ComboFix 08-10-23.08 - Artur 2008-10-24 18:59:26.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.530 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\Artur\Pulpit\ComboFix.exe * Resident AV is active [COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR] . Error: Cfiles.dat ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Artur\Ustawienia lokalne\Temporary Internet Files\fbk.sts . ((((((((((((((((((((((((( Pliki utworzone od 2008-09-24 do 2008-10-24 ))))))))))))))))))))))))))))))) . 2008-10-24 18:08 . 2008-10-24 18:08 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-10-24 18:07 . 2008-10-24 18:07 d-------- C:\WINDOWS\ERUNT 2008-10-24 18:00 . 2008-10-24 18:19 d-------- C:\SDFix 2008-10-24 17:24 . 2008-10-24 17:24 d-------- C:\Program Files\Trend Micro 2008-10-24 16:39 . 2008-10-24 16:39 2,048 --a------ C:\WINDOWS\system32\xkuohscf.exe 2008-10-24 16:36 . 2008-10-24 16:37 68,608 --a------ C:\WINDOWS\system32\udwlyjec.dll 2008-10-24 16:34 . 2008-10-24 16:34 102,400 --a------ C:\WINDOWS\system32\bjmochxr.dll 2008-10-24 07:27 . 2008-10-24 07:27 244,224 --a------ C:\WINDOWS\system32\byXQIXPh.dll 2008-10-24 07:12 . 2008-10-24 07:12 272,782 --a------ C:\WINDOWS\system32\gside.exe 2008-10-23 22:17 . 2008-10-24 17:22 d-------- C:\Program Files\Advanced Registry Doctor 2008-10-23 21:21 . 2008-10-23 21:21 d-------- C:\Program Files\ESET 2008-10-23 21:21 . 2008-10-23 21:21 d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-10-23 20:13 . 2008-10-23 20:13 d-------- C:\Program Files\THQ 2008-10-23 20:08 . 2008-10-24 15:42 d--hs---- C:\WINDOWS\YWJj 2008-10-23 20:07 . 2008-10-23 20:07 d-------- C:\WINDOWS\system32\muc 2008-10-23 20:07 . 2008-10-23 20:07 d-------- C:\WINDOWS\system32\gp2 2008-10-23 20:07 . 2008-10-24 15:42 d-------- C:\WINDOWS\system32\EV13 2008-10-23 20:07 . 2008-10-23 20:07 64,859 --a------ C:\WINDOWS\system32\rsxepgkrcyjktsjo.exe 2008-10-23 20:07 . 2008-10-23 23:20 860 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-10-23 19:37 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]00001_.tmp 2008-10-23 19:37 . 2004-08-04 00:44 10,752 --------- C:\WINDOWS\system32\smtpapi.dll 2008-10-23 19:37 . 2004-08-04 00:44 9,728 --------- C:\WINDOWS\system32\rwnh.dll 2008-10-21 17:11 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-10-21 17:11 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-10-19 18:39 . 2008-10-19 18:39 d-------- C:\Program Files\test help type 2008-10-19 12:01 . 2008-10-24 15:42 d-------- C:\Documents and Settings\Artur\Dane aplikacji\Hamachi 2008-10-19 12:00 . 2008-10-19 12:01 d-------- C:\Program Files\Hamachi 2008-10-19 12:00 . 2008-10-19 12:00 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-10-18 09:08 . 2008-10-18 09:08 d-------- C:\Documents and Settings\aneczka\Dane aplikacji\MySpace 2008-10-17 22:54 . 2008-10-17 22:54 d-------- C:\Program Files\MySpace 2008-10-17 22:54 . 2008-10-17 22:54 d-------- C:\Documents and Settings\Artur\Dane aplikacji\MySpace 2008-10-15 20:50 . 2008-10-15 20:50 d-------- C:\Program Files\Common Files\INCA Shared 2008-10-15 20:50 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-10-15 20:50 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-09-26 00:35 . 2008-09-26 00:35 d-------- C:\Documents and Settings\Artur\Dane aplikacji\Media Player Classic 2008-09-26 00:34 . 2008-09-26 00:35 d-------- C:\Program Files\Real Alternative 2008-09-25 14:59 . 2008-10-15 18:30 d-------- C:\Program Files\SkanerOnline 2008-09-24 13:24 . 2008-09-24 13:24 d-------- C:\Documents and Settings\LocalService\Menu Start 2008-09-24 13:17 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-09-24 13:12 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]03782_.tmp . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-24 16:03 --------- d-----w C:\Program Files\Crawler 2008-10-24 10:29 --------- d-----w C:\Program Files\Valve 2008-10-23 18:27 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\LimeWire 2008-10-19 16:48 --------- d-----w C:\Program Files\Call of Duty 2008-10-19 16:41 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\test help type 2008-10-19 16:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\dupe axis inter wipe 2008-10-17 16:39 --------- d-----w C:\Program Files\8BallClub 2008-10-15 18:59 --------- d-----w C:\Program Files\Gadu-Gadu 2008-10-15 16:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-15 16:29 --------- d-----w C:\Program Files\Asprate 2008-09-24 10:27 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\skypePM 2008-09-24 10:27 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\Skype 2008-09-20 14:55 --------- d-----w C:\Program Files\LimeWire 2008-09-18 18:00 --------- d-----w C:\Program Files\Winamp 2008-09-16 12:04 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-09-16 11:52 --------- d-----w C:\Program Files\BitDownload 2008-09-13 07:39 --------- d-----w C:\Documents and Settings\aneczka\Dane aplikacji\Nokia Multimedia Player 2008-09-12 18:49 --------- d-----w C:\Documents and Settings\aneczka\Dane aplikacji\Media Player Classic 2008-09-12 18:41 --------- d-----w C:\Documents and Settings\aneczka\Dane aplikacji\DivX 2008-09-08 17:26 0 ----a-r C:\logwmemory.bin 2008-09-08 17:25 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\Soldat 2008-09-06 17:50 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\uTorrent 2008-09-06 08:29 --------- d-----w C:\Program Files\PhotoScape 2008-09-02 14:47 --------- d-----w C:\Program Files\Ganymede 2008-09-01 18:17 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\GanymedeNet 2008-08-28 06:41 --------- d-----w C:\Program Files\Skype 2008-08-28 06:41 --------- d-----w C:\Program Files\Common Files\Skype 2008-08-28 06:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-08-27 07:03 --------- d-----w C:\Program Files\BearShare 2008-08-26 12:54 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\PC Suite 2008-08-13 18:27 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2008-03-20 12:25 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat . ((((((((((((((((((((((((((((( snapshot@2008-10-24_17.36.59.67 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-10-24 16:07:35 4,689,920 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-10-24 16:07:35 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-10-24 16:07:23 4,689,920 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-10-24 16:07:23 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DeleteFive"="C:\DOCUME~1\Artur\DANEAP~1\TESTHE~1\CashGlue.exe" [2008-10-19 553984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "6c8f83a7"="C:\WINDOWS\system32\udwlyjec.dll" [2008-10-24 68608] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=yxjhxr.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk backup=C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Artur^Menu Start^Programy^Autostart^DW_Start.lnk] path=C:\Documents and Settings\Artur\Menu Start\Programy\Autostart\DW_Start.lnk backup=C:\WINDOWS\pss\DW_Start.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Artur^Menu Start^Programy^Autostart^hamachi.lnk] path=C:\Documents and Settings\Artur\Menu Start\Programy\Autostart\hamachi.lnk backup=C:\WINDOWS\pss\hamachi.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Artur^Menu Start^Programy^Autostart^lsass.exe] path=C:\Documents and Settings\Artur\Menu Start\Programy\Autostart\lsass.exe backup=C:\WINDOWS\pss\lsass.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] --a------ 2006-08-01 17:04 3313664 C:\Program Files\BearShare\BearShare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeleteFive] --a------ 2008-10-19 18:39 553984 C:\DOCUME~1\Artur\DANEAP~1\TESTHE~1\CashGlue.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] --a------ 2008-07-01 09:01 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] -r------- 2006-09-14 11:51 2162688 C:\WINDOWS\TBPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a------ 2005-03-17 14:45 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inter wipe surf store] --a------ 2008-10-24 18:22 5738496 C:\Documents and Settings\All Users\Dane aplikacji\dupe axis inter wipe\Knob Less.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-08-04 00:44 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] --a------ 2008-04-18 01:27 9117696 C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --------- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --------- 2006-08-11 15:43 7630848 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --------- 2006-08-11 15:43 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a------ 2005-03-17 14:25 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-08-12 17:13 21741864 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] -ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU] --------- 2006-03-29 17:12 364544 C:\Program Files\TP-LINK\TWCU\TWCU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --------- 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2007-10-16 19:30 16855552 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) "EhttpSrv"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BearShare\\BearShare.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\8BallClub\\GameDirector.exe"= "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312] S3 PageFau1t;PageFau1t;C:\Documents and Settings\Artur\Pulpit\sXe Hacked v6.9\PageFau1t.sys [ ] . Zawartość folderu 'Zaplanowane zadania' 2008-10-24 C:\WINDOWS\Tasks\AE2E35699189A671.job - c:\docume~1\artur\daneap~1\testhe~1\Tonslistblah.exe [2008-10-19 18:41] . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-lsass - C:\WINDOWS\lsass.exe . ------- Skan uzupełniający ------- . FireFox -: Profile - C:\Documents and Settings\Artur\Dane aplikacji\Mozilla\Firefox\Profiles\z1zg8fkw.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.firesearch.com/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-24 19:00:48 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-10-24 19:01:28 ComboFix-quarantined-files.txt 2008-10-24 17:01:23 ComboFix2.txt 2008-10-24 15:37:19 Przed: 4 047 966 208 bajtów wolnych Po: 4,036,345,856 bajtów wolnych 217