“Waciciel” - 2005-05-07 16:50:24 Dodatek Service Pack. 1 ComboFix 07-05.07.3.V - Running from: “F:” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\7017A074.EXE C:\WINDOWS\system32\7017A074.dll C:\DOCUME~1\LOCALS~1.ZAR\DANEAP~1\netmon\log.txt C:\DOCUME~1\LOCALS~1.ZAR\DANEAP~1\netmon\domains.txt C:\DOCUME~1\LOCALS~1.ZAR\DANEAP~1\netmon C:\Program Files\Common Files{D4559~1 C:\Program Files\Common Files{D4559~2 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\C\WINDOWS\system32\WNSXS~1 ((((((((((((((((((((((((((((((( Files Created from 2005-04-07 to 2005-05-07 )))))))))))))))))))))))))))))))))) (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\7017A074.EXE C:\WINDOWS\system32\7017A074.dll C:\DOCUME~1\LOCALS~1.ZAR\DANEAP~1\netmon\log.txt C:\DOCUME~1\LOCALS~1.ZAR\DANEAP~1\netmon\domains.txt C:\DOCUME~1\LOCALS~1.ZAR\DANEAP~1\netmon C:\Program Files\Common Files{D4559~1 C:\Program Files\Common Files{D4559~2 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\C\WINDOWS\system32\WNSXS~1 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\C\WINDOWS\system32\WNSXS~1 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\C\WINDOWS\system32\WNSXS~1 C:\qoobox\purity\C\WINDOWS\system32\WNSXS~1\W?nSxS ((((((((((((((((((((((((((((((( Files Created from 2005-04-07 to 2005-05-07 )))))))))))))))))))))))))))))))))) 2005-05-31 00:58 28,160 --a------ C:\WINDOWS\system32\drivers\ATITool.sys 2005-05-31 00:58 28,160 --a------ C:\WINDOWS\system32\drivers\ATITool.sys 2005-05-07 06:38 73,728 --a------ C:\KillBox.exe 2005-05-07 06:38 73,728 --a------ C:\KillBox.exe 2005-05-07 06:38 2005-05-07 06:38 2005-05-06 20:44 2005-05-06 20:44 2005-05-06 20:44 2005-05-06 20:44 2005-05-06 20:44 2005-05-06 20:44 2005-05-06 07:30 14,075 --a------ C:\WINDOWS\system32\DDB7CA10.exe 2005-05-06 07:30 14,075 --a------ C:\WINDOWS\system32\DDB7CA10.exe 2005-04-28 15:26 2005-04-28 15:26 2005-04-28 14:43 218,112 --a------ C:\Program Files\HijackThis.exe 2005-04-28 14:43 218,112 --a------ C:\Program Files\HijackThis.exe 2005-04-27 18:43 0 --a------ C:\WINDOWS\system32\SBRC.dat 2005-04-27 18:43 0 --a------ C:\WINDOWS\system32\SBRC.dat 2005-04-27 18:43 0 --a------ C:\WINDOWS\system32\SBFC.dat 2005-04-27 18:43 0 --a------ C:\WINDOWS\system32\SBFC.dat 2005-04-25 22:36 0 --a------ C:\WINDOWS\PowerReg.dat 2005-04-25 22:36 0 --a------ C:\WINDOWS\PowerReg.dat 2005-04-25 22:36 0 --a------ C:\CONFIG.SYS 2005-04-25 22:36 0 --a------ C:\CONFIG.SYS 2005-04-25 22:35 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2005-04-25 22:35 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2005-04-25 16:30 11,329 --a------ C:\WINDOWS\system32\2F072152.DLL 2005-04-25 16:30 11,329 --a------ C:\WINDOWS\system32\2F072152.DLL (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-04 19:35:50 -------- d-----w C:\Program Files\Canon 2007-05-01 08:40:52 -------- d-----w C:\Program Files\backups 2007-04-25 05:02:06 -------- d-----w C:\Program Files\Media Player Classic 2007-04-24 21:14:04 464 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-04-24 21:14:04 464 ----a-w C:\WINDOWS\system32\DivX.dll 2007-04-19 16:31:30 51,202 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-04-19 16:31:30 358,536 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-03 19:35:30 -------- d-----w C:\Program Files\illiminable 2007-03-20 18:33:18 -------- d-----w C:\Program Files\MYIE2 2007-03-17 09:18:52 -------- d-----w C:\Program Files\SkanerOnline 2007-03-15 18:30:06 -------- d-----w C:\Program Files\Common Files\Canon 2007-02-16 14:13:20 1,241 ----a-w C:\WINDOWS\unins002.dat 2007-02-08 18:25:56 110,592 ----a-w C:\WINDOWS\system32\duninstall.exe 2007-02-05 16:08:54 -------- d-----w C:\Program Files\DAEMON Tools 2007-02-05 16:06:54 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-02-01 17:22:40 4 ----a-w C:\WINDOWS\system32\proc-220146841.bin 2007-01-24 18:02:18 7,064 ----a-w C:\WINDOWS\unins000.dat 2007-01-24 18:02:06 669,002 ----a-w C:\WINDOWS\unins000.exe 2007-01-19 09:01:52 -------- d-----w C:\Program Files\Winamp 2007-01-19 07:40:42 89,088 ----a-w C:\WINDOWS\system32\SkanerOnlineUninstall.exe 2007-01-05 16:07:08 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-01-05 16:07:08 221,184 ----a-w C:\WINDOWS\system32\UAService7.exe 2006-12-31 20:34:40 52,736 ----a-w C:\WINDOWS\ipuninst.exe 2006-11-13 16:51:48 1,430 ----a-w C:\WINDOWS\system32\tmp.reg 2006-11-12 19:00:58 -------- d-----w C:\Program Files\Alcohol Soft 2006-10-23 19:18:46 239 ----a-w C:\WINDOWS_system.dat 2006-10-07 19:55:20 445 ----a-w C:\WINDOWS\EntPack.dat 2006-10-02 16:11:16 8,464 ----a-w C:\WINDOWS\system32\sporder.dll 2006-10-02 15:24:48 -------- d-----w C:\Program Files\TGTSoft 2006-09-11 14:54:48 -------- d-----w C:\Program Files\Elaborate Bytes 2006-09-05 15:31:06 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll 2006-09-05 15:31:06 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll 2006-09-05 15:31:06 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll 2006-09-04 19:47:30 807 ----a-w C:\WINDOWS\unins001.dat 2006-08-22 09:03:02 -------- d-----w C:\Program Files\Real Alternative 2006-08-05 13:26:16 -------- d-----w C:\Program Files\ACD Systems 2006-08-04 21:22:38 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll 2006-08-04 21:22:00 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll 2006-08-04 21:21:12 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll 2006-08-04 21:21:04 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll 2006-08-04 21:21:00 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll 2006-08-04 21:19:34 155,648 ----a-w C:\WINDOWS\system32\xvidvfw.dll 2006-08-04 21:19:04 626,688 ----a-w C:\WINDOWS\system32\xvid.dll 2006-08-04 20:31:08 -------- d-----w C:\Program Files\Przeglądarka migawek 2006-08-04 20:22:58 2,560 ----a-w C:\WINDOWS_MSRSTRT.EXE 2006-08-03 22:23:38 1,167 ----a-w C:\WINDOWS\system32\zdy899e9.sys 2006-08-03 22:23:06 -------- d-----w C:\Program Files\Common Files\iokz 2006-08-01 20:00:14 -------- d-----w C:\Program Files\Common Files\ACD Systems 2006-07-30 14:27:04 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe 2006-07-30 14:19:00 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2006-07-13 17:44:44 29,184 ----a-w C:\WINDOWS\system32\AH6XL32.dll 2006-07-12 19:27:34 90,240 ----a-w C:\WINDOWS\system32\drivers\sptd3181.sys 2006-07-12 19:03:54 3,399 ----a-w C:\WINDOWS\system32\sdbackup.reg 2006-06-18 13:54:08 36,864 ----a-w C:\WINDOWS\system32\frapsvid.dll 2006-06-06 17:26:06 796,672 ----a-w C:\WINDOWS\GPInstall.exe 2006-06-06 17:25:38 -------- d-----w C:\Program Files\ATITool 2006-05-24 23:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2006-05-14 18:44:14 12,288 ----a-w C:\WINDOWS\d3dx.dat 2006-05-03 16:54:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2006-05-03 16:51:00 258,048 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2006-05-03 16:50:42 1,540,608 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2006-05-03 16:45:36 114,688 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2006-05-03 16:45:22 77,824 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2006-05-03 16:45:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2006-05-03 16:45:08 41,984 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2006-05-03 16:44:56 61,440 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2006-05-03 16:43:46 413,696 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2006-05-03 16:43:14 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2006-05-03 16:35:26 2,693,280 ----a-w C:\WINDOWS\system32\ati3duag.dll 2006-05-03 16:29:14 1,408,000 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2006-05-03 16:21:20 6,684,672 ----a-w C:\WINDOWS\system32\atioglx1.dll 2006-05-03 16:18:04 5,033,984 ----a-w C:\WINDOWS\system32\atioglxx.dll 2006-05-03 16:15:58 151,552 ----a-w C:\WINDOWS\system32\atikvmag.dll 2006-05-03 16:15:10 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2006-05-03 16:12:26 286,720 ----a-w C:\WINDOWS\system32\ATIDEMGR.dll 2006-05-03 16:09:20 282,624 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2006-04-28 20:05:14 127,614 ----a-w C:\WINDOWS\system32\atiicdxx.dat 2006-04-16 19:20:00 -------- d-----w C:\Program Files\directx 2006-04-11 16:05:54 -------- d–h--w C:\Program Files\WindowsUpdate 2006-04-11 14:40:50 -------- d-----w C:\Program Files\Common Files\NSV 2006-03-18 18:20:54 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2006-03-15 19:01:10 -------- d-----w C:\Program Files\Common Files\EasyInfo 2006-03-03 10:31:26 1,047,552 ----a-w C:\WINDOWS\system32\OICDataPacketLib.dll 2006-02-22 07:15:00 380,928 ----a-w C:\WINDOWS\system32\atiicdxx.dll 2006-02-22 07:13:56 6,144 ----a-w C:\WINDOWS\system32\atiicdxx.sys 2006-02-22 07:13:48 348,160 ----a-w C:\WINDOWS\system32\aticds10.dll 2006-02-22 00:05:00 61,440 ----a-w C:\WINDOWS\system32\atiphexx.exe 2006-02-22 00:05:00 36,864 ----a-w C:\WINDOWS\system32\atiiprxx.exe 2006-02-22 00:05:00 344,064 ----a-w C:\WINDOWS\system32\atiptaxx.exe 2006-02-22 00:05:00 274,432 ----a-w C:\WINDOWS\system32\atipdsxx.dll 2006-02-22 00:05:00 2,060,288 ----a-w C:\WINDOWS\system32\atipuixx.dll 2006-02-22 00:05:00 139,264 ----a-w C:\WINDOWS\system32\atiprbxx.exe 2006-02-22 00:05:00 114,688 ----a-w C:\WINDOWS\system32\atippaxx.dll 2006-02-22 00:05:00 1,830,912 ----a-w C:\WINDOWS\system32\atiadaxx.exe 2006-02-16 17:42:18 13,365 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys 2006-02-16 17:35:22 -------- d-----w C:\Program Files\ffdshow 2006-02-16 17:07:44 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2006-02-15 20:16:22 61,440 ----a-w C:\WINDOWS\system32\madCHook.dll 2006-02-15 16:13:22 222 ----a-w C:\AUTOEXEC.BAT 2006-02-14 20:49:52 1,668 --sh–r C:\MSDOS.SYS 2006-02-14 20:45:58 10,443 --sh–w C:\SUHDLOG.DAT 2006-02-07 13:53:00 61,440 ----a-w C:\WINDOWS\system32\mp4_vcodec.dll 2006-01-09 11:27:00 679,936 ----a-w C:\WINDOWS\system32\fun_mp4_enc.dll 2005-12-30 18:13:16 -------- d-----w C:\Program Files\Common Files\Nero 2005-12-30 18:10:54 -------- d-----w C:\Program Files\Common Files\Ahead 2005-12-15 18:42:12 9,600 ----a-r C:\WINDOWS\system32\drivers\vmnetadapter.sys 2005-12-15 18:42:12 5,120 ----a-r C:\WINDOWS\system32\vnetinst.dll 2005-12-15 18:42:12 10,240 ----a-r C:\WINDOWS\system32\drivers\vmnet.sys 2005-12-10 19:36:54 -------- d-----w C:\Program Files\Common Files\DirectX 2005-12-08 19:12:16 -------- d-----w C:\Program Files\AV VCS 3.0 2005-11-29 14:17:56 2,067,140 ----a-r C:\WINDOWS\system32\avcodec.dll 2005-11-03 11:01:10 6,144 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2005-10-26 19:12:50 20,640 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys 2005-10-21 17:47:02 -------- d-----w C:\Program Files\Common Files\Siemens AG Shared 2005-10-08 22:05:16 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS 2005-09-26 15:15:12 -------- d-----w C:\Program Files\Gadu-Gadu 2005-09-16 15:35:32 -------- d-----w C:\Program Files\Lavasoft 2005-09-16 14:39:50 -------- d-----w C:\Program Files\PLANET WL-8310 2005-09-16 14:26:26 -------- d-----w C:\Program Files\C-Media 3D Audio 2005-09-16 14:19:28 -------- d–h--w C:\Program Files\InstallShield Installation Information 2005-09-16 14:18:34 -------- d-----w C:\Program Files\Common Files\InstallShield 2005-09-16 14:12:12 -------- d-----w C:\Program Files\microsoft frontpage 2005-09-16 14:09:52 -------- d-----w C:\Program Files\Common Files\MSSoap 2005-09-16 14:09:46 -------- d-----w C:\Program Files\Movie Maker 2005-09-16 14:08:08 -------- d-----w C:\Program Files\MSN Gaming Zone 2005-09-16 14:07:42 -------- d-----w C:\Program Files\Windows NT 2005-09-16 14:02:58 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2005-07-22 17:57:48 62,672 ----a-w C:\WINDOWS\system32\dxdllreg.exe 2005-07-21 11:33:30 2,846,720 ----a-w C:\WINDOWS\system32\NCTAudioCompress3.dll 2005-07-19 15:53:48 249,856 ----a-w C:\WINDOWS\system32\NCTQuickTimeFile.dll 2005-07-08 16:31:48 495,104 ----a-w C:\WINDOWS\system32\NCTVideoCoreM.dll 2005-07-02 14:33:18 520,192 ----a-w C:\WINDOWS\system32\AVmmfecd.exe 2005-07-01 16:09:00 215,552 ----a-w C:\WINDOWS\system32\NCTWMVFile.dll 2005-06-29 14:28:40 188,416 ----a-w C:\WINDOWS\system32\NCTVideoFile.dll 2005-06-07 16:11:26 382,464 ----a-w C:\WINDOWS\system32\NCTAVIFile.dll 2005-06-01 10:16:22 778,240 ----a-w C:\WINDOWS\system32\NCTAudioCompress2.dll 2005-06-01 10:11:04 877,568 ----a-w C:\WINDOWS\system32\NCTAudioFile2.dll 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll 2005-05-25 13:24:00 764,416 ----a-w C:\WINDOWS\system32\NCTRMFile.dll 2005-05-07 15:16:54 1 ----a-w C:\WINDOWS\system32\index.dat 2005-04-14 17:07:48 780,288 ----a-w C:\WINDOWS\system32\NCTVideoCompress.dll 2005-03-11 21:48:14 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe 2005-03-11 21:48:14 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe 2005-03-11 21:28:34 151,552 ------w C:\WINDOWS\system32\pxwma.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] “{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}”=“E:\PROGRAMY\FLASHGET\jccatch.dll” “{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=“C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” “{F156768E-81EF-470C-9057-481BA8380DBA}”=“E:\PROGRAMY\FLASHGET\getflash.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “BearShare”="“E:\Programy\BearShare\BearShare.exe” /pause" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=“C:\Program Files\SUPERAntiSpyware\SASSEH.DLL” HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.windows^menu start^programy^autostart^uninstall.exe C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Uninstall.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!avg anti-spyware “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atipta atiptaxx.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools-1033 “C:\Program Files\D-Tools\daemon.exe” -lang 1033 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\new.net startup rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stylexp C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2005-05-07 17:19:52 Windows 5.1.2600 Dodatek Service Pack. 1 FAT scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2005-05-07 17:19:58 C:\ComboFix-quarantined-files.txt … 2005-05-07 17:20
znalazlem tplik o tej nazwie w "C:\WINDOWS\system32\DDB7CA10.exe"ale po usunieciu i tak sie “tworzy” z powrotem.
mysle ze juz dzis go naprawie 
