ComboFix 08-04-11.8 - Łukasz 2008-04-12 15:56:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1436 [GMT 1:00]
Running from: D:\Instalki\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.
2008-04-09 13:00 . 2008-04-09 13:00 98,927 --a------ C:\WINDOWS\hpqins16.dat
2008-04-03 01:10 . 2008-03-29 18:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 01:10 . 2008-03-29 18:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-24 21:56 . 2008-03-24 21:56
2008-03-13 15:35 . 2008-03-13 15:35
2008-03-13 15:19 . 2008-03-13 15:19
2008-03-13 14:17 . 2008-03-13 14:17
2008-03-13 14:16 . 2008-03-13 14:16
2008-03-13 14:16 . 2008-03-13 14:17
2008-03-13 14:16 . 2008-03-13 14:16
2008-03-13 14:05 . 2008-03-13 14:22
2008-03-13 14:05 . 2008-01-08 21:00 799,424 -ra------ C:\WINDOWS\system32\tmp30A.tmp
2008-03-13 14:05 . 2008-01-08 21:00 799,424 -ra------ C:\WINDOWS\system32\tmp309.tmp
2008-03-13 13:57 . 2008-03-13 13:57
2008-03-13 13:47 . 2007-03-12 17:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-03-13 13:46 . 2008-03-13 13:46
2008-03-13 13:46 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-13 02:34 . 2008-03-13 02:34
2008-03-13 02:34 . 2008-03-13 02:34
2008-03-13 02:34 . 2008-03-13 02:34
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 14:53 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Skype
2008-04-12 11:03 --------- d-----w C:\Program Files\Kalendarz XP
2008-04-12 10:54 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\skypePM
2008-04-12 01:51 3,145,728 ----a-w C:\Documents and Settings\Łukasz\ntuser.dat
2008-04-12 01:51 3,145,728 ----a-w C:\Documents and Settings\Łukasz\ntuser.dat
2008-04-10 11:38 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\SiteAdvisor
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 10:28 --------- d-----w C:\Program Files\Java
2008-03-13 14:35 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Command Conquer 3 Tiberium Wars
2008-03-13 13:17 --------- d–h--r C:\Documents and Settings\Łukasz\Dane aplikacji\SecuROM
2008-03-13 13:05 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-13 13:05 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-13 12:55 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-03-13 01:34 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\InterTrust
2008-03-09 18:40 --------- d-----w C:\Program Files\THQ
2008-03-02 19:12 --------- d-----w C:\Program Files\Blitzkrieg 2
2008-03-02 15:38 --------- d-----w C:\Program Files\SkanerOnline
2008-02-26 13:18 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-25 17:15 --------- d-----w C:\Documents and Settings\Łukasz\Dane aplikacji\Image Zone Express
2008-02-23 01:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 16:17 --------- d-----w C:\Program Files\Lavalys
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-31 18:28 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 17:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-12-13 17:49 1185120]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 17:49 1185120]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00 15360]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-12-12 15:20 21686568]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-04-06 15:37 68856]
“Creative WebCam Tray”=“C:\Program Files\Creative\Shared Files\CamTray.exe” [2005-10-27 11:00 299008]
“D:\Instalki\NetMeter\NetMeter.exe”=“D:\Instalki\NetMeter\NetMeter.exe” [2007-08-11 15:50 331264]
“PC Suite Tray”=“D:\Instalki\Nokia PC Suite 6\PCSuite.exe” [2007-12-10 10:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RTHDCPL”=“RTHDCPL.EXE” [2006-08-14 07:00 16050176 C:\WINDOWS\RTHDCPL.exe]
“SkyTel”=“SkyTel.EXE” [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
“JMB36X Configure”=“C:\WINDOWS\system32\JMRaidTool.exe” [2006-04-06 14:00 385024]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 12:35 90112]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 18:37 79224]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]
“SiteAdvisor”=“C:\Program Files\SiteAdvisor\6253\SiteAdv.exe” [2007-12-04 22:03 36640]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 13:00 15360]
“Nokia.PCSync”=“D:\Instalki\Nokia PC Suite 6\PcSync2.exe” [2007-11-07 17:35 1294336]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-12-28 23:20:21 882176]
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=
“C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“D:\Instalki\Ares\Ares.exe”=
“C:\Program Files\Creative\eMule\emule.exe”=
“D:\gry\Splinter Cell Pandora Tomorrow\pandora.exe”=
“C:\Program Files\Eidos\Conflict Denied Ops\ConflictDeniedOps.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 18:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{031a254a-b586-11dc-8718-00155860d008}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{031a254b-b586-11dc-8718-00155860d008}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7b3cfa62-b592-11dc-8719-00155860d007}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c8517f66-b594-11dc-871a-b6d71aca7e00}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c8517f68-b594-11dc-871a-b6d71aca7e00}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{db2f231f-b589-11dc-9a05-806d6172696f}]
\Shell\AutoRun\command - F:\Launch.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 15:57:28
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“D:\Instalki\NetMeter\NetMeter.exe”=“D:\Instalki\NetMeter\NetMeter.exe”
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
“ImagePath”="??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
- C:\Program Files\SiteAdvisor\6253\saHook.dll
.
Completion time: 2008-04-12 15:57:44
ComboFix-quarantined-files.txt 2008-04-12 14:57:39
Pre-Run: 72,332,132,352 bajtów wolnych
Post-Run: 72,330,649,600 bajtów wolnych
.
2008-04-12 01:51:05 — E O F —
Pobrałem Combofix i przeskanowałem.Czy to o te logi chodziło?Jeszcze nic nie robiłem z wpisemO8 - Extra context menu item: Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Co powinienem teraz zrobic?