- Kod: Zaznacz wszystko
ComboFix 08-09-19.09 - bastek 2008-09-20 12:42:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1540 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\bastek\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\eflx.exe
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((( Pliki utworzone od 2008-08-20 do 2008-09-20 )))))))))))))))))))))))))))))))
.
2008-09-20 12:36 . 2008-09-20 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-09-20 12:35 . 2008-09-20 12:35 <DIR> d-------- C:\Program Files\Trojan Remover
2008-09-20 12:35 . 2008-09-20 12:35 <DIR> d-------- C:\Documents and Settings\bastek\Dane aplikacji\Simply Super Software
2008-09-20 12:35 . 2008-09-20 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2008-09-20 12:35 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-09-20 12:35 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-09-20 12:35 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-09-20 12:35 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-09-20 12:35 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-09-20 12:02 . 2008-09-20 12:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 12:02 . 2008-09-20 12:02 <DIR> d-------- C:\Documents and Settings\bastek\Dane aplikacji\Malwarebytes
2008-09-20 12:02 . 2008-09-20 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2008-09-20 12:02 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-20 12:02 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-19 23:07 . 2008-09-20 12:04 <DIR> d-------- C:\Documents and Settings\bastek\Dane aplikacji\TmpRecentIcons
2008-09-19 22:48 . 2008-09-19 22:48 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-09-19 22:48 . 2008-09-20 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-19 22:48 . 2008-09-20 12:46 752,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-19 22:48 . 2008-09-20 12:47 147,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-19 22:48 . 2008-09-19 22:52 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-19 22:48 . 2008-09-19 22:48 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-19 22:48 . 2008-09-20 12:46 8,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-19 22:48 . 2008-09-20 12:47 2,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-19 22:46 . 2008-09-19 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-09-18 20:06 . 2008-09-18 20:06 <DIR> d-------- C:\WINDOWS\Sun
2008-09-18 20:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-18 20:04 . 2008-09-18 20:05 <DIR> d-------- C:\Program Files\Java
2008-09-18 20:02 . 2008-09-18 20:02 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-18 17:29 . 2008-09-18 17:29 <DIR> d-------- C:\WINDOWS\Vbox
2008-09-18 17:29 . 2008-09-18 17:30 <DIR> d-------- C:\Program Files\Derive 6 Trial Edition
2008-09-13 23:18 . 2008-09-13 23:18 <DIR> d-------- C:\Documents and Settings\bastek\Dane aplikacji\SPORE
2008-09-13 22:27 . 2008-09-13 22:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-11 22:56 . 2008-09-11 22:56 112 --a------ C:\WINDOWS\YdpDict.INI
2008-09-11 22:06 . 2008-09-11 22:06 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-11 14:20 . 2008-09-11 14:20 <DIR> d-------- C:\Documents and Settings\bastek\Dane aplikacji\ValuSoft
2008-09-11 14:06 . 2008-09-11 14:06 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-11 13:44 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-09-11 13:44 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-09-11 13:44 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-09-11 13:44 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-09-11 13:43 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-09-11 13:43 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-09-11 13:43 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-09-11 13:43 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-09-11 12:20 . 2008-09-11 12:20 <DIR> d-------- C:\Documents and Settings\bastek\Dane aplikacji\DAEMON Tools
2008-09-11 12:20 . 2008-09-11 12:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-09 12:54 . 2008-09-09 12:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-09 12:53 . 2008-09-09 12:53 <DIR> d-------- C:\WINDOWS\Cache
2008-09-08 20:01 . 2008-09-08 20:01 1,077,336 -r--s---- C:\WINDOWS\system32\MSCOMCTL.OCX
2008-09-08 20:01 . 2008-09-08 20:01 140,488 -r------- C:\WINDOWS\system32\COMDLG32.OCX
2008-09-04 22:46 . 2008-09-04 23:56 <DIR> d-------- C:\Documents and Settings\bastek\Dane aplikacji\U3
2008-09-04 22:46 . 2004-08-03 20:38 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-03 10:27 . 2008-09-03 10:27 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-03 10:27 . 2008-09-03 10:27 <DIR> d-------- C:\Program Files\Serato
2008-08-30 20:12 . 2007-10-23 21:25 487,424 --a------ C:\WINDOWS\system\MSVCP70.DLL
2008-08-30 20:12 . 2007-10-23 21:25 307,200 --a------ C:\WINDOWS\system\msvcr70.dll
2008-08-30 20:11 . 2008-08-30 20:11 <DIR> d-------- C:\Program Files\uTorrent
2008-08-30 20:11 . 2008-09-19 22:46 <DIR> d-------- C:\Documents and Settings\bastek\Dane aplikacji\uTorrent
2008-08-30 20:07 . 2008-08-30 20:07 <DIR> d-------- C:\Program Files\Winamp
2008-08-30 20:07 . 2008-08-30 20:07 <DIR> d-------- C:\Documents and Settings\bastek\Dane aplikacji\Winamp
2008-08-30 20:06 . 2008-08-30 20:06 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-08-30 20:01 . 2008-08-30 20:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-30 19:58 . 2008-08-30 19:58 <DIR> d-------- C:\Documents and Settings\bastek\Dane aplikacji\ATI
2008-08-30 19:58 . 2008-08-30 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI
2008-08-30 19:52 . 2008-08-30 19:52 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-30 19:50 . 2008-08-30 19:56 <DIR> d-------- C:\Program Files\ATI Technologies
2008-08-30 19:04 . 2008-08-30 19:04 <DIR> d-------- C:\Program Files\PowerQuest
2008-08-30 17:18 . 2008-08-30 17:18 <DIR> d-------- C:\Program Files\Atheros
2008-08-30 17:17 . 2008-08-30 17:17 <DIR> d-------- C:\Program Files\Synaptics
2008-08-30 17:17 . 2007-10-23 21:46 193,088 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-08-30 17:17 . 2007-10-23 21:46 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-08-30 17:17 . 2007-10-23 21:46 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-08-30 17:17 . 2004-09-03 09:30 90,112 --a------ C:\WINDOWS\system32\snymsico.dll
2008-08-30 17:17 . 2007-10-23 21:46 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-08-30 17:17 . 2007-10-23 21:46 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2008-08-30 17:17 . 2007-10-23 21:46 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-08-30 17:17 . 2005-07-12 16:30 51,328 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys
2008-08-30 17:17 . 2005-07-14 09:44 27,904 --a------ C:\WINDOWS\system32\drivers\risdptsk.sys
2008-08-30 17:13 . 2008-08-30 17:13 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-08-30 17:13 . 2008-08-30 17:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-08-30 17:13 . 2008-08-30 17:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-08-30 17:11 . 2008-08-30 19:03 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-30 17:11 . 2007-10-23 21:46 16,269,312 --a------ C:\WINDOWS\RTHDCPL.exe
2008-08-30 17:10 . 2008-08-30 17:10 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-08-30 17:10 . 2008-08-30 17:11 <DIR> d-------- C:\Program Files\Realtek
2008-08-30 17:10 . 2007-10-23 21:46 85,120 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-08-30 17:09 . 2008-08-30 17:09 <DIR> d-------- C:\Program Files\Wireless Console 2
2008-08-30 17:09 . 2008-09-13 23:10 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-30 17:09 . 2008-08-30 17:09 <DIR> d-------- C:\Documents and Settings\bastek\Dane aplikacji\InstallShield
2008-08-30 17:09 . 2004-11-18 08:12 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-30 17:06 . 2008-08-30 17:06 <DIR> d-------- C:\WINDOWS\ATK0100
2008-08-30 15:54 . 2007-10-23 21:46 5,632 --a------ C:\WINDOWS\system32\drivers\ATKACPI.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 16:29 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-30 16:29 --------- d-----w C:\Program Files\Ahead
2008-08-30 16:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-08-30 16:15 --------- d-----w C:\Documents and Settings\bastek\Dane aplikacji\Nero
2008-08-30 14:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-30 14:52 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-30 14:52 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-30 14:51 --------- d-----w C:\Program Files\Usługi online
2008-08-30 14:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-29 18:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 16:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2007-10-23 110592]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2006-11-29 1011712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-23 786521]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2006-11-17 348249]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-29 876624]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"SkyTel"="SkyTel.EXE" [2007-10-23 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-01-24 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 10:05 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-10-23 21:46 16269312 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Instalki\\Internet\\Konnekt\\konnekt.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2007-10-23 16269]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 54432]
S3 SeratoUsb;SeratoUsb driver;C:\WINDOWS\system32\Drivers\SeratoUsb.sys [2006-03-16 35712]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
MSConfigStartUp-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-MsUpdate - C:\MsUpdate.exe
MSConfigStartUp-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\bastek\Dane aplikacji\Mozilla\Firefox\Profiles\6yy6py5p.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 12:47:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Czas ukończenia: 2008-09-20 12:49:20 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-09-20 10:49:15
Przed: 5˙006˙241˙792 bajt˘w wolnych
Po: 4,999,213,056 bajt˘w wolnych
199
