz.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - component: c:\documents and settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\t5zpcaze.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 17:46:34
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\rundll32.exe
c:\program files\Agnitum\Outpost Firewall Pro\op_mon.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-03 17:48:15 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-02-03 16:48:12

Przed: 17 174 618 112 bajtów wolnych
Po: 18,318,471,168 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

303   --- E O F ---   2009-01-14 13:32:11


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:02, on 2009-02-03
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\Narzędzia Systemowe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Ustawienia Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.onet.pl
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6782 bytes


[AJAN]

pobierz MalwareByte's
Klikasz "Skanuj" Wybierasz dyski i skanujesz jak jakieś będą to Usuń i pokaż raport[/quote]

[adamsio]

Mam Outpost Firewall PRO i nim skanowałem na malware i nic nie ma...

Ale zaraz wstawię loga z tego programu.


EDIT: Prosze o to log, skąd to sie przypałętało? hmm...

Malwarebytes' Anti-Malware 1.33
Wersja bazy definicji: 1725
Windows 5.1.2600 Dodatek Service Pack 3

2009-02-04 14:59:28
mbam-log-2009-02-04 (14-59-28).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowane obiekty: 97489
Upłynęło: 25 minute(s), 6 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 2

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\Program Files\Real Alternative\mpclauncher.exe (Adware.SearchIt99) Quarantined and deleted successfully.
C:\Program Files\Real Alternative\settings.exe (Adware.SearchIt99) Quarantined and deleted successfully.

[djarta]

Mam Outpost Firewall PRO i nim skanowałem na malware i nic nie ma...
skąd to sie przypałętało? hmm...

Te pliki to sa pomylki MBAMa, False Alarm.
No to chyba na tyle, logi tez sa czyste.


==========
K.

[adamsio]

eh, no to co może być przyczyną jego mulenia, i czasem zmiany ustawień wygaszacza itp.?