zamieszczam log z ComboFix.
- Kod: Zaznacz wszystko
ComboFix 08-08-08.04 - marta 2008-08-08 22:55:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.183 [GMT 2:00]
Running from: C:\Documents and Settings\marta\Pulpit\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))
.
2008-08-08 22:03 . 2008-08-08 22:03 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7
2008-08-08 21:27 . 2008-08-08 21:27 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\AVG7
2008-08-08 21:27 . 2008-08-08 21:28 <DIR> d-------- C:\Documents and Settings\marta\Dane aplikacji\AVG7
2008-08-08 21:27 . 2008-08-08 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\avg7
2008-08-08 19:49 . 2008-08-08 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 14:53 --------- d-----w C:\Documents and Settings\marta\Dane aplikacji\Skype
2008-08-08 14:36 --------- d-----w C:\Program Files\BearShare Applications
2008-08-08 12:46 --------- d-----w C:\Documents and Settings\marta\Dane aplikacji\Lenovo
2008-08-08 12:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-08 12:41 --------- d-----w C:\Program Files\ThinkVantage
2008-08-08 12:41 --------- d-----w C:\Program Files\Lenovo
2008-08-08 12:41 --------- d-----w C:\Program Files\Common Files\Lenovo
2008-08-08 12:40 23,552 ----a-w C:\WINDOWS\system32\drivers\psasrv.exe
2008-08-08 12:40 17,536 ----a-w C:\WINDOWS\system32\drivers\psadd.sys
2008-08-08 12:39 --------- d-----w C:\Program Files\Google
2008-08-08 11:39 --------- d-----w C:\Program Files\Lx_cats
2008-08-03 08:26 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2008-06-28 15:26 --------- d-----w C:\Program Files\iTunes
2008-06-28 15:25 --------- d-----w C:\Program Files\QuickTime
2008-06-28 15:25 --------- d-----w C:\Program Files\iPod
2008-06-28 15:18 --------- d-----w C:\Program Files\Apple Software Update
2008-06-15 18:09 --------- d-----w C:\Program Files\Lexmark 4300 Series
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2007-08-24 11:10 8,893,880 ------w C:\Program Files\BearShareV6pl.exe
2006-10-25 13:17 720,896 ------w C:\Documents and Settings\marta\EAInstall.dll
2006-10-25 13:17 7,577,600 ------w C:\Documents and Settings\marta\nfsc_demo.exe
2006-10-25 13:17 625,035,295 ------w C:\Documents and Settings\marta\[u]0[/u]compressed.zip
2006-10-25 13:17 569,344 ------w C:\Documents and Settings\marta\AutoRun.exe
2006-10-25 13:17 53,248 ------w C:\Documents and Settings\marta\nfs_inst.exe
2006-10-25 13:17 528,384 ------w C:\Documents and Settings\marta\AutoRunGUI.dll
2006-10-25 13:17 499,712 ------w C:\Documents and Settings\marta\msvcp71.dll
2006-10-25 13:17 380,928 ------w C:\Documents and Settings\marta\server.dll
2006-10-25 13:17 348,160 ------w C:\Documents and Settings\marta\msvcr71.dll
2006-10-25 13:17 258 ------w C:\Documents and Settings\marta\dat.bin
2006-10-25 13:17 253,952 ------w C:\Documents and Settings\marta\eauninstall.exe
2006-10-25 13:17 22,016 ------w C:\Documents and Settings\marta\setup.exe
2007-04-25 09:26 32,768 --sh--w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\index.dat
2007-07-16 21:55 32,768 --sh--w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012007071620070717\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-08-08_22.07.10.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-08 20:54:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 22:00 159744]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2006-10-05 19:53 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-01-11 08:05 13824 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
--------- 2006-10-05 19:53 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
--------- 2005-11-22 13:36 507904 C:\Program Files\ThinkVantage\AMSG\Amsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--------- 2006-10-12 09:28 1282048 C:\WINDOWS\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
--------- 2006-07-14 18:13 2341632 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--------- 2004-08-04 22:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--------- 2006-05-18 16:24 196696 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--------- 2005-07-26 14:17 94208 C:\Program Files\Lexmark 4300 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--------- 2005-07-12 11:36 299008 C:\Program Files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--------- 2007-11-14 12:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--------- 2006-03-23 06:13 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--------- 2006-03-23 06:17 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--------- 2006-03-23 06:17 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--------- 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--------- 2004-07-27 16:50 81920 C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--------- 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
--------- 2006-07-03 18:11 110592 C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCECATS]
--------- 2005-07-20 15:46 73728 C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcetime.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcemon.exe]
--------- 2005-08-02 19:47 192512 C:\Program Files\Lexmark 4300 Series\lxcemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--------- 2008-02-18 19:19 949376 C:\Program Files\ESET\nod32kui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler]
--------- 2006-08-21 23:54 33128 C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--------- 2006-07-10 20:33 675840 C:\WINDOWS\vsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--------- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--------- 2006-05-19 07:51 774233 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--------- 2006-05-08 03:34 94208 C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]
--------- 2006-04-20 00:29 24576 C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--------- 2006-07-14 18:05 503808 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--------- 2006-10-25 07:37 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--------- 2006-08-30 09:40 89542 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skrót do strony w³aœciwoœci High Definition Audio]
--------- 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys [2006-05-24 11:48]
R2 LXCECustomerConnect;LXCECustomerConnect;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCEserv.exe [2005-07-20 15:46]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-07-14 15:55]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-07-10 20:33]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-07-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2007-07-16 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 22:00]
2007-07-16 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 22:00]
2007-07-16 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 3.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 22:00]
2008-08-08 C:\WINDOWS\Tasks\SprawdŸ aktualizacje paska narzêdzi Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\marta\Dane aplikacji\Mozilla\Firefox\Profiles\9vg5m08j.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 22:57:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-08-08 22:59:06
ComboFix-quarantined-files.txt 2008-08-08 20:58:42
ComboFix2.txt 2008-08-08 20:07:33
Pre-Run: 41,822,982,144 bajtów wolnych
Post-Run: 41,812,914,176 bajtów wolnych
198 --- E O F --- 2008-06-20 01:05:52
