ComboFix 09-02-03.01 - Kamil 2009-02-04 11:51:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.3326.2747 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Kamil\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Kamil\Pulpit\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
FILE ::
c:\windows\system32\GStartUp.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\GStartUp.exe
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GSTARTUP
-------\Service_GStartUp
((((((((((((((((((((((((( Pliki utworzone od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))
.
2009-02-03 22:20 . 2009-02-03 22:20
2009-02-03 22:20 . 2009-02-03 22:20
2009-02-03 22:18 . 2009-02-03 22:20
2009-02-03 21:51 . 2009-02-03 21:51 286,720 --------- c:\windows\Setup1.exe
2009-02-03 21:51 . 2009-02-03 21:51 73,216 --a------ c:\windows\ST6UNST.EXE
2009-02-02 22:15 . 2007-11-02 11:47 83,496 -ra------ c:\windows\system32\drivers\s916bus.sys
2009-02-02 22:15 . 2007-11-02 11:47 12,200 -ra------ c:\windows\system32\drivers\s916whnt.sys
2009-02-02 22:15 . 2007-11-02 11:47 12,200 -ra------ c:\windows\system32\drivers\s916wh.sys
2009-01-29 21:54 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-29 21:53 . 2009-01-29 21:53
2009-01-29 21:53 . 2009-01-29 21:53
2009-01-29 21:50 . 2009-01-29 21:50
2009-01-29 21:49 . 2009-01-29 21:49
2009-01-29 21:49 . 2009-02-03 18:40
2009-01-29 10:52 . 2009-01-29 10:52
2009-01-28 16:15 . 2009-01-28 16:15
2009-01-28 13:29 . 2009-01-28 13:32
2009-01-28 13:27 . 2009-01-28 13:28
2009-01-28 13:27 . 2009-01-28 13:27 215,872 --a------ c:\windows\system32\drivers\truecrypt.sys
2009-01-28 13:19 . 2002-10-09 14:53 43,904 --a------ c:\windows\system32\drivers\AFPAnsi.sys
2009-01-28 13:19 . 2009-01-28 13:25 4 --a------ c:\windows\gstartup.dat
2009-01-27 16:52 . 2009-01-27 16:52
2009-01-27 16:52 . 2009-01-27 16:52
2009-01-27 16:52 . 2009-01-27 16:52
2009-01-27 16:52 . 2008-08-19 10:56 53,248 --a------ c:\windows\system32\CSVer.dll
2009-01-27 16:44 . 2009-02-04 11:54 16,608 --a------ c:\windows\gdrv.sys
2009-01-27 16:40 . 2009-01-27 16:40
2009-01-27 16:40 . 2008-12-23 21:58 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-01-27 16:40 . 2008-12-26 19:20 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-01-27 16:40 . 2009-02-04 11:54 211,076 --a------ c:\windows\system32\nvapps.xml
2009-01-27 16:40 . 2008-12-26 19:20 18,725 --a------ c:\windows\system32\nvdisp.nvu
2009-01-26 19:18 . 2008-04-14 00:15 26,368 --a–c— c:\windows\system32\dllcache\usbstor.sys
2009-01-26 18:35 . 2009-01-26 19:50 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-26 13:20 . 2009-01-26 13:20
2009-01-26 13:08 . 2009-01-26 13:08
2009-01-26 08:03 . 2009-01-26 08:05
2009-01-26 08:03 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-01-26 07:37 . 2009-01-26 07:38
2009-01-26 06:50 . 2009-02-04 11:52
2009-01-26 06:50 . 2009-01-21 00:19
2009-01-26 06:50 . 2009-01-20 23:26
2009-01-26 06:50 . 2009-01-21 00:19
2009-01-26 06:50 . 2009-01-21 00:19
2009-01-26 06:50 . 2009-01-21 00:19
2009-01-26 06:50 . 2009-01-21 00:19
2009-01-26 06:50 . 2009-01-26 06:50
2009-01-23 15:27 . 2009-01-23 15:27
2009-01-22 21:25 . 2009-01-22 21:25
2009-01-21 17:47 . 2009-01-21 17:47
2009-01-21 17:47 . 2009-01-22 22:30 69 --a------ c:\windows\NeroDigital.ini
2009-01-21 15:42 . 2008-04-14 21:51 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-21 15:40 . 2009-01-29 10:22
2009-01-21 14:35 . 2009-01-21 14:35
2009-01-21 14:24 . 2009-02-02 07:25
2009-01-21 03:04 . 2009-01-21 03:04
2009-01-21 03:00 . 2009-01-21 03:01
2009-01-21 01:12 . 2009-01-21 01:12
2009-01-21 01:11 . 2009-02-03 22:20
2009-01-21 01:02 . 2009-01-21 01:02
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 21:23 --------- d–h--w c:\program files\InstallShield Installation Information
2009-02-03 21:19 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-26 06:51 --------- d-----w c:\program files\Unlocker
2009-01-22 22:09 --------- d-----w c:\program files\RegCleaner
2009-01-22 21:10 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Winamp
2009-01-22 07:37 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Skype
2009-01-21 16:57 --------- d-----w c:\program files\NAPI-PROJEKT
2009-01-21 16:55 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-20 23:47 --------- d-----w c:\program files\YouTube Downloader
2009-01-20 23:46 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Xilisoft Corporation
2009-01-20 23:45 --------- d-----w c:\program files\Microsoft.NET
2009-01-20 23:45 --------- d-----w c:\program files\Any Video Converter
2009-01-20 23:45 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Any Video Converter
2009-01-20 23:41 --------- d-----w c:\program files\Winamp
2009-01-20 23:41 --------- d-----w c:\program files\Java
2009-01-20 23:39 --------- d-----w c:\program files\Common Files\Nero
2009-01-20 23:39 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Nero
2009-01-20 23:38 --------- d-----w c:\program files\Nero
2009-01-20 23:38 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero
2009-01-20 23:33 --------- d-----w c:\program files\SureThing CD Labeler 5
2009-01-20 23:33 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-20 23:33 --------- d-----w c:\program files\Common Files\LightScribe
2009-01-20 23:26 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\TuneUp Software
2009-01-20 23:25 --------- d-----w c:\program files\ivo
2009-01-20 23:23 --------- d-----w c:\program files\Common Files\Adobe
2009-01-20 23:20 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Desktopicon
2009-01-20 23:19 --------- d-----w c:\program files\SubEdit-Player
2009-01-20 23:19 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\skypePM
2009-01-20 23:18 --------- d-----w c:\program files\Skype
2009-01-20 23:18 --------- d-----w c:\program files\Real Alternative
2009-01-20 23:18 --------- d-----w c:\program files\Imagenomic
2009-01-20 23:18 --------- d-----w c:\program files\Common Files\Skype
2009-01-20 23:18 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-01-20 23:17 --------- d-----w c:\program files\mp3DirectCut
2009-01-20 23:17 --------- d-----w c:\program files\foobar2000
2009-01-20 23:16 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-20 23:13 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-20 23:13 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\DAEMON Tools
2009-01-20 23:12 --------- d-----w c:\program files\Crystal Player
2009-01-20 23:12 --------- d-----w c:\program files\CCleaner
2009-01-20 23:11 --------- d-----w c:\program files\MarBit
2009-01-20 23:11 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\BESTplayer
2009-01-20 23:10 --------- d-----w c:\program files\Common Files\Java
2009-01-20 23:04 --------- d-----w c:\program files\IVT Corporation
2009-01-20 23:02 --------- d-----w c:\program files\VGA USB Camera
2009-01-20 23:02 --------- d-----w c:\program files\directx
2009-01-20 22:29 --------- d-----w c:\program files\microsoft frontpage
2009-01-20 22:28 --------- d-----w c:\program files\Usługi online
2008-12-26 18:20 7,962,528 ----a-w c:\windows\system32\drivers\nv4_mini.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe” [2007-09-20 202024]
“Gadu-Gadu”=“e:\kamil\Komunikatory\Gadu-Gadu1\gg.exe” [2005-09-15 749568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-01-21 136600]
“UnlockerAssistant”=“c:\program files\Unlocker\UnlockerAssistant.exe” [2008-05-02 15872]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-26 81000]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-12-26 13729792]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-12-26 86016]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 31016]
“nwiz”=“nwiz.exe” [2008-12-26 c:\windows\system32\nwiz.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
–a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
–a------ 2005-09-15 15:05 749568 e:\kamil\Komunikatory\Gadu-Gadu1\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
–a------ 2008-10-22 19:57 2363392 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
–a------ 2007-09-20 09:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2007-10-10 06:28 36352 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2008-05-13 11:50 16862720 c:\windows\RTHDCPL.EXE
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
“e:\Gry\Company of Heroes\RelicCOH.exe”=
“f:\KAMIL\Bit Lord 1.1\BitLord.exe”=
“e:\KAMIL\Emul\Nowy folder (2)\emule.exe”=
“e:\KAMIL\Komunikatory\Gadu-Gadu1\gg.exe”=
“e:\Gry\WoW\World of Warcraft\Wow.exe”=
“c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=
“d:\Steam\SteamApps\zygzak6540\counter-strike\hl.exe”=
“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\Program Files\Wolfram Research\Mathematica\5.2\Mathematica.exe”=
“c:\Program Files\Wolfram Research\Mathematica\5.2\MathKernel.exe”=
“c:\Program Files\Wolfram Research\Mathematica\5.2\math.exe”=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-21 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-21 20560]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-01-29 80392]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2009-02-02 83496]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [2009-01-21 74384]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“c:\program files\Common Files\LightScribe\LSRunOnce.exe”
.
Zawartość folderu ‘Zaplanowane zadania’
2009-01-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-DriverCD - G:\Run.exe
.
------- Skan uzupełniający -------
.
IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\kmxkfsax.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 11:54:48
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-04 11:55:50 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-02-04 10:55:48
Przed: 2 108 817 408 bajtów wolnych
Po: 2,201,010,176 bajtów wolnych
243