ComboFix 08-10-28.01 - user 2008-10-28 19:16:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.972 [GMT 1:00]
Uruchomiony z: C:\Users\user\Desktop\ComboFix.exe
Użyto następujących komend :: C:\Users\user\Desktop\CFScript.txt.txt
* Utworzono nowy punkt przywracania
FILE ::
C:\Users\user\AppData\Local\Temp\cqvruqhn.dll
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\user\AppData\Local\Temp\cqvruqhn.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-28 )))))))))))))))))))))))))))))))
.
2008-10-27 21:32 . 2008-10-27 21:32
2008-10-26 19:32 . 2008-10-26 19:32 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-25 20:30 . 2008-10-25 20:30
2008-10-25 20:30 . 2008-10-25 20:30
2008-10-25 19:42 . 2008-10-25 19:42
2008-10-25 19:42 . 2008-10-28 17:57
2008-10-25 19:42 . 2008-08-25 11:36 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-10-25 19:42 . 2008-08-25 11:36 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-10-25 19:42 . 2008-08-25 11:36 40,840 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-10-25 19:42 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-10-25 17:27 . 2008-10-28 19:11
2008-10-25 17:27 . 2008-10-28 19:11
2008-10-25 16:59 . 2008-10-25 19:39
2008-10-25 16:50 . 2008-10-25 16:50 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-10-25 16:50 . 2008-10-25 16:50 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-10-25 16:49 . 2008-10-28 18:05
2008-10-25 16:49 . 2008-10-25 16:49
2008-10-25 16:49 . 2008-10-25 16:49
2008-10-25 16:49 . 2008-10-25 16:49
2008-10-25 16:49 . 2008-10-25 16:49 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-10-23 18:36 . 2008-10-23 18:36 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-10-23 18:36 . 2008-10-23 18:36 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-10-23 18:34 . 2005-05-26 14:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-10-23 16:09 . 2008-10-23 16:09
2008-10-22 17:06 . 2008-10-22 17:06
2008-10-22 17:06 . 2008-10-22 17:06
2008-10-22 17:06 . 2008-10-22 17:06
2008-10-22 17:06 . 2002-01-05 14:37 344,064 --a------ C:\Windows\System32\msvcr70.dll
2008-10-20 19:24 . 2008-10-20 19:24 23 --a------ C:\Windows\BlendSettings.ini
2008-10-20 18:02 . 2007-11-08 10:04 11,967,524 --a------ C:\Windows\System32\korwbrkr.lex
2008-10-17 20:01 . 2008-10-17 20:01 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-17 19:41 . 2004-03-03 20:30 125,184 --------- C:\Windows\System32\drivers\imagesrv.sys
2008-10-17 19:41 . 2004-03-03 20:30 5,504 --------- C:\Windows\System32\drivers\imagedrv.sys
2008-10-17 19:40 . 2008-10-17 19:40
2008-10-17 19:40 . 2004-07-20 16:24 1,568,768 --------- C:\Windows\System32\ImagX7.dll
2008-10-17 19:40 . 2004-07-20 16:24 476,320 --------- C:\Windows\System32\ImagXpr7.dll
2008-10-17 19:40 . 2004-07-20 16:24 471,040 --------- C:\Windows\System32\ImagXRA7.dll
2008-10-17 19:40 . 2004-07-09 08:43 364,544 --------- C:\Windows\System32\TwnLib4.dll
2008-10-17 19:40 . 2004-07-20 16:24 262,144 --------- C:\Windows\System32\ImagXR7.dll
2008-10-17 19:40 . 2001-07-09 10:50 155,648 --a------ C:\Windows\System32\NeroCheck.exe
2008-10-17 19:40 . 2000-06-26 10:45 106,496 --a------ C:\Windows\System32\TwnLib20.dll
2008-10-17 19:40 . 2001-06-26 07:15 38,912 --------- C:\Windows\System32\picn20.dll
2008-10-17 15:09 . 2008-04-26 09:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-10-17 15:09 . 2008-04-12 04:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-10-17 15:09 . 2008-04-05 02:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-10-17 15:09 . 2008-04-05 04:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-10-16 17:49 . 2008-10-16 17:49
2008-10-16 17:15 . 2008-10-16 16:43 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-10-16 17:15 . 2008-10-16 16:43 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-10-16 17:01 . 2008-01-18 22:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-10-16 17:00 . 2008-01-18 22:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-10-16 16:59 . 2008-01-18 22:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-10-16 16:59 . 2008-01-18 22:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-10-16 16:59 . 2008-01-18 22:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-10-16 16:48 . 2008-01-18 22:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-10-16 16:44 . 2008-01-18 22:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-10-16 16:43 . 2008-10-16 17:16 196,608 --a------ C:\Windows\SPInstall.etl
2008-10-15 15:27 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 15:27 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 15:27 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 15:27 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 15:26 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 15:26 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-14 12:39 . 2008-10-14 12:40
2008-10-12 17:07 . 2008-10-12 17:07
2008-10-12 17:07 . 2008-07-09 09:05 421,888 --a------ C:\Windows\System32\ac3filter.acm
2008-10-09 16:25 . 2008-10-09 16:25
2008-10-05 13:59 . 2004-12-10 09:06 327,680 --a------ C:\Windows\System32\vp6dec.ax
2008-10-05 13:59 . 2004-12-10 09:47 53,248 --a------ C:\Windows\System32\vp6dec_settings.cpl
2008-09-30 18:43 . 1998-10-07 11:54 327,168 --a------ C:\Windows\IsUn0415.exe
2008-09-30 18:24 . 2008-09-30 18:24
2008-09-30 18:20 . 2008-09-30 18:20
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 18:13 318,976 ----a-w C:\Windows\System32\CF6900.exe
2008-10-25 15:47 --------- d-----w C:\ProgramData\McAfee
2008-10-23 17:41 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-10-16 17:01 174 --sha-w C:\Program Files\desktop.ini
2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Mail
2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Journal
2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Defender
2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Collaboration
2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Calendar
2008-10-16 16:23 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-10-16 16:23 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-30 17:21 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-09-27 13:54 --------- d-----w C:\Program Files\DivX
2008-09-23 14:28 --------- d-----w C:\Users\user\AppData\Roaming\OTi
2008-09-18 14:14 --------- d-----w C:\Program Files\Guitar Pro 5
2008-09-16 00:14 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-08-28 20:07 --------- d-----w C:\Users\user\AppData\Roaming\Toshiba
2008-08-16 08:41 269,312 ----a-w C:\Windows\System32\es.dll
2008-08-16 08:39 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-08-16 08:39 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-08-14 23:28 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-08-14 23:28 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-08-14 23:28 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-08-14 23:28 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-08-14 23:25 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-08-14 23:20 988,216 ----a-w C:\Windows\System32\winload.exe
2008-08-14 23:20 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-08-14 23:20 615,992 ----a-w C:\Windows\System32\ci.dll
2008-08-14 23:20 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-08-14 23:20 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-08-14 23:20 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-08-14 23:20 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-08-14 23:20 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-08-14 23:20 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-08-14 23:20 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-08-14 23:19 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-08-14 23:19 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-08-14 23:18 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-08-14 23:18 738,304 ----a-w C:\Windows\System32\inetcomm.dll
2008-08-14 23:18 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-08-14 23:18 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-08-14 23:18 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-08-13 16:36 17,408 ----a-w C:\Windows\System32\rpcnetp.dll
2008-08-13 16:34 17,408 ----a-w C:\Windows\System32\rpcnetp.exe
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-18 1233920]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2008-01-18 202240]
“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 144784]
“ITSecMng”=“C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe” [2007-09-28 75136]
“Google Desktop Search”=“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” [2008-03-05 1836544]
“topi”=“C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe” [2007-07-10 581632]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-11-29 1029416]
“Camera Assistant Software”=“C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe” [2007-10-25 413696]
“TPwrMain”=“C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE” [2008-01-17 431456]
“HSON”=“C:\Program Files\TOSHIBA\TBS\HSON.exe” [2007-10-31 54608]
“SmoothView”=“C:\Program Files\Toshiba\SmoothView\SmoothView.exe” [2008-01-25 509816]
“00TCrdMain”=“C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe” [2008-01-22 712704]
“Toshiba Registration”=“C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe” [2007-05-04 571024]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“NeroFilterCheck”=“C:\Windows\system32\NeroCheck.exe” [2001-07-09 155648]
“AVG8_TRAY”=“C:\PROGRA~1\AVG\AVG8\avgtray.exe” [2008-10-25 1234712]
“NDSTray.exe”=“NDSTray.exe” [bU]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-01-25 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.dvacm”= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
“msacm.ac3filter”= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{EA04DC1D-C484-46BD-B2E3-67A091EF62CA}”= UDP:E:\GRY\Battlefield 2\BF2.exe:Battlefield 2
“{EBF8523C-6B7A-47FC-8831-5C7F7E2B78E1}”= TCP:E:\GRY\Battlefield 2\BF2.exe:Battlefield 2
“{8D1C8DBE-05F5-434B-A497-86763C1160DA}”= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
“{2E8DAD0B-9D2A-4EFC-AC69-B8ABBE4EE146}”= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-10-25 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-25 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-25 231704]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-30 3483648]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-10-25 69128]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDART.sys [2008-02-01 187904]
R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{114fff61-8976-11dd-a280-00037aacb8a5}]
\shell\AutoRun\command - H:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cc01e51f-743a-11dd-b721-00037aacb8a5}]
\shell\AutoRun\command - D:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e66d5e4f-696f-11dd-a786-00037aacb8a5}]
\shell\AutoRun\command - H:\AUTORUN\AUTORUN.EXE
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
ShellExecuteHooks-{46D7049A-9DB9-4AEC-82B1-F101B9367CB1} - C:\Windows\system32\wvUoMeBq.dll
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 19:23:04
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-28 19:24:39
ComboFix-quarantined-files.txt 2008-10-28 18:24:35
Przed: 47,995,224,064 bajtów wolnych
Po: 49,318,289,408 bajtów wolnych
246 — E O F — 2008-10-25 14:13:56
Co teraz?? (Po przeskanowaniu przez Spyware Doctor wykryło 3 zagrożenia: Application.TrackingCookies [infekcje], Application.Nir.Cmd [infekcje] i Trojan.Generic [infekcje])