Log z combofix:
- Kod: Zaznacz wszystko
:
ComboFix 08-03-05.3 - Redzi 2008-03-06 18:40:50.1 - NTFSx86
Running from: C:\Documents and Settings\Redzi\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Start\Programy\ADSTechnology
C:\Documents and Settings\All Users\Menu Start\Programy\ADSTechnology\ADSTechnology.lnk
C:\Documents and Settings\All Users\Menu Start\Programy\ADSTechnology\Uninstall.lnk
C:\Documents and Settings\Redzi\Dane aplikacji\inst.exe
C:\Program Files\ADSTechnology
C:\Program Files\ADSTechnology\ADSTechnology.dll
C:\Program Files\ADSTechnology\ADSTechnology.exe
C:\Program Files\ADSTechnology\Uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.
2008-03-05 08:51 . 2008-03-05 08:51 <DIR> d-------- C:\RMG
2008-02-28 21:20 . 2008-02-28 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-02-28 21:19 . 2008-02-28 21:19 <DIR> d-------- C:\Program Files\Cake Mania 2
2008-02-25 20:31 . 2008-02-25 20:31 <DIR> d-------- C:\Documents and Settings\Redzi\Dane aplikacji\Locktime
2008-02-25 20:27 . 2008-02-25 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Locktime
2008-02-25 01:40 . 2008-02-25 01:48 <DIR> d-------- C:\Program Files\NetProject
2008-02-25 01:13 . 2008-02-25 01:13 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-02-25 01:13 . 2008-02-25 01:13 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-02-25 01:13 . 2008-02-28 21:01 <DIR> d-------- C:\Program Files\Cake Mania
2008-02-25 01:13 . 2008-02-25 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games
2008-02-24 23:31 . 2008-02-24 23:31 <DIR> d-------- C:\Program Files\SopCast
2008-02-24 22:12 . 2008-02-24 22:18 <DIR> d-------- C:\dvbdream
2008-02-24 20:41 . 2008-02-24 22:49 <DIR> d-------- C:\Program Files\TVUPlayer
2008-02-24 20:41 . 2008-02-24 20:41 <DIR> d-------- C:\Documents and Settings\Redzi\Dane aplikacji\TVU networks
2008-02-24 20:41 . 2008-02-24 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TVU networks
2008-02-23 15:29 . 2008-02-23 15:29 <DIR> d-------- C:\Program Files\Software2000
2008-02-23 15:18 . 2008-02-23 15:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-23 15:18 . 2008-02-23 15:18 <DIR> d-------- C:\Program Files\D-Tools
2008-02-23 15:18 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-23 15:18 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-18 16:28 . 2008-02-18 16:28 <DIR> d-------- C:\Program Files\Avast4
2008-02-18 16:28 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-18 16:28 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-18 16:28 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-18 16:28 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-18 16:28 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-18 16:28 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-18 16:28 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-18 16:28 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-14 01:44 . 2008-02-25 03:33 <DIR> d-------- C:\Documents and Settings\Redzi\Dane aplikacji\Move Networks
2008-02-11 05:46 . 2003-07-21 04:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-11 05:46 . 2005-01-04 19:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-02-10 23:33 . 2008-03-04 20:12 <DIR> d-------- C:\Program Files\9Dragons
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 17:37 --------- d-----w C:\Documents and Settings\Redzi\Dane aplikacji\MegauploadToolbar
2008-03-04 20:10 --------- d-----w C:\Documents and Settings\Redzi\Dane aplikacji\U3
2008-02-25 09:47 --------- d-----w C:\Program Files\SkanerOnline
2008-02-23 14:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 16:45 --------- d-----w C:\Program Files\ESET
2008-02-18 15:21 --------- d-----w C:\Program Files\Reg Organizer 2.5 Full
2008-02-01 15:32 --------- d-----w C:\Program Files\MegauploadToolbar
2008-01-21 23:28 --------- d-----w C:\Program Files\ABBYY FineReader 4.0 Sprint
2008-01-21 23:25 --------- d-----w C:\Program Files\BearPaw 2400TA Pro
2008-01-14 18:38 --------- d-----w C:\Program Files\SubEdit-Player
2007-12-09 22:09 47,360 ----a-w C:\Documents and Settings\Redzi\Dane aplikacji\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2007-03-25 17:59 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-03-25 17:57 1694208]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 01:32 961024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2007-03-25 17:57 73728]
"TPSMain"="TPSMain.exe" [2007-03-25 17:57 266240 C:\WINDOWS\system32\TPSMain.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 14:02 352256]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2007-03-25 17:58 73728 C:\WINDOWS\system32\TDispVol.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-25 17:59 765952]
"SmoothView"="C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-25 17:59 15691264 C:\WINDOWS\RTHDCPL.exe]
"NDSTray.exe"="NDSTray.exe" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-25 17:59 671744]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-25 17:57 606208]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2007-03-25 17:59 90112 C:\WINDOWS\agrsmmsg.exe]
"CFSServ.exe"="CFSServ.exe" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-24 11:01 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-24 11:01 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-24 11:00 131072]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
C:\Documents and Settings\Redzi\Menu Start\Programy\Autostart\
Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 08:03:44 59392]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2007-12-10 16:43:04 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\explorer.exe"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Ubisoft\\Heroes of Might and Magic IV - Zlota Edycja\\heroes4p.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\9Dragons\GameGuard\dump_wmimmc.sys []
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35a96d76-b246-11db-88a6-00130243e3b2}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ed1b94e-d6f8-11db-891c-d16eb9e76b81}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ed1b94f-d6f8-11db-891c-d16eb9e76b81}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbf2b5a4-aa6a-11db-8892-00130243e3b2}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db428a64-9eb2-11db-887c-00130243e3b2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db428a65-9eb2-11db-887c-00130243e3b2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 18:51:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\TDispVol.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-03-06 18:54:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-06 17:54:28
.
2008-02-13 19:24:04 --- E O F ---
