to za malo wiem ze mam wirusa
– Dodane 16.02.2009 (Pn) 1:03 –
ComboFix 09-02-15.01 - 007 2009-02-16 1:01:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.544 [GMT 1:00]
Uruchomiony z: c:\documents and settings\007\Pulpit\ComboFix.exe
AV: Panda Antivirus 2007 *On-access scanning enabled* (Updated)
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-16 do 2009-02-16 )))))))))))))))))))))))))))))))
.
2009-02-16 00:27 . 2009-02-16 00:39
2009-02-14 21:50 . 2009-02-14 21:50
2009-02-14 21:49 . 2008-11-06 17:37 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-02-14 21:49 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-02-14 21:49 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-02-14 21:49 . 2008-11-06 17:33 684,032 --a------ c:\windows\system32\divx.dll
2009-02-14 21:49 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-02-14 21:49 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-02-14 21:49 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-02-14 21:49 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-02-14 21:49 . 2008-12-11 01:33 86,016 --a------ c:\windows\system32\dpl100.dll
2009-02-14 21:49 . 2009-02-09 19:56 67,584 --a------ c:\windows\system32\ff_vfw.dll
2009-02-14 21:49 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-02-14 21:49 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-02-04 22:08 . 2009-02-04 22:08
2009-02-04 22:08 . 2009-02-04 22:08
2009-02-04 16:16 . 2009-02-04 16:16
2009-02-01 12:35 . 2009-02-01 12:42
2009-02-01 12:35 . 2009-02-06 15:48
2009-01-30 14:53 . 2009-01-30 14:53
2009-01-30 14:53 . 2009-01-30 14:53 227 --a------ c:\windows\HP_CounterReport_Update_HPSU.ini
2009-01-30 14:53 . 2009-01-30 14:53 214 --a------ c:\windows\HP_48BitScanUpdatePatch.ini
2009-01-30 14:48 . 2009-01-30 14:48 221 --a------ c:\windows\HP_RedboxHprblog_HPSU.ini
2009-01-30 14:45 . 2009-01-30 14:49
2009-01-25 19:28 . 2009-01-25 19:28
2009-01-25 19:28 . 2009-01-25 19:28 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-01-25 19:28 . 2009-01-25 19:28 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-01-21 17:11 . 2009-01-21 17:11 473,600 --a------ c:\windows\system32\SkanerOnline.dll
2009-01-19 18:09 . 2009-01-19 18:09
2009-01-19 18:01 . 2009-01-19 18:01
2009-01-19 18:01 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-01-19 18:01 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2009-01-19 18:01 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2009-01-19 17:30 . 2009-01-20 18:52
2009-01-19 17:25 . 2009-01-19 17:30
2009-01-19 15:58 . 2009-01-19 15:58 14,788 --a------ c:\windows\FontData.fdb
2009-01-19 10:06 . 2009-01-19 10:06
2009-01-19 10:06 . 2009-02-06 23:34 2,516 --ahs---- c:\documents and settings\All Users\Dane aplikacji\KGyGaAvL.sys
2009-01-19 10:06 . 2009-02-06 23:34 88 -r-hs---- c:\documents and settings\All Users\Dane aplikacji\040460B433.sys
2009-01-18 13:41 . 2009-01-18 13:41
2009-01-18 13:41 . 2009-01-22 11:10
2009-01-18 13:39 . 2009-01-18 13:39
2009-01-18 12:10 . 2009-01-18 12:10
2009-01-18 12:10 . 2009-01-18 12:10
2009-01-18 12:10 . 2009-01-20 16:01
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 23:23 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-15 23:04 --------- d-----w c:\documents and settings\007\Dane aplikacji\skypePM
2009-02-14 20:49 --------- d-----w c:\program files\Programy
2009-01-30 14:08 --------- d-----w c:\program files\HP
2009-01-30 13:48 139,264 ----a-w c:\windows\system32\hpzjrd01.dll
2009-01-19 17:04 --------- d–h--w c:\program files\InstallShield Installation Information
2009-01-11 11:25 163,644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-01-08 10:48 --------- d-----w c:\documents and settings\007\Dane aplikacji\HP
2009-01-08 10:18 --------- d-----w c:\program files\Common Files\HP
2009-01-08 10:18 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP
2009-01-08 10:15 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-01-08 09:16 --------- d-----w c:\program files\Common Files\Adobe
2009-01-07 21:09 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-07 21:04 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\KONAMI
2009-01-07 20:14 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-07 20:14 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-07 20:08 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-07 20:08 --------- d-----w c:\documents and settings\007\Dane aplikacji\DAEMON Tools
2009-01-07 18:46 --------- d-----w c:\program files\Microsoft Works
2009-01-07 18:46 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-01-04 17:30 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-04 17:30 --------- d-----w c:\program files\Java
2009-01-04 13:28 --------- d-----w c:\documents and settings\007\Dane aplikacji\HTML Executable
2009-01-04 13:27 --------- d-----w c:\documents and settings\007\Dane aplikacji\Gadu-Gadu
2009-01-04 12:52 --------- d-----w c:\program files\Panda Software
2009-01-04 12:36 --------- d-----w c:\program files\ATI Technologies
2009-01-04 12:36 --------- d-----w c:\program files\ATI
2009-01-04 11:54 --------- d-----w c:\program files\Realtek Sound Manager
2009-01-04 11:54 --------- d-----w c:\program files\AvRack
2009-01-04 11:53 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-04 11:53 --------- d-----w c:\program files\AMD
2009-01-04 11:52 4,096 ----a-w c:\windows\gdrv.sys
2009-01-04 11:30 --------- d-----w c:\program files\Usługi online
2009-01-04 10:44 --------- d-----w c:\program files\microsoft frontpage
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 13:35 593,920 ------w c:\windows\system32\ati2sgag.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-04 15360]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2008-08-08 490952]
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-08-29 61440]
“APVXDWIN”=“c:\program files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE” [2007-01-25 321072]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-01-04 136600]
“Adobe Reader Speed Launcher”=“c:\program files\Programy\Adobe\Reader\Reader_sl.exe” [2008-06-12 34672]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-05-08 54840]
“SoundMan”=“SOUNDMAN.EXE” [2004-12-22 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-04 15360]
c:\documents and settings\007\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2006-07-14 13:46 45056 c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“d:\Gry\Pes2009\pes2009.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“c:\Program Files\Vuze\Azureus.exe”=
“d:\Gry\007\JB_LiveEngine_s.exe”=
“c:\Program Files\Programy\Gadu-Gadu\gg.exe”=
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\panda software\panda antivirus 2007\pavlsp.dll
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\007\Dane aplikacji\Mozilla\Firefox\Profiles\gvq3ummp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Programy\Adobe\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Programy\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\Programy\mozilla\plugins\npganymedenet.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 01:01:58
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
.
Czas ukończenia: 2009-02-16 1:02:55
ComboFix-quarantined-files.txt 2009-02-16 00:02:36
Przed: 505 737 216 bajtów wolnych
Po: 713,834,496 bajtów wolnych
198 — E O F — 2009-01-06 09:01:44