Oto log
- Kod: Zaznacz wszystko
ComboFix 09-01-21.04 - dom 2009-01-24 15:37:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.748 [GMT 1:00]
Uruchomiony z: g:\instalki\do wklejania logów w programosach\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\dom\Dane aplikacji\.#
c:\documents and settings\dom\Dane aplikacji\.#\MBX@1468@3C37D8.###
c:\documents and settings\dom\Dane aplikacji\.#\MBX@1468@3C37E8.###
C:\gfqgq.cmd
C:\uvsqfgwd.cmd
c:\windows\system32\ciuytr0.dll
c:\windows\system32\vamsoft.exe
D:\Autorun.inf
D:\gfqgq.cmd
D:\j60osk9.cmd
D:\uvsqfgwd.cmd
E:\Autorun.inf
E:\gfqgq.cmd
E:\j60osk9.cmd
E:\uvsqfgwd.cmd
F:\Autorun.inf
F:\gfqgq.cmd
F:\j60osk9.cmd
F:\uvsqfgwd.cmd
G:\Autorun.inf
G:\gfqgq.cmd
G:\j60osk9.cmd
G:\uvsqfgwd.cmd
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-24 do 2009-01-24 )))))))))))))))))))))))))))))))
.
2009-01-23 09:03 . 2009-01-23 09:40 107,882 -r-hs---- C:\w98.com
2009-01-23 08:44 . 2009-01-24 15:36 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll
2009-01-20 15:30 . 2009-01-21 17:11 107,983 -r-hs---- C:\gy.exe
2009-01-19 19:09 . 2009-01-19 19:17 <DIR> d-------- c:\program files\Folder Lock 6
2009-01-19 12:57 . 2009-01-19 12:57 <DIR> d-------- c:\documents and settings\dom\Dane aplikacji\ImgBurn
2009-01-17 16:09 . 2009-01-17 16:24 <DIR> d-------- c:\documents and settings\dom\Dane aplikacji\fltk.org
2009-01-16 12:41 . 2009-01-09 15:17 120,952 -r-hs---- C:\xn9uu8.exe
2009-01-16 10:27 . 2009-01-24 11:41 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll
2009-01-16 08:30 . 2009-01-16 16:18 110,003 -r-hs---- C:\x2csvg.exe
2009-01-15 08:33 . 2009-01-18 10:17 95,744 -r-hs---- c:\windows\system32\nmdfgds2.dll
2009-01-14 20:25 . 2004-08-04 01:44 70,144 --a------ c:\windows\AhnRpta.exe
2009-01-14 20:17 . 2009-01-24 12:18 108,293 -r-hs---- c:\windows\system32\olhrwef.exe
2009-01-14 09:09 . 2009-01-14 09:09 <DIR> d--hs---- c:\windows\ftpcache
2009-01-14 09:09 . 2009-01-14 09:09 <DIR> d-------- c:\documents and settings\dom\Dane aplikacji\fizzy
2009-01-13 19:44 . 2009-01-13 19:44 <DIR> d-------- c:\documents and settings\dom\Dane aplikacji\CyberLink
2009-01-13 19:43 . 2009-01-13 19:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\CyberLink
2009-01-13 19:42 . 2009-01-13 19:41 29,480 --a------ c:\windows\system32\msxml3a.dll
2009-01-07 16:56 . 2009-01-16 08:08 <DIR> d-------- c:\program files\Pivot Stickfigure Animator
2009-01-06 14:17 . 2009-01-23 08:51 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-28 22:10 . 2008-12-28 22:10 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-26 13:22 . 2008-12-26 13:23 <DIR> d-------- c:\documents and settings\dom\Dane aplikacji\ipla
2008-12-26 13:22 . 2008-12-26 13:22 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ipla
2008-12-26 13:22 . 2008-12-26 13:22 1,700,352 --a------ c:\windows\system32\gdiplus.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 13:53 --------- d-----w c:\documents and settings\dom\Dane aplikacji\uTorrent
2009-01-24 10:52 --------- d-----w c:\program files\PokerStars
2009-01-24 09:58 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 12:28 --------- d-----w c:\program files\LittleFighter2
2009-01-18 15:25 --------- d-----w c:\documents and settings\dom\Dane aplikacji\gtk-2.0
2009-01-16 19:11 --------- d-----w c:\program files\Java
2009-01-13 18:41 49,448 ----a-w c:\windows\system32\msxml3r.dll
2009-01-13 18:41 1,241,896 ----a-w c:\windows\system32\msxml3.dll
2009-01-13 17:56 --------- d-----w c:\program files\ALLPlayer
2009-01-05 16:11 --------- d-----w c:\program files\JetAudio
2009-01-01 11:38 --------- d-----w c:\documents and settings\dom\Dane aplikacji\Nokia Multimedia Player
2008-12-20 14:20 --------- d-----w c:\documents and settings\dom\Dane aplikacji\GetRightToGo
2008-12-19 15:38 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-14 20:55 --------- d-----w c:\program files\Nowe Gadu-Gadu
2008-12-12 16:40 --------- d-----w c:\documents and settings\dom\Dane aplikacji\DivX
2008-12-12 13:55 --------- d-----w c:\program files\DivX
2008-12-09 09:17 --------- d-----w c:\documents and settings\dom\Dane aplikacji\Nowe Gadu-Gadu
2008-12-07 13:14 --------- d-----w c:\documents and settings\dom\Dane aplikacji\OpenOffice.org
2008-12-07 13:12 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-02 19:03 --------- d-----w c:\documents and settings\dom\Dane aplikacji\AdobeUM
2008-12-01 06:37 --------- d-----w c:\program files\Google
2008-11-30 14:27 --------- d-----w c:\program files\Common Files\Adobe
2008-11-24 14:21 232,846 ----a-w c:\windows\Little_Fighter_2_Toolbar_Uninstaller_8328.exe
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2006-05-12 959488]
"cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-24 108293]
"EXPLORER.EXE"="EXPLORER.EXE" [2004-08-04 c:\windows\explorer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"P17Helper"="P17.dll" [2006-03-17 c:\windows\system32\P17.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-24 108293]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain0.dll" [2004-08-04 78848]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\dom\\Pulpit\\utorrent.exe"=
"g:\\eMule\\emule.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Heroes of Might and Magic III - Zlota Edycja\\Heroes3.exe"=
"f:\\Disciples 2 Bunt Elfów\\Discipl2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\Tomka\\NTSD2.3\\NTSD2.3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-03-20 1452032]
S4 gupdate1c9515b6580f516;Google Update Service (gupdate1c9515b6580f516);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-28 133104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\uvsqfgwd.cmd
\Shell\open\Command - C:\uvsqfgwd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\uvsqfgwd.cmd
\Shell\open\Command - D:\uvsqfgwd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\uvsqfgwd.cmd
\Shell\open\Command - E:\uvsqfgwd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\uvsqfgwd.cmd
\Shell\open\Command - F:\uvsqfgwd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\uvsqfgwd.cmd
\Shell\open\Command - G:\uvsqfgwd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2343259c-d4ce-11dd-ac30-000acd0d326c}]
\Shell\AutoRun\command - M:\ve.exe
\Shell\open\Command - M:\ve.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54183bf0-a9a0-11dd-abc4-000acd0d326c}]
\Shell\AutoRun\command - M:\EXPLORER.EXE
\Shell\explore\Command - M:\EXPLORER.EXE
\Shell\open\Command - M:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3f6f7e-9f80-11dd-aba3-000acd0d326c}]
\Shell\AutoRun\command - M:\gy.exe
\Shell\open\Command - M:\gy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7b65c4a-afe7-11dd-abd2-000acd0d326c}]
\Shell\AutoRun\command - M:\EXPLORER.EXE
\Shell\explore\Command - M:\EXPLORER.EXE
\Shell\open\Command - M:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d87463e6-a822-11dd-abbd-000acd0d326c}]
\Shell\AutoRun\command - M:\EXPLORER.EXE
\Shell\explore\Command - M:\EXPLORER.EXE
\Shell\open\Command - M:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e679fc42-acd4-11dd-abcd-000acd0d326c}]
\Shell\AutoRun\command - M:\EXPLORER.EXE
\Shell\explore\Command - M:\EXPLORER.EXE
\Shell\open\Command - M:\EXPLORER.EXE
.
Zawartość folderu 'Zaplanowane zadania'
2009-01-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-28 14:15]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
Toolbar-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
HKCU-Run-wsctf.exe - wsctf.exe
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: {9CC2E201-DD49-4E52-8606-ED2E037BE942} = 217.30.137.200,217.30.129.149
FF - ProfilePath - c:\documents and settings\dom\Dane aplikacji\Mozilla\Firefox\Profiles\lnent3u8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p=
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 15:39:01
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-01-24 15:40:27
ComboFix-quarantined-files.txt 2009-01-24 14:40:03
Przed: 4,830,507,008 bajtów wolnych
Po: 5,571,608,576 bajtów wolnych
208 --- E O F --- 2008-10-31 07:09:26
