ComboFix 09-05-04.A3 - ULA 2009-05-05 20:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1014.460 [GMT 2:00]
Uruchomiony z: c:\documents and settings\ULA\Pulpit\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *enabled*
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-05 do 2009-05-05 )))))))))))))))))))))))))))))))
.
2009-05-04 19:03 . 2009-05-04 19:03 -------- d-----w c:\documents and settings\ULA\Dane aplikacji\Creative
2009-05-04 18:57 . 1999-10-11 01:00 41984 ------w c:\windows\Ctregrun.exe
2009-05-04 18:57 . 2008-04-13 22:09 5504 -c–a-w c:\windows\system32\dllcache\mstee.sys
2009-05-04 18:57 . 2008-04-13 22:09 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-05-04 18:57 . 2008-04-13 22:16 10880 -c–a-w c:\windows\system32\dllcache\ndisip.sys
2009-05-04 18:57 . 2008-04-13 22:16 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
2009-05-04 18:57 . 2008-04-13 22:16 15232 -c–a-w c:\windows\system32\dllcache\streamip.sys
2009-05-04 18:57 . 2008-04-13 22:16 15232 ----a-w c:\windows\system32\drivers\StreamIP.sys
2009-05-04 18:57 . 2008-04-13 22:16 11136 -c–a-w c:\windows\system32\dllcache\slip.sys
2009-05-04 18:57 . 2008-04-13 22:16 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
2009-05-04 18:54 . 2003-03-19 05:19 1060864 ------w c:\windows\system32\MFC71.DLL
2009-05-04 18:52 . 2009-05-04 19:07 -------- d-----w c:\program files\Creative
2009-05-04 13:46 . 2009-03-18 19:51 49152 ----a-w c:\windows\system32\ChCfg.exe
2009-05-04 13:45 . 2009-03-18 19:51 86016 ----a-w c:\windows\SoundMan.exe
2009-05-04 13:45 . 2009-03-18 19:51 1826816 ----a-w c:\windows\SkyTel.exe
2009-05-04 13:45 . 2009-03-18 19:51 1191936 ----a-w c:\windows\RtlUpd.exe
2009-05-04 13:45 . 2009-03-18 19:51 9715200 ----a-w c:\windows\RTLCPL.exe
2009-05-04 13:45 . 2009-03-18 19:51 4424192 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-05-04 13:45 . 2009-03-18 19:51 16132608 ----a-w c:\windows\RTHDCPL.exe
2009-05-04 13:45 . 2009-03-18 19:51 2162688 ----a-w c:\windows\MicCal.exe
2009-05-04 13:45 . 2009-03-18 19:51 2808832 ----a-w c:\windows\alcwzrd.exe
2009-05-04 13:45 . 2009-03-18 19:51 69632 ----a-w c:\windows\Alcmtr.exe
2009-05-04 13:45 . 2009-05-04 13:45 -------- d-----w c:\program files\Realtek
2009-05-04 13:44 . 2009-03-18 19:51 520192 ----a-w c:\windows\RtlExUpd.dll
2009-04-22 08:35 . 2009-04-22 08:35 56 —ha-w c:\windows\system32\ezsidmv.dat
2009-04-22 08:35 . 2009-05-05 15:54 -------- d-----w c:\documents and settings\ULA\Dane aplikacji\skypePM
2009-04-22 08:30 . 2009-05-05 17:54 -------- d-----w c:\documents and settings\ULA\Dane aplikacji\Skype
2009-04-22 08:30 . 2009-04-22 08:30 -------- d-----w c:\program files\Common Files\Skype
2009-04-22 08:30 . 2009-04-22 08:30 -------- d-----r c:\program files\Skype
2009-04-22 08:29 . 2009-04-22 08:30 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-04-12 14:16 . 2009-04-12 14:16 -------- d-----w c:\documents and settings\ULA\Ustawienia lokalne\Dane aplikacji\Ares
2009-04-12 14:16 . 2009-04-12 14:16 -------- d-----w c:\program files\Ares
2009-04-08 14:19 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-08 14:19 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-08 14:19 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-08 14:19 . 2009-04-08 14:20 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-08 14:19 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-08 14:19 . 2009-04-14 09:37 -------- d-----w c:\program files\Spyware Doctor
2009-04-08 14:19 . 2009-04-08 14:19 -------- d-----w c:\documents and settings\ULA\Dane aplikacji\PC Tools
2009-04-08 14:19 . 2009-04-08 14:19 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-04-08 10:26 . 2009-04-08 10:26 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\2DBoy
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 17:56 . 2001-10-26 18:15 75684 ----a-w c:\windows\system32\perfc015.dat
2009-05-05 17:56 . 2001-10-26 18:15 451590 ----a-w c:\windows\system32\perfh015.dat
2009-05-04 18:58 . 2009-03-18 19:51 -------- d–h--w c:\program files\InstallShield Installation Information
2009-05-04 18:56 . 2009-03-18 19:51 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-08 20:40 . 2009-03-25 17:08 -------- d-----w c:\program files\OrCAD_Demo
2009-03-29 10:24 . 2009-03-19 18:08 -------- d-----w c:\program files\BearShare Applications
2009-03-28 14:34 . 2009-03-21 14:18 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-21 14:14 . 2009-03-21 14:14 -------- d-----w c:\program files\NeroInstall.bak
2009-03-21 14:12 . 2009-03-21 14:09 -------- d-----w c:\program files\Common Files\Nero
2009-03-21 14:09 . 2009-03-21 14:09 -------- d-----w c:\program files\Nero
2009-03-20 10:13 . 2009-03-20 10:13 -------- d-----w c:\program files\Real Alternative
2009-03-19 09:02 . 2009-03-19 08:52 -------- d-----w c:\program files\MATLAB71
2009-03-19 08:38 . 2009-03-19 08:38 -------- d-----w c:\program files\Atheros
2009-03-19 08:36 . 2009-03-19 08:36 290816 ----a-w c:\windows\system32\drivers\tifm21.sys
2009-03-18 22:09 . 2009-03-18 15:18 68456 ----a-w c:\documents and settings\ULA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-03-18 22:04 . 2009-03-18 22:04 -------- d-----w c:\program files\Tlen.pl
2009-03-18 20:17 . 2009-03-18 20:17 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-18 20:16 . 2009-03-18 20:16 -------- d-----w c:\program files\Common Files\Adobe
2009-03-18 19:52 . 2009-03-18 19:52 315392 ----a-w c:\windows\HideWin.exe
2009-03-18 19:51 . 2009-03-18 19:51 -------- d-----w c:\program files\Hewlett-Packard
2009-03-18 16:16 . 2009-03-18 16:16 -------- d-----w c:\program files\Elaborate Bytes
2009-03-18 16:13 . 2009-03-18 16:13 0 ----a-w c:\windows\nsreg.dat
2009-03-18 16:05 . 2009-03-18 15:54 -------- d-----w c:\program files\SubEdit-Player
2009-03-18 16:00 . 2009-03-18 15:59 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-18 15:43 . 2009-03-18 15:43 -------- d-----w c:\program files\Broadcom
2009-03-18 15:32 . 2009-03-18 15:32 -------- d-----w c:\program files\Intel
2009-03-18 15:30 . 2009-03-18 15:30 -------- d-----w c:\program files\Microsoft Works
2009-03-18 15:29 . 2009-03-18 15:29 -------- d-----w c:\program files\MSBuild
2009-03-18 11:38 . 2009-05-05 15:37 187766 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1045.dat
2009-03-18 11:37 . 2009-03-18 11:12 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-18 11:13 . 2009-03-18 11:13 -------- d-----w c:\program files\microsoft frontpage
2009-03-18 11:12 . 2001-07-22 00:36 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-18 11:11 . 2009-03-18 11:11 -------- d-----w c:\program files\Usługi online
2009-03-18 11:09 . 2009-03-18 11:09 21856 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-12 15:30 . 2009-03-12 15:30 142504 ----a-w c:\windows\system32\ElbyVCD.dll
2009-03-02 11:41 . 2009-03-02 11:41 29184 ----a-w c:\windows\system32\drivers\VClone.sys
2009-02-17 17:11 . 2009-02-17 17:11 24232 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 . 2009-02-17 13:33 89256 ----a-w c:\windows\system32\ElbyCDIO.dll
2009-02-09 18:56 . 2009-03-18 15:59 67584 ----a-w c:\windows\system32\ff_vfw.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“Komunikator”=“c:\program files\Tlen.pl\tlen.exe” [2009-01-17 5853672]
“IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” [2008-02-28 1828136]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2009-03-27 24103720]
“Creative Live! Cam Manager”=“c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe” [2006-05-31 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 31016]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2009-03-19 142104]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2009-03-19 162584]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2009-03-19 138008]
“VirtualCloneDrive”=“c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” [2009-01-29 52392]
“NeroFilterCheck”=“c:\program files\Common Files\Nero\Lib\NeroCheck.exe” [2008-02-28 570664]
“NBKeyScan”=“c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2008-02-18 2221352]
“AzMixerSel”=“c:\program files\Realtek\InstallShield\AzMixerSel.exe” [2009-03-18 53248]
“AVFX Engine”=“c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe” [2006-06-08 24576]
“V0220Mon.exe”=“c:\windows\V0220Mon.exe” [2006-06-28 32768]
“CreativeTaskScheduler”=“c:\program files\Creative\Shared Files\CTSched.exe” [2006-01-09 53340]
“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2009-03-18 16132608]
c:\documents and settings\ULA\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\Program Files\Skype\Phone\Skype.exe”=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-08 130424]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-04-08 348752]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [2009-05-04 146112]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [2009-05-04 6272]
— Inne Usługi/Sterowniki w Pamięci —
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{00876077-247e-11de-b9ce-001d7208ce04}]
\Shell\AutoRun\command - t.com
\Shell\explore\Command - t.com
\Shell\open\Command - t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0087607c-247e-11de-b9ce-001d7208ce04}]
\Shell\AutoRun\command - t.com
\Shell\explore\Command - t.com
\Shell\open\Command - t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d178b4dd-38de-11de-b9ec-001d7208ce04}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
.
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyServer = 192.168.1.1:3128
IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ULA\Dane aplikacji\Mozilla\Firefox\Profiles\k6rhpr4j.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - prefs.js: network.proxy.ftp - 192.168.1.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.1.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.1.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.1.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 20:19
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\program files\Tlen.pl\hook.dll
.
Czas ukończenia: 2009-05-05 20:20
ComboFix-quarantined-files.txt 2009-05-05 18:20
Przed: 10 228 244 480 bajtów wolnych
Po: 11 394 236 416 bajtów wolnych
195