ComboFix 09-06-28.02 - Administrator 2009-06-29 13:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.231 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Administrator\Pulpit\CFScript.txt
AV: avast! antivirus 4.7.986 [VPS 000734-2] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\fun.xls.exe
c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\000FC904
c:\program files\myglobalsearch\bar\Cache\0010696A.bin
c:\program files\myglobalsearch\bar\Cache\0010BB72.bin
c:\program files\myglobalsearch\bar\Cache\00110C70.bin
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\windows\system32\algsrvs.exe
c:\windows\system32\explorer.exe
c:\windows\system32\msfun80.exe
c:\windows\system32\msime82.exe
c:\windows\system32\nmdfgds1.dll
c:\windows\ufdata2000.log
D:\Autorun.inf
D:\fun.xls.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-28 do 2009-06-29 )))))))))))))))))))))))))))))))
.
2009-06-29 10:58 . 2009-06-29 10:58 395776 ----a-w- c:\windows\system32\CF18007.exe
2009-06-29 10:54 . 2009-06-29 10:54 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-29 10:27 . 2007-04-18 16:10 23416 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-29 10:27 . 2007-04-18 16:09 43176 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-29 10:27 . 2007-04-18 16:07 26888 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-29 10:27 . 2007-04-18 16:12 85952 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-29 10:27 . 2007-04-18 16:12 94552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-29 10:27 . 2007-04-18 16:06 90112 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-29 10:27 . 2007-04-18 16:16 733824 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-27 15:11 . 2009-06-27 15:11 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\ACDSee
2009-06-27 15:11 . 2009-06-27 15:11 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\ACD Systems
2009-06-27 15:09 . 2009-06-27 15:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ACD Systems
2009-06-27 15:09 . 2009-06-27 15:09 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-06-27 15:09 . 2009-06-27 15:09 -------- d-----w- c:\program files\ACD Systems
2009-06-27 15:09 . 2009-06-27 15:09 -------- d-----w- c:\windows\Downloaded Installations
2009-06-26 18:22 . 2004-08-03 21:08 31616 -c–a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-06-26 18:22 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-15 17:47 . 2009-06-15 17:47 -------- d-----w- c:\program files\Photo!
2009-06-09 14:06 . 2009-06-09 14:06 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Native Instruments
2009-06-09 14:05 . 2009-06-09 14:06 -------- d-----w- c:\program files\Native Instruments
2009-06-07 15:25 . 2009-06-07 15:25 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\313D8
2009-06-06 17:43 . 2009-06-09 11:32 -------- d-----w- c:\program files\BearShare Applications
2009-06-06 16:42 . 2009-06-06 17:16 -------- d-----w- c:\program files\BearShare
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 10:27 . 2009-05-11 13:08 -------- d-----w- c:\program files\Alwil Software
2009-06-29 09:47 . 2009-04-09 10:21 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Winamp
2009-06-14 07:33 . 2009-04-09 10:49 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu
2009-06-12 13:12 . 2009-04-09 09:51 -------- d-----w- c:\program files\Google
2009-05-27 11:07 . 2009-04-09 11:59 -------- d-----w- c:\program files\Lexmark X1100 Series
2009-05-25 13:36 . 2009-04-15 13:35 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-05-14 11:42 . 2009-05-01 07:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-12 14:20 . 2009-05-12 14:20 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-06 16:31 . 2009-04-09 12:12 -------- d-----w- c:\program files\PhotoScape
2009-05-01 07:51 . 2009-05-01 07:51 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\InterTrust
2009-04-30 14:02 . 2009-04-30 14:02 -------- d-----w- c:\program files\Rymówka 1.0
2009-04-15 16:19 . 2009-04-09 10:01 43752 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-11 10:44 . 2009-04-09 09:43 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-09 10:46 . 2001-10-26 18:15 67078 ----a-w- c:\windows\system32\perfc015.dat
2009-04-09 10:46 . 2001-10-26 18:15 435978 ----a-w- c:\windows\system32\perfh015.dat
2009-04-09 10:01 . 2009-04-09 10:01 138 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2009-04-09 09:52 . 2009-04-09 09:52 0 ----a-w- c:\windows\nsreg.dat
2009-04-09 09:41 . 2009-04-09 09:41 21856 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-03 15360]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-06-12 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ATICCC”=“c:\program files\ATI Technologies\ATI.ACE\cli.exe” [2005-08-12 45056]
“SpeedTouch USB Diagnostics”=“c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-03-23 888832]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2009-03-09 37888]
“Lexmark X1100 Series”=“c:\program files\Lexmark X1100 Series\lxbkbmgr.exe” [2003-08-19 57344]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-18 75392]
“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2005-12-19 15797248]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Catalyst System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-12 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Nowe Gadu-Gadu\gg.exe”=
— Inne Usługi/Sterowniki w Pamięci —
*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-wsctf.exe - wsctf.exe
HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe
HKLM-Run-IMJPMIG8.2 - msime82.exe
HKLM-Run-Device Detector - DevDetect.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.bearshare.com/pl/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DFB10FF8-21A2-4868-99FD-181918EB8F79} = 80.240.162.70 80.240.162.114
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y7kh50ml.default\
FF - prefs.js: browser.startup.homepage - hxxp://nasza-klasa.pl/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 13:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.2 = msime82.exe???.
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-06-29 13:12
ComboFix-quarantined-files.txt 2009-06-29 11:12
Przed: 6 479 298 560 bajtów wolnych
Po: 7 267 868 672 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
159
i co dalej ?