ComboFix 08-10-17.01 - Admin 2008-10-18 15:03:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2658 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-18 do 2008-10-18 )))))))))))))))))))))))))))))))
.
2008-10-18 11:48 . 2008-10-18 11:57 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-18 11:48 . 2005-02-25 05:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-17 21:30 . 2008-10-17 21:30 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\Media Player Classic
2008-10-17 21:23 . 2008-10-17 21:23 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu
2008-10-17 20:40 . 2008-10-17 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2008-10-17 20:39 . 2008-10-17 20:40 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools Pro
2008-10-17 20:38 . 2008-10-17 20:40 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-10-17 20:36 . 2008-10-17 20:36 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 12:54 --------- d-----w C:\Program Files\ESET
2008-10-17 17:31 --------- d-----w C:\Program Files\Google
2008-10-17 16:55 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\AdobeUM
2008-10-17 16:52 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\ACD Systems
2008-10-17 16:47 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\CyberLink
2008-10-17 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-17 16:46 --------- d-----w C:\Program Files\CyberLink
2008-10-17 16:46 --------- d-----w C:\Program Files\Common Files\CyberLink
2008-10-17 16:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-10-17 16:45 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll
2008-10-17 16:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-17 16:18 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\DivX
2008-10-17 16:14 --------- d-----w C:\Program Files\Gadu-Gadu
2008-10-17 16:08 --------- d-----w C:\Program Files\Bartez Movie Library
2008-10-17 15:58 --------- d-----w C:\Program Files\Winamp
2008-10-17 15:58 --------- d-----w C:\Program Files\totalcmd
2008-10-17 15:58 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\MusicIP
2008-10-17 15:53 --------- d-----w C:\Program Files\Real Alternative
2008-10-17 15:53 --------- d-----w C:\Program Files\Media Player Classic
2008-10-17 15:53 --------- d-----w C:\Program Files\MarBit
2008-10-17 15:52 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-10-17 15:51 --------- d-----w C:\Program Files\DivX
2008-10-17 15:28 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-10-17 15:28 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-10-17 15:28 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-10-17 15:28 --------- d-----w C:\Program Files\ACD Systems
2008-10-17 15:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2008-10-17 15:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-10-17 15:26 --------- d-----w C:\Program Files\MSBuild
2008-10-17 15:26 --------- d-----w C:\Program Files\Microsoft Works
2008-10-17 15:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-10-17 15:07 --------- d-----w C:\Program Files\Analog Devices
2008-10-17 15:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-17 14:34 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-17 14:33 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-17 171448]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 8425472]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-22 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-10-17 949376]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-04-25 35328]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-05-20 91432]
"nwiz"="nwiz.exe" [2007-03-22 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-17 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-05-15 12:07 61424]
*Newly Created Service* - CATCHME
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\3o7sqhgz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 15:04:34
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
PROCES: C:\WINDOWS\explorer.exe
-> C:\Program Files\WinRAR\rarext.dll
-> C:\Program Files\Eset\nodshex.dll
.
Czas ukończenia: 2008-10-18 15:04:56
ComboFix-quarantined-files.txt 2008-10-18 13:04:54
Przed: 13 240 836 096 bajtów wolnych
Po: 13,233,217,536 bajtów wolnych
122 --- E O F --- 2008-10-18 09:48:52
:)
pisanie caps lockiem, zal
