- Kod: Zaznacz wszystko
ComboFix 08-10-21.05 - SDM 2008-10-22 18:53:12.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.356 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\SDM\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\msxml71.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-22 do 2008-10-22 )))))))))))))))))))))))))))))))
.
2008-10-22 17:00 . 2008-10-22 17:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Ulubione
2008-10-22 16:49 . 2008-10-22 16:49 <DIR> d-------- C:\Documents and Settings\SDM\Dane aplikacji\VirusRemover2008
2008-10-22 16:14 . 2008-10-22 16:13 55,296 --a------ C:\WINDOWS\system32\oWmhen0g.exe
2008-10-20 14:33 . 2008-10-20 14:33 <DIR> d-------- C:\Program Files\xp-AntiSpy
2008-10-15 17:07 . 2008-10-15 18:08 <DIR> d-------- C:\CYBERTECH
2008-10-13 19:48 . 2008-10-19 09:40 <DIR> d-------- C:\Program Files\CCleaner
2008-10-13 19:47 . 2008-10-13 19:47 <DIR> d-------- C:\Program Files\LD-Anime
2008-09-30 15:11 . 2008-09-30 15:11 <DIR> d-------- C:\Program Files\uTorrent
2008-09-30 15:11 . 2008-10-22 18:48 <DIR> d-------- C:\Documents and Settings\SDM\Dane aplikacji\uTorrent
2008-09-29 18:49 . 2008-09-29 18:49 <DIR> d-------- C:\Documents and Settings\SDM\DoctorWeb
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 15:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-10-22 15:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-20 12:51 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-09-29 15:36 395,794 ----a-w C:\SztuczkiWindows.zip
2008-09-07 16:57 66,048 ----a-w C:\mbr.exe
2008-09-05 05:54 43,008 ----a-w C:\sysdbby.exe
2008-09-05 05:41 43,008 ----a-w C:\systqge.exe
.
------- Sigcheck -------
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\tcpip.sys
2008-10-20 14:51 360320 4395ca9fca8d70149cc209d42cc189cf C:\WINDOWS\system32\dllcache\tcpip.sys
2008-10-20 14:51 360320 4395ca9fca8d70149cc209d42cc189cf C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot_2008-09-28_15.40.23.83 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-04 18:16:46 1,887,080 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Remote Controller.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Remote Controller.lnk
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Scheduler.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Scheduler.lnk
backup=C:\WINDOWS\pss\Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^SDM^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\SDM\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:55 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
--a------ 2001-08-03 18:56 159800 C:\WINDOWS\PowerS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"E:\\eMule\\emule.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2003-03-26 99334]
R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2001-02-03 22288]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2001-02-03 12632]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2001-04-27 38946]
.
Zawartość folderu 'Zaplanowane zadania'
2008-10-22 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
2008-10-22 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\oWmhen0g.exe [2008-10-22 16:13]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-Google Update - C:\Documents and Settings\SDM\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Gadu-Gadu - E:\Program Files\Gadu-Gadu\gg.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\SDM\Dane aplikacji\Mozilla\Firefox\Profiles\3gcyrjrg.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1408409&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 18:54:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
C:\DOCUME~1\SDM\USTAWI~1\Temp\RGI5.tmp
skanowanie pomyślnie ukończone
ukryte pliki: 1
**************************************************************************
.
Czas ukończenia: 2008-10-22 18:56:28
ComboFix-quarantined-files.txt 2008-10-22 16:56:25
ComboFix2.txt 2008-09-07 17:13:37
ComboFix3.txt 2008-07-21 15:11:25
ComboFix4.txt 2008-07-21 14:44:36
Przed: 1 866 043 392 bajtów wolnych
Po: 1,859,371,008 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
176 --- E O F --- 2008-09-10 17:21:32
