Nie zadzaiłał tak jak był opisany na forum.
ComboFix 08-03-30.1 - Tomikami 2008-03-31 14:07:13.1 - FAT32 x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.587 [GMT 2:00]
Running from: C:\Documents and Settings\Tomikami\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Tomikami\Pulpit\Error Cleaner.url
C:\Documents and Settings\Tomikami\Pulpit\Privacy Protector.url
C:\Documents and Settings\Tomikami\Pulpit\SpywareMalware Protection.url
C:\Documents and Settings\Tomikami\Ulubione\Error Cleaner.url
C:\Documents and Settings\Tomikami\Ulubione\Privacy Protector.url
C:\Documents and Settings\Tomikami\Ulubione\SpywareMalware Protection.url
C:\Program Files\Common Files\download
C:\WINDOWS\dobe~1
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\norlatmx.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\fccaApND.dll
C:\WINDOWS\system32\mhirfpju.ini
C:\WINDOWS\system32\mUFMWGgh.ini
C:\WINDOWS\system32\mUFMWGgh.ini2
C:\WINDOWS\system32\NTtEKnnn.ini
C:\WINDOWS\system32\NTtEKnnn.ini2
C:\WINDOWS\system32\NXHRuBeg.ini
C:\WINDOWS\system32\NXHRuBeg.ini2
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\sstem3~1\s?stem32\
C:\WINDOWS\system32\ujpfrihm.dll
C:\WINDOWS\system32\w002ad3d.dll
C:\WINDOWS\vbgtorfd.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.
2008-03-31 01:38 . 2008-03-31 01:38
2008-03-31 01:19 . 2008-03-31 01:19
2008-03-31 01:19 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-31 01:19 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-31 01:19 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-31 01:19 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-31 01:15 . 2008-03-31 01:15
2008-03-30 12:41 . 2008-03-31 01:03 1,583,697 —hs---- C:\WINDOWS\system32\corsvndi.ini
2008-03-30 12:41 . 2008-03-30 12:41 114,688 --a------ C:\WINDOWS\system32\natcbqzs.exe
2008-03-30 10:33 . 2008-03-30 10:33
2008-03-30 10:13 . 2008-03-30 10:13
2008-03-30 00:03 . 2008-03-30 00:03
2008-03-30 00:02 . 2008-03-30 00:02
2008-03-30 00:02 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-29 23:42 . 2008-03-29 23:42
2008-03-29 15:42 . 2005-02-12 15:43 245,760 --a------ C:\WINDOWS\system32\vbalColumnTreeView6.ocx
2008-03-29 15:42 . 1999-08-02 16:11 57,344 --a------ C:\WINDOWS\system32\CGZipLibrary.DLL
2008-03-29 15:42 . 2003-01-26 13:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-03-29 15:19 . 2008-03-29 15:19
2008-03-29 15:19 . 2008-03-29 15:19 106,496 --a------ C:\WINDOWS\system32\glafcnax.exe
2008-03-29 02:05 . 2008-03-29 02:05 103 --a------ C:\WINDOWS\pro.INI
2008-03-28 15:38 . 2008-03-28 15:38 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-28 15:36 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-03-28 15:36 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-03-28 15:35 . 2006-05-10 17:48 94,208 -ra------ C:\WINDOWS\KHALMNPR.Exe
2008-03-28 15:35 . 2006-05-10 17:56 71,680 -ra------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-03-28 15:35 . 2006-05-10 17:56 27,264 -ra------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2008-03-28 15:35 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-28 15:35 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-27 20:43 . 2008-03-27 20:43 54,438 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-03-27 20:42 . 2008-03-27 20:43 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-27 20:40 . 2008-03-27 20:40
2008-03-27 20:40 . 2008-03-27 20:43 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-27 19:28 . 2006-03-01 04:53 773,120 --a------ C:\WINDOWS\bubbles.scr
2008-03-27 19:27 . 2006-03-01 05:21 1,263,616 --a------ C:\WINDOWS\aurora.scr
2008-03-27 19:25 . 2006-03-03 14:42 117,248 --a------ C:\WINDOWS\Mystify.scr
2008-03-27 19:23 . 2006-03-01 05:21 117,248 --a------ C:\WINDOWS\ribbons.scr
2008-03-27 17:02 . 2008-03-27 17:02
2008-03-27 17:01 . 2008-03-27 17:02
2008-03-27 16:56 . 2008-03-27 16:56
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 18:43 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-27 16:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-27 16:19 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-18 08:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-07 13:38 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 12:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 17:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 17:42 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-03-18 19:56 337 ----a-w C:\Documents and Settings\Tomikami\Dane aplikacji\internaldb1942.dat
2007-03-14 23:02 13,046 ----a-w C:\Documents and Settings\Tomikami\Dane aplikacji\internaldb5436.dat
2007-03-14 23:02 0 ----a-w C:\Documents and Settings\Tomikami\Dane aplikacji\internaldb4604.dat
2006-12-30 11:35 179,200 ----a-w C:\Documents and Settings\Tomikami\Dane aplikacji\internaldb4827.dat
2006-12-13 16:04 151 ----a-w C:\Documents and Settings\Tomikami\Dane aplikacji\internaldb2807.dat
2006-11-29 20:10 0 ----a-w C:\Documents and Settings\Tomikami\Dane aplikacji\internaldb2391.dat
2006-11-17 14:42 0 ----a-w C:\Documents and Settings\Tomikami\Dane aplikacji\internaldb8253.dat
2006-11-17 14:42 0 ----a-w C:\Documents and Settings\Tomikami\Dane aplikacji\internaldb3902.dat
2006-11-17 14:42 0 ----a-w C:\Documents and Settings\Tomikami\Dane aplikacji\internaldb153.dat
.
------- Sigcheck -------
2007-06-13 14:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe
2007-06-13 14:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-03 22:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{81E9D4F6-5DD8-4F75-9437-A99F46E2B534}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-10-04 22:06 1135968]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 22:44 15360]
“NCLaunch”=“C:\WINDOWS\NCLAUNCH.EXe” [2006-10-30 15:28 40960]
“RocketDock”=“C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe” [2007-03-18 23:05 630784]
“teyfwqxn”=“C:\WINDOWS\system32\glafcnax.exe” [2008-03-29 15:19 106496]
“SpybotSD TeaTimer”=“d:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]
“scibvpqb”=“C:\WINDOWS\system32\natcbqzs.exe” [2008-03-30 12:41 114688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“nwiz”=“nwiz.exe” [2006-03-09 15:29 1519616 C:\WINDOWS\system32\nwiz.exe]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe” [2004-07-27 13:48 1388544]
“SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\smax4.exe” [2004-08-06 08:27 860160]
“cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2006-11-17 11:36 822488]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00 132496]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-12-10 16:57 133016]
“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38 866816]
“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49 20480]
“LClock”=“C:\Program Files\LClock\LClock.exe” [2004-09-20 01:27 65536]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-10-10 07:28 36352]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-03-09 15:29 7561216]
“!AVG Anti-Spyware”=“D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 22:44 15360]
C:\Documents and Settings\Tomikami\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08 180224]
Y’z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14 155648]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-02-22 18:17:17 925696]
GetRight.lnk - D:\Program Files\GetRight\GetRight.exe [2007-03-08 01:51:16 4596808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“SynchronousMachineGroupPolicy”= 0 (0x0)
“SynchronousUserGroupPolicy”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoStrCmpLogical”= 1 (0x1)
“NoResolveSearch”= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSMBalloonTip”= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
“dmdric”= C:\WINDOWS\system32\dmdric.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUmlkKB]
wvUmlkKB.dll
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-03 23:00]
R2 SOFTLOK;SOFTLOK;C:\WINDOWS\system32\drivers\SOFTLOK.sys [2000-03-17 09:07]
R3 N100;Sterownik karty Compaq Ethernet lub karty Fast Ethernet NIC;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-10-26 17:04]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
S1 vdrv8000;vdrv8000;C:\WINDOWS\system32\DRIVERS\vdrv8000.sys []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\autorun_PES2008.exe
.
Contents of the ‘Scheduled Tasks’ folder
“2007-01-20 10:38:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 14:12:42
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2008-03-31 14:14:21 - machine was rebooted [Tomikami]
ComboFix-quarantined-files.txt 2008-03-31 12:14:20
Pre-Run: 685,293,568 bajtów wolnych
Post-Run: 569,966,592 bajt˘w wolnych
.
2008-03-28 14:38:28 — E O F —