ComboFix 08-10-23.08 - Artur 2008-10-25 11:53:40.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.505 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Artur\Pulpit\ComboFix.exe
Użyto następujących komend :: C:\Documents and Settings\Artur\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
* Resident AV is active
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
FILE ::
C:\WINDOWS\_MSRSTRT.EXE
.
Error: Cfiles.dat
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\_MSRSTRT.EXE
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-25 do 2008-10-25 )))))))))))))))))))))))))))))))
.
2008-10-24 18:08 . 2008-10-24 18:08 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-24 18:07 . 2008-10-24 18:07
d-------- C:\WINDOWS\ERUNT
2008-10-24 18:00 . 2008-10-24 18:19 d-------- C:\SDFix
2008-10-24 17:24 . 2008-10-24 17:24 d-------- C:\Program Files\Trend Micro
2008-10-23 22:17 . 2008-10-24 17:22 d-------- C:\Program Files\Advanced Registry Doctor
2008-10-23 21:21 . 2008-10-23 21:21 d-------- C:\Program Files\ESET
2008-10-23 21:21 . 2008-10-23 21:21 d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-10-23 20:13 . 2008-10-23 20:13 d-------- C:\Program Files\THQ
2008-10-23 19:37 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]00001_.tmp
2008-10-23 19:37 . 2004-08-04 00:44 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-10-23 19:37 . 2004-08-04 00:44 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-10-21 17:11 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-10-21 17:11 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-10-19 12:01 . 2008-10-24 15:42 d-------- C:\Documents and Settings\Artur\Dane aplikacji\Hamachi
2008-10-19 12:00 . 2008-10-19 12:00 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-10-18 09:08 . 2008-10-18 09:08 d-------- C:\Documents and Settings\aneczka\Dane aplikacji\MySpace
2008-10-17 22:54 . 2008-10-17 22:54 d-------- C:\Program Files\MySpace
2008-10-17 22:54 . 2008-10-17 22:54 d-------- C:\Documents and Settings\Artur\Dane aplikacji\MySpace
2008-10-15 20:50 . 2008-10-15 20:50 d-------- C:\Program Files\Common Files\INCA Shared
2008-10-15 20:50 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-10-15 20:50 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-09-26 00:35 . 2008-09-26 00:35 d-------- C:\Documents and Settings\Artur\Dane aplikacji\Media Player Classic
2008-09-26 00:34 . 2008-09-26 00:35 d-------- C:\Program Files\Real Alternative
2008-09-25 14:59 . 2008-10-15 18:30 d-------- C:\Program Files\SkanerOnline
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 10:29 --------- d-----w C:\Program Files\Valve
2008-10-23 18:27 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\LimeWire
2008-10-19 16:48 --------- d-----w C:\Program Files\Call of Duty
2008-10-17 16:39 --------- d-----w C:\Program Files\8BallClub
2008-10-15 18:59 --------- d-----w C:\Program Files\Gadu-Gadu
2008-10-15 16:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-15 16:29 --------- d-----w C:\Program Files\Asprate
2008-09-24 10:27 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\skypePM
2008-09-24 10:27 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\Skype
2008-09-20 14:55 --------- d-----w C:\Program Files\LimeWire
2008-09-18 18:00 --------- d-----w C:\Program Files\Winamp
2008-09-16 12:04 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-09-16 11:52 --------- d-----w C:\Program Files\BitDownload
2008-09-13 07:39 --------- d-----w C:\Documents and Settings\aneczka\Dane aplikacji\Nokia Multimedia Player
2008-09-12 18:49 --------- d-----w C:\Documents and Settings\aneczka\Dane aplikacji\Media Player Classic
2008-09-12 18:41 --------- d-----w C:\Documents and Settings\aneczka\Dane aplikacji\DivX
2008-09-08 17:26 0 ----a-r C:\logwmemory.bin
2008-09-08 17:25 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\Soldat
2008-09-06 17:50 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\uTorrent
2008-09-06 08:29 --------- d-----w C:\Program Files\PhotoScape
2008-09-02 14:47 --------- d-----w C:\Program Files\Ganymede
2008-09-01 18:17 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\GanymedeNet
2008-08-28 06:41 --------- d-----w C:\Program Files\Skype
2008-08-28 06:41 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-28 06:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-08-27 07:03 --------- d-----w C:\Program Files\BearShare
2008-08-26 12:54 --------- d-----w C:\Documents and Settings\Artur\Dane aplikacji\PC Suite
2008-03-20 12:25 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-10-24_17.36.59.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-24 16:07:35 4,689,920 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-24 16:07:35 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-24 16:07:23 4,689,920 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-24 16:07:23 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-10-23 21:15:04 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT
+ 2008-10-25 07:57:07 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk
backup=C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Artur^Menu Start^Programy^Autostart^DW_Start.lnk]
path=C:\Documents and Settings\Artur\Menu Start\Programy\Autostart\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Artur^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\Artur\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-08-01 17:04 3313664 C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2008-07-01 09:01 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
-r------- 2006-09-14 11:51 2162688 C:\WINDOWS\TBPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-17 14:45 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 00:44 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-04-18 01:27 9117696 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--------- 2006-08-11 15:43 7630848 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--------- 2006-08-11 15:43 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-17 14:25 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-12 17:13 21741864 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
--------- 2006-03-29 17:12 364544 C:\Program Files\TP-LINK\TWCU\TWCU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-10-16 19:30 16855552 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"EhttpSrv"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\8BallClub\\GameDirector.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
S3 PageFau1t;PageFau1t;C:\Documents and Settings\Artur\Pulpit\sXe Hacked v6.9\PageFau1t.sys [ ]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 11:54:56
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-25 11:55:37
ComboFix-quarantined-files.txt 2008-10-25 09:55:33
ComboFix2.txt 2008-10-25 07:56:10
ComboFix3.txt 2008-10-24 17:01:29
ComboFix4.txt 2008-10-24 15:37:19
Przed: 3 991 777 280 bajtów wolnych
Po: 3,981,193,216 bajtów wolnych
180