ComboFix 09-02-28.01 - Marta C 2009-03-01 12:35:07.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.447.120 [GMT 1:00] Uruchomiony z: d:\lapik\instalki\antyviry\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\myglobalsearch c:\program files\myglobalsearch\bar\History\search c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\windows\system32\FTPx.dll c:\windows\system32\MabryObj.dll . ((((((((((((((((((((((((( Pliki utworzone od 2009-02-01 do 2009-03-01 ))))))))))))))))))))))))))))))) . 2009-03-01 09:29 . 2009-03-01 09:35 d-------- c:\windows\LastGood 2009-03-01 08:56 . 2009-03-01 08:56 d-------- c:\program files\Trend Micro 2009-03-01 00:19 . 2009-03-01 08:52 d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-02-26 16:17 . 2009-02-27 18:18 d-------- c:\program files\SkanerOnline 2009-02-25 23:08 . 2009-02-25 23:08 d-------- c:\program files\Softwin 2009-02-25 16:25 . 2009-02-25 16:25 d-------- c:\documents and settings\Marta C\Dane aplikacji\Uniblue 2009-02-18 21:02 . 2002-11-18 19:41 2,730,595 --a------ c:\windows\Desinstalar Tzar edición de oro.exe 2009-02-18 20:59 . 2009-02-22 20:55 d-------- c:\program files\Tzar edicion de oro 2009-02-18 20:48 . 2009-02-18 20:48 d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro 2009-02-18 19:33 . 2009-02-18 19:33 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-02-18 19:32 . 2009-02-18 20:59 d-------- c:\documents and settings\Marta C\Dane aplikacji\DAEMON Tools Pro . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-01 11:37 --------- d-----w c:\documents and settings\Marta C\Dane aplikacji\DNA 2009-03-01 07:37 --------- d-----w c:\program files\DNA 2009-02-27 18:16 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-27 16:16 --------- d-----w c:\program files\mks_vir_2007 2009-02-26 05:32 --------- d-----w c:\program files\Common Files\Softwin 2009-02-26 05:22 81,984 ----a-w c:\windows\system32\bdod.bin 2009-02-25 22:11 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\BitDefender 2009-02-24 21:39 --------- d-----w c:\documents and settings\Marta C\Dane aplikacji\BitTorrent 2009-02-23 19:58 --------- d-----w c:\documents and settings\Marta C\Dane aplikacji\Skype 2009-02-23 19:52 --------- d-----w c:\documents and settings\Marta C\Dane aplikacji\skypePM 2009-01-26 21:06 --------- d-----w c:\program files\Yammer 2009-01-26 21:06 --------- d-----w c:\documents and settings\Marta C\Dane aplikacji\Yammer.1C64ACFBCC9A2B44D03F94584C23C18CE18750A1.1 2009-01-23 16:02 --------- d-----w c:\program files\Common Files\Adobe AIR 2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll 2009-01-21 14:08 --------- d-----w c:\program files\Java . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 68856] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-05-25 1253376] "BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\BitTorrent_DNA\\dna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-09-11 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2007-09-11 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2007-09-11 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2007-09-11 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2007-09-11 83344] S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2007-09-11 17616] S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2007-09-11 69680] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30bbf580-dd32-11dc-b5ee-00e06f874313}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(&0)\command - Recycled\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Marta C\Dane aplikacji\Mozilla\Firefox\Profiles\5gocrgdz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-01 12:44:00 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? skanowanie ukrytych plików ... ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2009-03-01 12:49:39 ComboFix-quarantined-files.txt 2009-03-01 11:48:17 Przed: 5 240 238 080 bajtów wolnych Po: 7,443,341,312 bajtów wolnych 138 --- E O F --- 2008-12-12 10:57:55