- Kod: Zaznacz wszystko
ComboFix 08-08-03.05 - Woytas 2008-08-07 17:08:59.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1623 [GMT 2:00]
Running from: C:\Documents and Settings\Woytas\Pulpit\ComboFix-001.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.
2008-08-06 21:52 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-08-06 21:46 . 2008-08-06 21:46 <DIR> d-------- C:\Program Files\Mplayer
2008-08-06 21:44 . 2008-08-06 21:46 766 --a------ C:\WINDOWS\QIII.INI
2008-08-05 21:02 . 2008-08-05 22:29 <DIR> d-------- C:\Documents and Settings\Woytas\Dane aplikacji\GarageGames
2008-07-30 18:48 . 2008-07-31 00:07 <DIR> d-------- C:\Program Files\Project64 1.6
2008-07-08 04:04 . 2008-07-08 04:05 <DIR> d-------- C:\Program Files\Torrent Master
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 13:02 --------- d-----w C:\Documents and Settings\Woytas\Dane aplikacji\MegauploadToolbar
2008-08-07 12:06 --------- d-----w C:\Documents and Settings\Woytas\Dane aplikacji\uTorrent
2008-08-06 17:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-05 19:00 --------- d-----w C:\Documents and Settings\Woytas\Dane aplikacji\GetRight
2008-07-28 18:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-21 19:25 --------- d-----w C:\Program Files\AGEIA Technologies
2008-06-28 22:43 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-28 22:43 106,496 ----a-w C:\WINDOWS\DIIUnin.exe
2008-06-24 23:46 --------- d-----w C:\Program Files\AIDA32 - Personal System Information
2008-06-23 18:53 --------- d-----w C:\Program Files\PPMate
2008-06-23 17:54 --------- d-----w C:\Documents and Settings\Woytas\Dane aplikacji\Image Zone Express
2008-06-12 23:23 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-25 17:31 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-05-25 17:31 22,328 ----a-w C:\Documents and Settings\Woytas\Dane aplikacji\PnkBstrK.sys
2008-05-25 17:31 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-19 16:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 16:10 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-05-19 16:10 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-11-18 19:04 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 16062464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-07 14:14:18 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.X264"= x264vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-11-12 16:48 21760296 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 17:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\e\\utorrent.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Gry\\FlatOut Ultimate Carnage\\Fouc.exe"=
"E:\\Gry\\fifa08\\FIFA08.exe"=
"C:\\Documents and Settings\\Woytas\\Dane aplikacji\\GarageGames\\IAPlayer\\products\\www_instantaction_com\\7000\\install\\Zap.exe"=
"E:\\Gry\\Quake3\\quake3.exe"=
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2008-01-20 22:36]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2008-01-20 22:36]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2008-01-20 22:36]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2008-01-20 22:36]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2008-01-20 22:36]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.neostrada.pl
R0 -: HKLM-Main,Start Page = about:blank
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O17 -: HKLM\CCS\Interface\{38FBEEF6-FD6D-44EE-BD2C-9DE546F7D68F}: NameServer = 194.204.159.1 217.98.63.164
O16 -: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - hxxp://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\weblive.exe
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll
O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
C:\WINDOWS\Downloaded Program Files\cab.inf
C:\WINDOWS\Downloaded Program Files\iaplayer.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 17:10:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-07 17:11:10
ComboFix-quarantined-files.txt 2008-08-07 15:11:03
Pre-Run: 257,441,792 bajtów wolnych
Post-Run: 361,291,776 bajtów wolnych
137