ComboFix 08-10-23.08 - Mar 2008-10-24 15:22:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.49 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Mar\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
Error: Cfiles.dat
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
----- BITS: Możliwe zainfekowane strony -----
hxxp://www.hhdsoftware.com
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OULTRAF
-------\Service_oUltraf
((((((((((((((((((((((((( Pliki utworzone od 2008-09-24 do 2008-10-24 )))))))))))))))))))))))))))))))
.
2009-05-25 11:14 . 2008-05-25 11:21
2009-05-25 11:14 . 2009-05-25 11:14
2009-05-25 11:14 . 2006-06-20 10:56 225,280 --a–c— C:\WINNT\system32\rewire.dll
2009-05-25 11:13 . 2002-07-08 00:14 1,294,336 --a------ C:\WINNT\system32\vorbis.acm
2008-10-24 15:28 . 2008-10-24 15:28
2008-10-24 15:28 . 2008-10-24 15:28
2008-10-24 14:30 . 2008-10-24 14:30
2008-10-24 14:30 . 2008-10-24 14:45
2008-10-24 14:27 . 2008-10-24 14:27
2008-10-18 15:52 . 2008-10-18 15:52
2008-10-18 15:52 . 2006-06-02 16:38 425,984 --a------ C:\WINNT\system32\stmcfg32.dll
2008-10-18 15:52 . 2006-06-02 09:01 151,552 --a------ C:\WINNT\system32\stmctrl.dll
2008-10-18 15:51 . 2008-10-18 15:51
2008-10-18 15:51 . 2008-10-18 15:53
2008-10-17 15:10 . 2004-08-03 23:08 26,624 --a------ C:\WINNT\system32\drivers\usbehci.sys
2008-10-17 15:10 . 2004-08-03 23:08 20,480 --a------ C:\WINNT\system32\drivers\usbuhci.sys
2008-10-17 15:10 . 2004-08-04 00:44 7,168 --a------ C:\WINNT\system32\hccoin.dll
2008-10-17 15:01 . 2008-10-17 15:01
2008-10-17 15:01 . 2003-06-24 11:47 104,088 --------- C:\WINNT\system32\drivers\ALiEHCI.SYS
2008-10-17 15:01 . 2001-11-13 21:24 35,587 --------- C:\WINNT\system32\rmusb20.EXE
2008-10-17 15:01 . 2003-01-11 17:20 28,672 --------- C:\WINNT\system32\Unusb20.exe
2008-10-17 15:01 . 2003-06-24 11:54 17,835 --------- C:\WINNT\system32\drivers\ALiHUB.SYS
2008-10-17 15:01 . 2003-06-24 11:53 8,668 --------- C:\WINNT\system32\drivers\ALiGP.SYS
2008-10-17 15:01 . 2003-06-24 11:55 5,337 --------- C:\WINNT\system32\drivers\ALiRTHUB.SYS
2008-10-17 15:01 . 2003-06-24 13:35 635 --a------ C:\WINNT\system32\setup.iss
2008-10-06 21:26 . 2008-10-06 21:26
2008-10-06 21:00 . 2008-10-06 21:01 43,520 --a------ C:\WINNT\system32\CmdLineExt03.dll
2008-10-06 20:59 . 2008-10-06 21:00
2008-10-04 11:15 . 2008-10-04 11:15
2008-10-04 11:13 . 1993-07-23 00:15 398,416 --a------ C:\WINNT\system\VBRUN300.DLL
2008-10-04 11:13 . 1994-09-11 15:15 64,432 --a------ C:\WINNT\system\THREED.VBX
2008-10-04 11:13 . 1993-04-28 00:15 30,112 --a------ C:\WINNT\system\MCI.VBX
2008-10-04 11:13 . 1993-04-28 00:15 18,688 --a------ C:\WINNT\system\CMDIALOG.VBX
2008-10-04 11:13 . 1996-10-26 19:04 12,212 --a------ C:\WINNT\system\VALIDPIC.DLL
2008-10-04 11:13 . 2008-10-04 11:13 40 --a------ C:\WINNT\Benefit.INI
2008-09-28 21:08 . 2008-09-28 21:08
2008-09-28 20:59 . 2008-09-28 20:59
2008-09-28 20:49 . 2008-09-28 22:20
2008-09-28 20:49 . 2008-09-28 20:54
2008-09-26 20:19 . 2008-09-26 20:22
2008-09-26 14:58 . 2008-10-12 14:20
2008-09-26 14:05 . 2008-09-26 14:05
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 13:01 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-10-09 17:22 --------- d-----w C:\Program Files\Programy
2008-10-06 18:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-30 15:59 --------- d-----w C:\Documents and Settings\Mar\Dane aplikacji\uTorrent
2008-09-22 15:23 --------- d-----w C:\Program Files\Trend Micro
2008-09-22 14:13 --------- d-----w C:\Program Files\Java
2008-09-17 14:38 --------- d-----w C:\Documents and Settings\Mar\Dane aplikacji\Nokia
2008-09-17 14:26 --------- d-----w C:\Documents and Settings\Mar\Dane aplikacji\PC Suite
2008-09-17 14:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-09-17 14:23 --------- d-----w C:\Program Files\Nokia
2008-09-17 14:23 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-17 14:23 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-17 14:22 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-09-17 14:22 --------- d-----w C:\Program Files\DIFX
2008-09-17 14:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-09-08 17:43 --------- d-----w C:\Program Files\Optimus Pascal
2008-08-12 19:43 737,280 -c–a-w C:\WINNT\iun6002.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-04-01 486856]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 2131392]
“ctfmon.exe”=“C:\WINNT\system32\ctfmon.exe” [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NeroFilterCheck”=“C:\WINNT\system32\NeroCheck.exe” [2001-07-09 155648]
“AdslTaskBar”=“stmctrl.dll” [2006-06-02 C:\WINNT\system32\stmctrl.dll]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINNT\system32\CTFMON.EXE” [2004-08-04 15360]
“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-06-19 1241088]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nlsf”=“move” [X]
“tscuninstall”=“C:\WINNT\system32\tscupgrd.exe” [2004-08-04 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= i263_32.drv
“aux”= ctwdm32.dll
“msacm.l3acm”= l3codecp.acm
“vidc.XVID”= xvid.dll
“vidc.3iv2”= 3ivxVfWCodec.dll
“msacm.divxa32”= divxa32.acm
“VIDC.HFYU”= huffyuv.dll
“VIDC.i263”= i263_32.drv
“msacm.imc”= imc32.acm
“VIDC.VP31”= vp31vfw.dll
“vidc.ffds”= C:\PROGRA~1\ffdshow\ffdshow.ax
“aux1”= ctwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 11:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
–a------ 2006-08-01 18:04 3313664 C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
–a------ 2007-11-14 12:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:55 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
–a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\uTorrent\uTorrent.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\BearShare\BearShare.exe”=
“C:\Program Files\SopCast\SopCast.exe”=
“C:\Program Files\SopCast\adv\SopAdver.exe”=
“C:\Program Files\SopCast\sopvod.exe”=
“C:\Program Files\TVUPlayer\TVUPlayer.exe”=
“D:\Gry\Fm2008\fm.exe”=
“C:\Program Files\VirtualDJ\virtualdj.exe”=
“D:\Gry\F1 Mania 2008\F1 Challenge 2008.exe”=
“C:\Program Files\Mozilla Firefox\firefox.exe”=
R1 aswSP;avast! Self Protection;C:\WINNT\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINNT\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 Stmatm;ATM/ADSL miniport;C:\WINNT\system32\DRIVERS\stmatm.sys [2003-08-12 60255]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINNT\system32\DRIVERS\torususb.sys [2006-07-05 683791]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{008a1d81-1cf1-11dd-808d-b2015c317f25}]
\Shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5df20842-07c3-11dd-8025-91b88b6b70ca}]
\Shell\AutoRun\command - F:\autorun.exe
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Mar\Dane aplikacji\Mozilla\Firefox\Profiles\wlonica9.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=ie=UTF-8oe=UTF-8q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.onet.pl
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 15:28:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-24 15:35:27 - komputer został uruchomiony ponownie [Mar]
ComboFix-quarantined-files.txt 2008-10-24 13:35:17
Przed: 1,081,090,048 bajtów wolnych
Po: 1,482,956,800 bajtów wolnych
193 — E O F — 2008-07-09 09:35:33
Log z Combo