zlapalem tego wirusa i nie wiem czy juz wyczyscilem kompa . moglibyscie sprawdzic mojego loga dziekuje
ComboFix 08-09-05.02 - HP_Administrator 2008-09-06 18:25:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.611 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt…txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.
2008-09-06 18:15 . 2004-08-10 05:00 388,608 --a------ C:\WINDOWS\system32\CF3943.exe
2008-09-06 17:00 . 2008-09-06 17:00 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-08-29 01:37 . 2008-09-06 18:14 55,996 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
2008-08-29 01:37 . 2008-09-06 18:14 788 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
2008-08-28 22:51 . 2008-09-03 01:42 1,072 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-08-28 22:51 . 2008-09-03 01:42 1,072 --a------ C:\WINDOWS\system32\settings.sfm
2008-08-28 22:49 . 2008-08-28 22:49
2008-08-28 22:44 . 2008-08-28 22:44
2008-08-28 22:39 . 2008-07-15 01:08 24,089,151 --a------ C:\WINDOWS\system32\AppSetup.exe
2008-08-28 19:25 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-08-28 18:48 . 2008-08-28 18:48
2008-08-28 18:47 . 2008-08-28 18:47
2008-08-27 15:34 . 2008-09-06 18:14 55,996 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
2008-08-27 15:10 . 2008-08-28 22:44
2008-08-27 15:07 . 2008-08-27 15:07
2008-08-23 14:05 . 2008-08-28 22:44 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-08-23 14:05 . 2008-08-28 22:44 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-08-23 14:04 . 2008-08-28 22:44
2008-08-23 14:04 . 2008-08-23 14:04
2008-08-23 14:04 . 2008-08-28 22:49
2008-08-23 14:04 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll
2008-08-17 19:10 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-15 03:46 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-08-15 03:46 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-08-15 03:46 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 16:28 --------- d-----w C:\Program Files\Trojan Remover
2008-09-06 16:23 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 00:09 --------- d-----w C:\Program Files\HP
2008-08-31 18:46 --------- d-----w C:\Program Files\HighGrow
2008-08-28 21:45 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-08-27 13:02 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-08-25 12:12 --------- d-----w C:\Program Files\BitComet
2008-08-25 11:53 --------- d-----w C:\Program Files\Electronic Arts
2008-08-25 11:24 --------- d-----w C:\Program Files\AtomixMP3
2008-08-23 01:28 102,400 ----a-w C:\WINDOWS\DUMP44e8.tmp
2008-08-17 18:10 --------- d-----w C:\Program Files\Java
2008-08-01 14:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-07-15 17:13 15,896 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
2008-07-15 17:12 1,173,016 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys
2008-07-15 17:11 92,696 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
2008-07-15 17:10 157,208 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
2008-07-15 17:09 14,360 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
2008-07-15 17:08 347,080 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
2008-07-15 17:08 127,000 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
2008-07-15 17:07 527,384 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
2008-07-15 17:06 511,000 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
2008-07-15 16:23 72,728 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL
2008-07-15 16:23 170,520 ----a-w C:\WINDOWS\system32\CT20XUT.DLL
2008-07-15 16:22 1,323,544 ----a-w C:\WINDOWS\system32\CTEXFIFX.DLL
2008-07-11 14:53 86,016 ----a-w C:\WINDOWS\system32\ctcoinst.dll
2008-07-11 14:53 181,248 ----a-w C:\WINDOWS\system32\ctdvinst.dll
2008-07-11 14:53 11,776 ----a-w C:\WINDOWS\INRES.DLL
2008-07-11 14:51 34,816 ----a-w C:\WINDOWS\system32\a3d.dll
2008-07-11 14:51 27,648 ----a-w C:\WINDOWS\system32\ac3api.dll
2008-07-11 14:50 45,056 ----a-w C:\WINDOWS\system32\CTxfiSpk.dll
2008-07-11 14:50 35,840 ----a-w C:\WINDOWS\system32\CTxfiBtn.dll
2008-07-11 14:50 3,072 ----a-w C:\WINDOWS\system32\CtxfiRes.dll
2008-07-11 14:50 3,072 ----a-w C:\WINDOWS\CTXFIRES.DLL
2008-07-11 14:50 19,968 ----a-w C:\WINDOWS\system32\Ctxfihlp.exe
2008-07-11 14:46 969,216 ----a-w C:\WINDOWS\system32\CTxfispi.exe
2008-07-11 14:46 43,520 ----a-w C:\WINDOWS\system32\Ctxfireg.exe
2008-07-11 14:46 10,752 ----a-w C:\WINDOWS\system32\Ct20xspi.dll
2008-07-11 14:40 110,080 ----a-w C:\WINDOWS\system32\ctemupia.dll
2008-07-11 14:39 69,120 ----a-w C:\WINDOWS\system32\ctosuser.dll
2008-07-11 14:39 64,512 ----a-w C:\WINDOWS\system32\piaproxy.dll
2008-07-11 14:39 6,144 ----a-w C:\WINDOWS\system32\sfman32.dll
2008-07-11 14:39 49,152 ----a-w C:\WINDOWS\system32\ctdproxy.dll
2008-07-11 14:39 46,592 ----a-w C:\WINDOWS\system32\ctasio.dll
2008-07-11 14:39 174,592 ----a-w C:\WINDOWS\system32\ct_oal.dll
2008-07-11 14:39 13,312 ----a-w C:\WINDOWS\system32\regplib.exe
2008-07-11 14:39 104,448 ----a-w C:\WINDOWS\system32\sfms32.dll
2008-07-11 14:37 5,120 ----a-w C:\WINDOWS\system32\enlocstr.exe
2008-07-11 14:37 10,240 ----a-w C:\WINDOWS\system32\killapps.exe
2008-07-11 14:36 32,768 ----a-w C:\WINDOWS\system32\devreg.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 09:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-03-08 17:04 22,328 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-03-12 153136]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2005-08-05 64512]
“IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2006-02-22 143360]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-21 7622656]
“Recguard”=“C:\WINDOWS\SMINST\RECGUARD.EXE” [2005-07-22 237568]
“HPBootOp”=“C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe” [2006-02-15 249856]
“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe” [2003-05-14 188416]
“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe” [2007-03-12 517768]
“F5D9050”=“C:\Program Files\Belkin\F5D9050\Belkinwcui.exe” [2006-07-20 1617920]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 132496]
“HP Software Update”=“C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2007-05-08 54840]
“ftutil2”=“ftutil2.dll” [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]
“RTHDCPL”=“RTHDCPL.EXE” [2006-07-22 C:\WINDOWS\RTHDCPL.EXE]
“nwiz”=“nwiz.exe” [2006-06-21 C:\WINDOWS\system32\nwiz.exe]
“CTHelper”=“CTHELPER.EXE” [2008-02-20 C:\WINDOWS\system32\CtHelper.exe]
“CTxfiHlp”=“CTXFIHLP.EXE” [2008-07-11 C:\WINDOWS\system32\Ctxfihlp.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“SetDefaultMIDI”=“MIDIDEF.EXE” [2008-02-20 C:\WINDOWS\system32\mididef.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=WIKI.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= i420vfw.dll
“msacm.l3fhg”= mp3fhg.acm
“VIDC.X264”= x264vfw.dll
“VIDC.HFYU”= huffyuv.dll
“vidc.i263”= i263_32.drv
“VIDC.YV12”= yv12vfw.dll
“msacm.ac3filter”= ac3filter.acm
“msacm.divxa32”= divxa32.acm
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^UniSpiker-2.6.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\UniSpiker-2.6.lnk
backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
–a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
–a------ 2006-09-14 21:09 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
–a------ 2006-04-13 09:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2007-03-09 19:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
–a------ 2006-11-28 01:12 2658304 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
–a------ 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
–a------ 2007-08-07 01:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2005-08-18 17:49 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Electronic Arts\Need for Speed Carbon\NFSC.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”=
“C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe”=
“C:\Program Files\DC++\DCPlusPlus.exe”=
“C:\Program Files\NAPI-PROJEKT\napisy.exe”=
“C:\WINDOWS\system32\PnkBstrA.exe”=
“C:\WINDOWS\system32\PnkBstrB.exe”=
“D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe”=
“C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe”=
“C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe”=
“C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“14269:TCP”= 14269:TCP:BitComet 14269 TCP
“14269:UDP”= 14269:UDP:BitComet 14269 UDP
“10123:TCP”= 10123:TCP:BitComet 10123 TCP
“10123:UDP”= 10123:UDP:BitComet 10123 UDP
“13251:TCP”= 13251:TCP:BitComet 13251 TCP
“13251:UDP”= 13251:UDP:BitComet 13251 UDP
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-07-15 1173016]
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-18 19968]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-08-28 79360]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 18:26:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-06 18:26:47
ComboFix-quarantined-files.txt 2008-09-06 17:26:34
ComboFix2.txt 2008-09-06 17:19:35
Pre-Run: 16,118,857,728 bytes free
Post-Run: 16,102,555,648 bytes free
220 — E O F — 2008-08-15 02:04:01
czekam na wasze komenty