- Kod: Zaznacz wszystko
ComboFix 08-08-04.01 - radek 2008-08-05 14:10:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1383 [GMT 2:00]
Running from: C:\Documents and Settings\radek\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0CA13C0
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0CA1631
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0CA1788.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0CA19DA.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0CA1B32.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.
2008-08-02 16:38 . 2008-08-02 16:38 19,018 --a------ C:\DSC00012.JPG
2008-07-28 10:18 . 2008-07-28 10:18 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-25 02:15 . 2008-07-25 02:15 <DIR> d-------- C:\WINDOWS\Sun
2008-07-25 02:14 . 2008-07-25 02:14 <DIR> d-------- C:\Program Files\Java
2008-07-25 02:14 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-25 02:12 . 2008-07-25 02:12 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-24 22:18 . 2008-08-05 13:28 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-24 17:38 . 2008-07-24 22:19 <DIR> d-------- C:\Documents and Settings\radek\Dane aplikacji\Ahead
2008-07-24 17:37 . 2008-07-24 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-07-24 17:33 . 2008-07-24 17:33 <DIR> d-------- C:\Program Files\Nero
2008-07-24 17:33 . 2008-07-24 17:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-24 17:33 . 2008-07-24 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-07-22 21:57 . 2008-07-22 21:57 <DIR> d-------- C:\Documents and Settings\radek\Dane aplikacji\DivX
2008-07-19 12:42 . 2008-07-19 12:45 <DIR> d-------- C:\Program Files\BearShare
2008-07-19 12:42 . 2008-07-19 12:42 <DIR> d-------- C:\My Downloads
2008-07-19 12:33 . 2008-07-19 12:37 <DIR> d-------- C:\Program Files\Shareaza
2008-07-19 12:33 . 2008-07-19 12:33 <DIR> d-------- C:\Documents and Settings\radek\Dane aplikacji\Shareaza
2008-07-16 15:58 . 2008-07-16 15:58 <DIR> d-------- C:\Program Files\OpenAL
2008-07-16 15:58 . 2008-07-16 15:58 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-07-16 15:58 . 2008-07-16 15:58 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-07-16 15:56 . 2008-07-16 15:56 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-07-15 12:14 . 2008-07-15 12:14 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-07-15 12:14 . 2008-07-15 12:14 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-07-15 10:19 . 2008-04-13 22:05 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-07-11 14:20 . 2008-07-11 14:20 1,374 --a------ C:\WINDOWS\imsins.BAK
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 12:19 7,155,488 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-05 12:18 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-08-05 12:18 109,600 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-05 11:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-08-02 18:43 97,076 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-02 18:43 11,984 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-24 11:31 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-24 11:31 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-23 22:58 --------- d-----w C:\Program Files\Spik
2008-07-23 11:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-07-21 14:31 --------- d-----w C:\Program Files\Winamp
2008-07-21 14:10 --------- d-----w C:\Documents and Settings\radek\Dane aplikacji\Winamp
2008-07-18 17:00 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-16 13:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 14:07 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-07-07 13:25 --------- d-----w C:\Program Files\Opera
2008-07-07 10:00 30,008 ----a-w C:\WINDOWS\system32\drivers\ET5Drv.sys
2008-07-01 14:02 --------- d-----w C:\Program Files\DivX
2008-06-28 14:24 --------- d-----w C:\Program Files\GIGABYTE
2008-06-21 18:59 --------- d-----w C:\Program Files\CCleaner
2008-06-21 18:57 --------- d-----w C:\Documents and Settings\radek\Dane aplikacji\Thinstall
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-17 17:50 --------- d-----w C:\Program Files\Microsoft Works
2008-06-17 17:49 --------- d-----w C:\Program Files\MSBuild
2008-06-17 17:49 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-17 17:48 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-17 14:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-15 12:38 --------- d-----w C:\Documents and Settings\radek\Dane aplikacji\Gadu-Gadu
2008-06-15 12:15 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-15 10:04 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-06-14 19:10 --------- d-----w C:\Program Files\Real Alternative
2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 10:09 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-14 10:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-06-13 16:04 --------- d-----w C:\Program Files\Electronic Arts
2008-06-13 16:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-06-13 10:17 --------- d-----w C:\Documents and Settings\radek\Dane aplikacji\Symantec
2008-06-13 09:11 --------- d-----w C:\Program Files\MagicDisc
2008-06-13 08:40 --------- d-----w C:\Program Files\totalcmd
2008-06-13 00:10 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-13 00:00 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-13 00:00 --------- d--h--r C:\Documents and Settings\radek\Dane aplikacji\SecuROM
2008-06-12 23:30 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-06-12 23:05 --------- d-----w C:\Program Files\SubEdit-Player
2008-06-12 22:53 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-12 22:53 --------- d-----w C:\Documents and Settings\radek\Dane aplikacji\DAEMON Tools
2008-06-12 22:21 --------- d-----w C:\Documents and Settings\radek\Dane aplikacji\Spik
2008-06-12 16:17 --------- d-----w C:\Program Files\Realtek
2008-06-12 16:17 --------- d-----w C:\Documents and Settings\radek\Dane aplikacji\InstallShield
2008-06-12 16:15 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-12 16:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-12 16:06 90,112 ----a-w C:\WINDOWS\DUMP3c5d.tmp
2008-06-12 16:03 --------- d-----w C:\Program Files\Intel
2008-06-12 15:31 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-12 15:29 --------- d-----w C:\Program Files\Usługi online
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="C:\Program Files\GIGABYTE\GEST\RUN.exe" [2007-12-14 11:46 236040]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 10:55 1966080]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 01:00 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-07 01:00 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 12:14 16844800 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-11-07 01:00 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]
C:\Documents and Settings\radek\Menu Start\Programy\Autostart\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-06-13 11:11:24 547840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Spik\\Spik.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Games\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Games\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Games\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Games\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Games\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Games\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Games\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
R3 GEST Service;GEST Service for program management.;C:\Program Files\GIGABYTE\GEST\GSvr.exe [2008-07-07 12:03]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d0f0cf5-38d1-11dd-bf4f-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{BCEB4D56-3D83-4567-9A0F-78522243CE5E}: NameServer = 194.204.159.1,194.204.152.4
O18 -: Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 14:18:58
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-05 14:20:11
ComboFix-quarantined-files.txt 2008-08-05 12:20:08
Pre-Run: 27,006,156,800 bajtów wolnych
Post-Run: 27,079,610,368 bajtów wolnych
211 --- E O F --- 2008-07-28 12:23:03