ComboFix
- Kod: Zaznacz wszystko
ComboFix 09-03-30.04 - Pywn 2009-03-31 18:34:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2046.1633 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Pywn\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOTDRV
((((((((((((((((((((((((( Pliki utworzone od 2009-02-28 do 2009-03-31 )))))))))))))))))))))))))))))))
.
2009-03-31 13:21 . 2009-03-31 13:50 <DIR> d-------- c:\program files\SkanerOnline
2009-03-29 15:56 . 2009-03-29 17:01 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-29 15:55 . 2009-03-29 15:55 <DIR> d-------- c:\documents and settings\NetworkService\Pulpit
2009-03-29 15:38 . 2009-03-29 16:56 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-29 15:37 . 2009-03-29 15:37 <DIR> d-------- c:\program files\Lavasoft
2009-03-29 15:37 . 2009-03-29 15:37 <DIR> d--h-c--- c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-29 14:17 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-29 14:17 . 2009-03-06 16:45 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-29 14:17 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-29 14:16 . 2009-03-29 14:19 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-29 14:16 . 2009-03-29 14:16 <DIR> d-------- c:\documents and settings\Pywn\Dane aplikacji\PC Tools
2009-03-29 14:16 . 2009-03-29 14:16 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-03-29 14:16 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-29 10:13 . 2009-03-29 10:13 <DIR> d-------- c:\documents and settings\s\Dane aplikacji\Nero
2009-03-29 10:09 . 2009-03-31 18:36 <DIR> d--h----- c:\documents and settings\s\Ustawienia lokalne
2009-03-29 10:09 . 2009-03-29 10:12 <DIR> dr------- c:\documents and settings\s\Ulubione
2009-03-29 10:09 . 2007-12-13 20:38 <DIR> d--h----- c:\documents and settings\s\Szablony
2009-03-29 10:09 . 2007-12-13 21:30 <DIR> d-------- c:\documents and settings\s\Pulpit
2009-03-29 10:09 . 2009-03-29 10:12 <DIR> dr------- c:\documents and settings\s\Moje dokumenty
2009-03-29 10:09 . 2007-12-13 21:30 <DIR> dr------- c:\documents and settings\s\Menu Start
2009-03-29 10:09 . 2009-03-29 10:13 <DIR> dr-h----- c:\documents and settings\s\Dane aplikacji
2009-03-29 10:09 . 2009-03-29 10:15 <DIR> d-------- c:\documents and settings\s
2009-03-29 00:30 . 2009-03-31 18:36 483,360 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-03-29 00:30 . 2009-03-29 00:37 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-03-29 00:30 . 2009-03-29 00:37 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-03-29 00:30 . 2009-03-31 18:36 3,780 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-03-29 00:29 . 2009-03-31 18:39 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-03-28 23:55 . 2009-03-28 23:55 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-28 22:46 . 2009-03-31 18:36 5,591,072 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-28 22:46 . 2009-03-31 18:36 67,640 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-28 21:43 . 2009-03-28 21:43 95 --a------ c:\windows\wininit.ini
2009-03-28 19:07 . 2009-03-28 19:07 213,120 --a--c--- c:\windows\system32\dllcache\ndis.sys
2009-03-28 17:55 . 2009-03-28 17:56 <DIR> d-------- c:\program files\Common Files\DivX Shared
2009-03-26 19:55 . 2009-03-26 19:55 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\wanted
2009-03-26 19:49 . 2009-03-26 19:49 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-03-26 19:48 . 2009-03-26 19:49 <DIR> d-------- c:\documents and settings\Pywn\Dane aplikacji\DAEMON Tools Lite
2009-03-26 18:09 . 2009-03-26 18:12 <DIR> d-------- c:\program files\DAEMON Tools Pro
2009-03-26 16:54 . 2009-03-26 16:54 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-03-23 13:22 . 2009-03-23 13:22 <DIR> dr------- c:\program files\Skype
2009-03-19 14:52 . 2009-03-19 16:13 <DIR> d-------- c:\documents and settings\Pywn\Games
2009-03-08 00:07 . 2007-12-26 18:30 1,970,176 --a------ c:\windows\system32\d3dx9.dll
2009-03-08 00:07 . 2005-01-22 21:12 679,936 --a------ c:\windows\system32\D3DX81ab.dll
2009-03-06 14:50 . 2009-03-06 14:50 189 --a------ c:\windows\GSdx9-sse2.INI
2009-02-25 16:03 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 21:34 . 2009-02-24 21:34 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2009-02-24 21:34 . 2009-02-24 21:34 823,296 --a------ c:\windows\system32\divx_xx07.dll
2009-02-24 21:34 . 2009-02-24 21:34 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2009-02-24 21:34 . 2009-02-24 21:34 802,816 --a------ c:\windows\system32\divx_xx11.dll
2009-02-24 21:34 . 2009-02-24 21:34 684,032 --a------ c:\windows\system32\DivX.dll
2009-02-24 21:34 . 2009-02-24 21:34 90,112 --a------ c:\windows\system32\dpl100.dll
2009-02-15 22:33 . 2009-02-15 22:33 <DIR> d-------- c:\documents and settings\Pywn\.gstreamer-0.10
2009-02-15 22:19 . 2009-02-16 16:58 <DIR> d-------- c:\documents and settings\Pywn\Dane aplikacji\Nowe Gadu-Gadu
2009-02-13 21:57 . 2009-02-13 21:57 <DIR> d-------- c:\program files\Common Files\Enterbrain
2009-02-12 14:53 . 2009-02-12 14:53 204 --a------ c:\windows\Heroes.S03E15.HDTV.XviD-LOL.ini
2009-02-07 14:05 . 2009-02-07 14:05 <DIR> d-------- c:\windows\nview
2009-02-07 14:05 . 2009-03-31 18:39 206,530 --a------ c:\windows\system32\nvapps.xml
2009-02-07 14:05 . 2009-01-15 09:19 18,725 --a------ c:\windows\system32\nvdisp.nvu
2009-02-06 21:55 . 2009-02-06 21:55 <DIR> d-------- c:\documents and settings\Pywn\temp
2009-02-06 21:55 . 2009-02-06 22:16 <DIR> d-------- c:\documents and settings\Pywn\Dane aplikacji\TeamViewer
2009-02-06 21:47 . 2009-02-06 21:47 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Trymedia
2009-02-03 16:43 . 2009-02-03 16:45 <DIR> d-------- c:\program files\Snikers
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 12:00 --------- d-----w c:\documents and settings\Pywn\Dane aplikacji\Skype
2009-03-29 20:02 --------- d-----w c:\documents and settings\Pywn\Dane aplikacji\uTorrent
2009-03-29 14:11 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-29 13:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-29 13:37 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2009-03-29 08:13 --------- d-----w c:\program files\mIRC
2009-03-28 22:37 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-28 22:01 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-03-28 21:41 --------- d-----w c:\program files\MSBuild
2009-03-28 17:07 213,120 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-28 15:57 --------- d-----w c:\documents and settings\Pywn\Dane aplikacji\DivX
2009-03-28 14:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 13:48 --------- d-----w c:\documents and settings\Pywn\Dane aplikacji\Hamachi
2009-03-26 17:49 --------- d-----w c:\documents and settings\Pywn\Dane aplikacji\DAEMON Tools
2009-03-26 15:27 --------- d-----w c:\documents and settings\Pywn\Dane aplikacji\DAEMON Tools Pro
2009-03-26 13:17 --------- d-----w c:\program files\OpenAL
2009-03-25 19:40 --------- d-----w c:\documents and settings\Pywn\Dane aplikacji\teamspeak2
2009-03-24 13:01 --------- d-----w c:\documents and settings\Pywn\Dane aplikacji\Samsung
2009-03-23 11:22 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-03-23 10:03 --------- d-----w c:\documents and settings\Pywn\Dane aplikacji\skypePM
2009-03-18 14:32 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-03-08 16:09 --------- d-----w c:\program files\America's Army Server Manager
2009-02-24 19:35 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-02-24 19:35 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-02-24 19:35 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-02-07 12:06 --------- d-----w c:\program files\AGEIA Technologies
2009-01-22 16:38 2,829 ----a-w c:\windows\DIIUnin.pif
2009-01-22 16:38 106,496 ----a-w c:\windows\DIIUnin.exe
2008-12-30 13:09 2,829 ----a-w c:\windows\War3Unin.pif
2008-12-30 13:09 139,264 ----a-w c:\windows\War3Unin.exe
2008-12-22 15:55 22,328 ----a-w c:\documents and settings\Pywn\Dane aplikacji\PnkBstrK.sys
2008-12-18 19:29 223,418 ----a-w c:\windows\rFactor Data Acquisition Plugin Uninstaller.exe
2008-08-28 20:46 81,920 ----a-w c:\documents and settings\Pywn\Dane aplikacji\ezpinst.exe
2008-08-28 20:46 47,360 ----a-w c:\documents and settings\Pywn\Dane aplikacji\pcouffin.sys
2008-01-17 12:08 94,208 ----a-w c:\documents and settings\Pywn\Dane aplikacji\ezplay.sys
2007-12-19 17:04 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2009-02-24 19:34 1,044,480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 200,704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
2006-03-02 14:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2009-03-28 19:07 213120 f822b76094d2f27ee01a4399a64ef934 c:\windows\system32\dllcache\ndis.sys
2009-03-28 19:07 213120 f822b76094d2f27ee01a4399a64ef934 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-03-31_18.25.58.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-31 16:39:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1ac.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5B3FA65-1A9F-4A86-A387-1603FE3570AB}]
c:\windows\system32\opnklkKc.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"NBKeyScan"="d:\programy\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"AVP"="d:\programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-29 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"nDler2"="\\?\globalroot\systemroot\system32\nDler2.exe" [?]
"Nokia.PCSync"="d:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-03-29 16:47 515416 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 19:21 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2009-01-15 09:19 13680640 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\Gadu-Gadu\\gg.exe"=
"d:\\gry\\rFactor\\rFactor.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\Hamachi\\hamachi.exe"=
"d:\\gry\\Warcraft III\\Warcraft III.exe"=
"d:\\gry\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\gry\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programy\\Leaf Networks\\Leaf\\bin\\Leaf.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"d:\\Programy\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\gry\\Burnout Paradise\\BurnoutLauncher.exe"=
"d:\\gry\\Burnout Paradise\\BurnoutConfigTool.exe"=
"d:\\gry\\Burnout Paradise\\BurnoutParadise.exe"=
"d:\\gry\\rFactor\\rFactor Dedicated.exe"=
"c:\\Documents and Settings\\Pywn\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Programy\\uTorrent\\uTorrent.exe"=
"d:\\Programy\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Programy\\FlashGet universal\\flashget.exe"=
"c:\\Documents and Settings\\Pywn\\Games\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6112:TCP"= 6112:TCP:6112
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-29 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-29 130424]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2007-12-16 1310720]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064]
S2 FAH@D:+gry+Ubisoft+Far Cry 2+bin+FAH.exe;FAH@D:+gry+Ubisoft+Far Cry 2+bin+FAH.exe;d:\gry\Ubisoft\Far Cry 2\bin\FAH.exe -svcstart --> d:\gry\Ubisoft\Far Cry 2\bin\FAH.exe -svcstart [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-05-03 55296]
S3 npkycryp;npkycryp;\??\d:\gry\Kopia Lineage II C4\system\npkycryp.sys --> d:\gry\Kopia Lineage II C4\system\npkycryp.sys [?]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-01-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-01-23 28800]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\drivers\qcusbmdm.sys [2007-12-17 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\system32\drivers\qcusbser.sys [2007-12-17 59632]
S3 sdAuxService;PC Tools Auxiliary Service;d:\programy\Spyware Doctor\pctsAuxs.exe [2009-03-29 348752]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - BOTDRV
*Deregistered* - botdrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94024c01-d993-11dc-a5fe-001d601decce}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd383c91-1a15-11de-96ed-001d601decce}]
\Shell\AutoRun\command - F:\Autorun.exe
.
Zawartość folderu 'Zaplanowane zadania'
2008-11-23 c:\windows\Tasks\Uniblue SpyEraser.job
- d:\programy\Uniblue\SpyEraser\SpyEraser.exe [2008-05-02 16:15]
2009-03-31 c:\windows\Tasks\XoftSpySE 2.job
- d:\programy\XoftSpySE\XoftSpy.exe [2007-07-13 09:43]
2009-03-28 c:\windows\Tasks\XoftSpySE.job
- d:\programy\XoftSpySE\XoftSpy.exe [2007-07-13 09:43]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: &Download All by FlashGet - d:\programy\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - d:\programy\FlashGet universal\ComDlls\Bholink.htm
IE: &Pobierz wszystko przez FlashGet - d:\programy\FlashGet universal\ComDlls\Bhoall.htm
IE: &Pobrane przez FlashGet - d:\programy\FlashGet universal\ComDlls\Bholink.htm
IE: &Ściągnij przy pomocy FlashGet'a - c:\program files\FlashGet\jc_link.htm
IE: &Ściągnij wszystko przy pomocy FlashGet'a - c:\program files\FlashGet\jc_all.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\PrxerDrv.dll
Trusted Zone: mks.com.pl\www
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Pywn\Dane aplikacji\Mozilla\Firefox\Profiles\o94crpew.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDARTS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: d:\programy\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programy\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\programy\Download Manager\npfpdlm.dll
FF - plugin: d:\programy\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\programy\Real Alternative\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 18:39:57
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
"ImagePath"="System32\Drivers\ezplay.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FAH@D:+gry+Ubisoft+Far Cry 2+bin+FAH.exe]
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\restore]
"ImagePath"="\??\c:\windows\system32\drivers\restore.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1220945662-1229272821-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c1,32,20,ff,99,d3,00,e6,2e,e4,0c,83,6b,4b,0b,ce,5d,19,dd,ac,c2,d0,93,
e1,ab,ef,a7,fb,3a,44,23,95,16,11,da,c7,db,9e,d6,d8,9f,ee,75,59,c9,5d,f7,0e,\
"??"=hex:74,10,33,98,f0,82,6f,6b,1b,50,50,27,0d,4b,34,3e
[HKEY_USERS\S-1-5-21-1220945662-1229272821-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:d3,01,48,ce,eb,c3,84,7a,36,cb,35,ed,b6,e7,e2,62,a8,7f,33,bd,16,
53,d1,29,0b,42,f7,54,0c,93,27,77,f7,bb,1e,a3,6c,d4,6d,2f,d9,72,9b,30,40,5e,\
"rkeysecu"=hex:2b,76,63,e3,79,a5,cc,06,3a,27,34,3f,78,ee,98,29
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
d:\programy\Nero 8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\Temp\BN6.tmp
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-31 18:41:37 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-03-31 16:41:34
Przed: 5 646 680 064 bajtów wolnych
Po: 4,223,373,312 bajtów wolnych
Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
302 --- E O F --- 2009-03-29 11:36:20
Hijackthis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:58, on 2009-03-31
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
D:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programy\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN6.tmp
C:\WINDOWS\explorer.exe
D:\Programy\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - d:\Programy\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F5B3FA65-1A9F-4A86-A387-1603FE3570AB} - C:\WINDOWS\system32\opnklkKc.dll (file missing)
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Programy\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &Download All by FlashGet - D:\Programy\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - D:\Programy\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Pobierz wszystko przez FlashGet - D:\Programy\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Pobrane przez FlashGet - D:\Programy\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219920427453
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: FAH@D:+gry+Ubisoft+Far Cry 2+bin+FAH.exe - Unknown owner - D:\gry\Ubisoft\Far Cry 2\bin\FAH.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programy\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Programy\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Programy\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8784 bytes
oraz skasuj folder C:\