ComboFix 09-02-28.01 - Marta C 2009-03-01 12:35:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.447.120 [GMT 1:00]
Uruchomiony z: d:\lapik\instalki\antyviry\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\History\search
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\system32\FTPx.dll
c:\windows\system32\MabryObj.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-01 do 2009-03-01 )))))))))))))))))))))))))))))))
.
2009-03-01 09:29 . 2009-03-01 09:35
d-------- c:\windows\LastGood
2009-03-01 08:56 . 2009-03-01 08:56 d-------- c:\program files\Trend Micro
2009-03-01 00:19 . 2009-03-01 08:52 d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-26 16:17 . 2009-02-27 18:18 d-------- c:\program files\SkanerOnline
2009-02-25 23:08 . 2009-02-25 23:08 d-------- c:\program files\Softwin
2009-02-25 16:25 . 2009-02-25 16:25 d-------- c:\documents and settings\Marta C\Dane aplikacji\Uniblue
2009-02-18 21:02 . 2002-11-18 19:41 2,730,595 --a------ c:\windows\Desinstalar Tzar edición de oro.exe
2009-02-18 20:59 . 2009-02-22 20:55 d-------- c:\program files\Tzar edicion de oro
2009-02-18 20:48 . 2009-02-18 20:48 d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-02-18 19:33 . 2009-02-18 19:33 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-18 19:32 . 2009-02-18 20:59 d-------- c:\documents and settings\Marta C\Dane aplikacji\DAEMON Tools Pro
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 11:37 --------- d-----w c:\documents and settings\Marta C\Dane aplikacji\DNA
2009-03-01 07:37 --------- d-----w c:\program files\DNA
2009-02-27 18:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-27 16:16 --------- d-----w c:\program files\mks_vir_2007
2009-02-26 05:32 --------- d-----w c:\program files\Common Files\Softwin
2009-02-26 05:22 81,984 ----a-w c:\windows\system32\bdod.bin
2009-02-25 22:11 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\BitDefender
2009-02-24 21:39 --------- d-----w c:\documents and settings\Marta C\Dane aplikacji\BitTorrent
2009-02-23 19:58 --------- d-----w c:\documents and settings\Marta C\Dane aplikacji\Skype
2009-02-23 19:52 --------- d-----w c:\documents and settings\Marta C\Dane aplikacji\skypePM
2009-01-26 21:06 --------- d-----w c:\program files\Yammer
2009-01-26 21:06 --------- d-----w c:\documents and settings\Marta C\Dane aplikacji\Yammer.1C64ACFBCC9A2B44D03F94584C23C18CE18750A1.1
2009-01-23 16:02 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll
2009-01-21 14:08 --------- d-----w c:\program files\Java
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 68856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-05-25 1253376]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-09-11 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2007-09-11 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2007-09-11 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2007-09-11 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2007-09-11 83344]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2007-09-11 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2007-09-11 69680]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30bbf580-dd32-11dc-b5ee-00e06f874313}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Marta C\Dane aplikacji\Mozilla\Firefox\Profiles\5gocrgdz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 12:44:00
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
skanowanie ukrytych plików ...
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-03-01 12:49:39
ComboFix-quarantined-files.txt 2009-03-01 11:48:17
Przed: 5 240 238 080 bajtów wolnych
Po: 7,443,341,312 bajtów wolnych
138 --- E O F --- 2008-12-12 10:57:55