05.12.2008, 18:20
Kod:
ComboFix 08-12-05.01 - Damian 2008-12-05 18:09:25.2 - NTFSx86
Microsoft Windows XP Professional5.1.2600.3.1250.1.1045.18.578 [GMT 1:00]
Uruchomiony z: d:documents and settingsDamianPulpitComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:windowssystem32jkkKebXR.dll
d:windowssystem32mzceog.dll
d:windowssystem32nfgsbqwx.dll
d:windowssystem32rqRLfcda.dll
d:windowssystem32RXbeKkkj.ini
d:windowssystem32RXbeKkkj.ini2
d:windowssystem32tuvstQHW.dll
d:windowsTasksojywhjby.job
.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-05 do 2008-12-05)))))))))))))))))))))))))))))))
.
2008-12-06 10:10 . 2008-12-06 10:10 107,888 --a------ d:windowssystem32CmdLineExt.dll
2008-12-02 20:07 . 2008-12-02 20:07 <DIR> d-------- d:windowssystem32xlive
2008-12-02 20:07 . 2008-12-02 20:08 <DIR> d-------- d:windowssystem32driversumdf
2008-12-02 20:06 . 2008-12-03 22:55 <DIR> d-------- d:program filesMicrosoft Games for Windows - LIVE
2008-12-02 19:35 . 2008-12-02 19:35 <DIR> d-------- d:program filesMSBuild
2008-12-02 19:32 . 2008-12-02 19:32 <DIR> d-------- d:windowssystem32XPSViewer
2008-12-02 19:32 . 2008-12-02 19:32 <DIR> d-------- d:program filesReference Assemblies
2008-12-02 19:31 . 2006-06-29 13:07 14,048 --------- d:windowssystem32spmsg2.dll
2008-11-29 10:21 . 2008-11-29 10:21 <DIR> d-------- d:documents and settingsDamianDane aplikacjiCapcom
2008-11-23 22:43 . 2008-11-23 22:43 43,698 --a------ d:windowssystem32xvid-uninstall.exe
2008-11-23 18:29 . 2008-11-23 18:29 <DIR> d-------- d:documents and settingsDamianDane aplikacjiVSRevoGroup
2008-11-23 17:17 . 2008-11-23 17:56 <DIR> d-------- d:program filesNAPI-PROJEKT
2008-11-20 22:21 . 2008-11-20 22:21 <DIR> d-------- d:documents and settingsDamianDane aplikacjiAshampoo
2008-11-20 22:21 . 2008-11-20 22:21 <DIR> d-------- d:documents and settingsAll UsersDane aplikacjiashampoo
2008-11-16 12:51 . 2008-11-16 12:51 <DIR> d-------- d:program filesCommon FilesDirectX
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 14:57 --------- d-----w d:program filesJava
2008-12-06 08:00 --------- d--h--w d:program filesInstallShield Installation Information
2008-12-05 17:03 --------- d-----w d:documents and settingsDamianDane aplikacjiSkype
2008-12-05 17:01 --------- d---a-w d:documents and settingsAll UsersDane aplikacjiTEMP
2008-12-05 13:43 --------- d-----w d:documents and settingsAll UsersDane aplikacjiSpybot - Search & Destroy
2008-12-05 13:12 --------- d-----w d:documents and settingsAll UsersDane aplikacjiAntiVir PersonalEdition Classic
2008-12-04 18:22 --------- d-----w d:documents and settingsDamianDane aplikacjiGanymedeNet
2008-12-04 17:28 --------- d-----w d:documents and settingsDamianDane aplikacjiuTorrent
2008-12-04 15:05 --------- d-----w d:documents and settingsDamianDane aplikacjiskypePM
2008-11-29 14:01 183,112 ----a-w d:windowssystem32PnkBstrB.exe
2008-11-29 14:01 138,184 ----a-w d:windowssystem32driversPnkBstrK.sys
2008-11-21 19:11 66,872 ----a-w d:windowssystem32PnkBstrA.exe
2008-11-10 04:43 410,984 ----a-w d:windowssystem32deploytk.dll
2008-11-08 17:16 --------- d-----w d:program filesCommon FilesAdobe
2008-11-06 20:49 --------- d-----w d:documents and settingsDamianDane aplikacjiHamachi
2008-11-06 19:41 25,280 ----a-w d:windowssystem32drivershamachi.sys
2008-10-31 21:42 --------- d-----w d:program filesSystemRequirementsLab
2008-10-28 16:41 14,303,392 ----a-w d:windowssystem32xlive.dll
2008-10-28 16:41 13,643,936 ----a-w d:windowssystem32xlivefnt.dll
2008-10-21 15:22 607,640 ----a-w d:documents and settingsDamianjre-6u10-windows-i586-p-iftw.exe
2008-10-21 15:22 209,816 ----a-w d:documents and settingsDamianjre-6u10-windows-i586-p-iftw-k.exe
2008-10-21 15:22 16,156,056 ----a-w d:documents and settingsDamianjre-6u10-windows-i586-p.exe
2008-10-20 14:50 --------- d-----w d:documents and settingsDamianDane aplikacjiDivX
2008-10-12 11:06 --------- d-----w d:program filesDivX
2008-09-16 00:14 524,288 ----a-w d:windowssystem32DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w d:windowssystem32qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w d:windowssystem32dpl100.dll
2008-09-16 00:12 593,920 ----a-w d:windowssystem32dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w d:windowssystem32dpv11.dll
2008-09-16 00:12 53,248 ----a-w d:windowssystem32dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w d:windowssystem32dpus11.dll
2008-09-16 00:12 294,912 ----a-w d:windowssystem32dpu11.dll
2008-09-16 00:12 294,912 ----a-w d:windowssystem32dpu10.dll
2008-09-16 00:12 200,704 ----a-w d:windowssystem32ssldivx.dll
2008-09-16 00:12 196,608 ----a-w d:windowssystem32dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w d:windowssystem32libdivx.dll
2008-09-16 00:11 823,296 ----a-w d:windowssystem32divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w d:windowssystem32divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w d:windowssystem32divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w d:windowssystem32divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w d:windowssystem32DivX.dll
2008-09-16 00:11 161,096 ----a-w d:windowssystem32DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w d:windowssystem32DivXWMPExtType.dll
2008-03-16 16:31 22,328 ----a-w d:documents and settingsDamianDane aplikacjiPnkBstrK.sys
2008-01-20 19:17 32 ----a-w d:documents and settingsAll UsersDane aplikacjiezsid.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="d:windowssystem32ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:program filesSpybot - Search & DestroyTeaTimer.exe" [2008-09-16 1833296]
"Gadu-Gadu"="c:program filesGadu-Gadugg.exe" [2008-03-20 2127296]
"DAEMON Tools Lite"="c:program filesDAEMON Tools Litedaemon.exe" [2008-07-24 490952]
"Skype"="d:program filesSkypePhoneSkype.exe" [2007-12-12 21686568]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"AudioDeck"="d:program filesVIAVIAudioiSBADeckADeck.exe" [2006-11-02 528384]
"HP Software Update"="c:program filesHPHP Software UpdateHPWuSchd2.exe" [2006-02-19 49152]
"avgnt"="d:program filesAntiVir PersonalEdition Classicavgnt.exe" [2008-07-18 266497]
"SunJavaUpdateSched"="d:program filesJavajre6binjusched.exe" [2008-11-10 136600]
"00PCTFW"="c:program filesPC Tools Firewall PlusFirewallGUI.exe" [2008-08-14 2611096]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="d:windowssystem32CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"VIDC.JPGL"= jpgl.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]
@=""
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 8.0ReaderReader_sl.exe"
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Gadu-Gadu\gg.exe"=
"c:\Program Files\uTorrent\utorrent.exe"=
"c:\Program Files\EA SPORTS\FIFA 07\fifa07.exe"=
"c:\Program Files\eMule\emule.exe"=
"d:\Program Files\Mozilla Firefox\firefox.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=
"c:\Program Files\EA SPORTS\FIFA 08\FIFA08.exe"=
"c:\Program Files\Hamachi\hamachi.exe"=
"d:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\SopCast\adv\SopAdver.exe"=
"c:\Program Files\SopCast\SopCast.exe"=
"d:\WINDOWS\system32\PnkBstrA.exe"=
"d:\WINDOWS\system32\PnkBstrB.exe"=
"d:\WINDOWS\system32\LEXPPS.EXE"=
"c:\Program Files\EA SPORTS\UEFA EURO 2008\EURO08.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"=
"c:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"=
"d:\Program Files\Skype\Phone\Skype.exe"=
R0 xfilt;VIA SATA IDE Hot-plug Driver;d:windowssystem32DRIVERSxfilt.sys [2007-03-12 11264]
R1 pctfw2;pctfw2;??d:windowssystem32driverspctfw2.sys [2008-08-12 160792]
S3 FWAuth;FWAuth Driver;??d:windowssystem32driversFWAuthDriver.sys []
S3 SER120;OTI Serial port driver;d:windowssystem32DRIVERSSER120.sys [2007-06-28 32910]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
BHO-{392ac0d1-176a-41b4-912e-3196ab46cc7f} - (no file)
BHO-{6D62B61B-6433-462D-9C6F-4186A3A11450} - (no file)
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
BHO-{72DFED33-2F8F-490B-929A-522F0D86B373} - (no file)
BHO-{FD0C42C8-1079-4C89-98BC-FA02036C90BD} - d:windowssystem32jkkKebXR.dll
Notify-rqRLfcda - (no file)
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
d:windowsDownloaded Program FilesIR87.txt - d:windowsDownloaded Program FilesIR6.txt
d:windowsDownloaded Program FilesIR159.txt
d:windowsDownloaded Program FilesIR149.txt
d:windowsDownloaded Program FilesIR148.txt
d:windowsDownloaded Program FilesIR144.txt
d:windowsDownloaded Program FilesIR14.txt
d:windowsDownloaded Program FilesIR138.txt
d:windowsDownloaded Program FilesIR13.txt
d:windowsDownloaded Program FilesIR127.txt
d:windowsDownloaded Program FilesIR126.txt
d:windowsDownloaded Program FilesIR110.txt
d:windowsDownloaded Program FilesIR109.txt
d:windowsDownloaded Program FilesIR101.txt
d:windowsDownloaded Program FilesIR100.txt
d:windowsDownloaded Program Filesdict.dat
d:windowsDownloaded Program Filesunicows.dll
d:windowsDownloaded Program Filesiiscomplib2.dll
d:windowsDownloaded Program Filespicn6320.dll
d:windowsDownloaded Program Filespicn9120.dll
d:windowsDownloaded Program Filespicn9020.dll
d:windowsDownloaded Program Filespicn20.dll
d:windowsDownloaded Program FilesAmiDicomDirTreeView21.ocx
d:windowsDownloaded Program FilesAmiViewerLite21.ocx
O16 -: {FC11A119-C2F7-46F4-9E32-937ABA26816E}
file://i:raCdViewer.cab
d:windowsDownloaded Program Filescdviewer.inf
FireFox -: Profile - d:documents and settingsDamianDane aplikacjiMozillaFirefoxProfilesdw57ionl.default
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.onet.pl/
FF -: plugin - c:program filesAdobeReader 8.0Readerbrowsernppdf32.dll
FF -: plugin - d:program filesJavajre6binnew_pluginnpdeploytk.dll
FF -: plugin - d:program filesJavajre6binnew_pluginnpjp2.dll
FF -: plugin - d:program filesMozilla FirefoxpluginsNPBOARDS.dll
FF -: plugin - d:program filesMozilla FirefoxpluginsNPCARDS.dll
FF -: plugin - d:program filesMozilla Firefoxpluginsnpdeploytk.dll
FF -: plugin - d:program filesMozilla Firefoxpluginsnpganymedenet.dll
FF -: plugin - d:program filesMozilla FirefoxpluginsNPPOKER.dll
FF -: plugin - d:program filesMozilla FirefoxpluginsNPROULETTE.dll
FF -: plugin - d:program filesMozilla FirefoxpluginsNPSLOTS70.dll
FF -: plugin - d:program filesMozilla FirefoxpluginsNPSNOOKER.dll
FF -: plugin - d:program filesMozilla FirefoxpluginsNPWORDS.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 18:13:30
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
AudioDeck = d:program filesVIAVIAudioiSBADeckADeck.exe 1????????????????????????????????????????????????
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > ''winlogon.exe''(1380)
d:windowssystem32Ati2evxx.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
d:windowssystem32ati2evxx.exe
d:windowssystem32ati2evxx.exe
d:windowssystem32LEXBCES.EXE
d:windowssystem32LEXPPS.EXE
d:program filesAntiVir PersonalEdition Classicsched.exe
d:program filesAntiVir PersonalEdition Classicavguard.exe
d:windowsATKKBService.exe
d:program filesJavajre6binjqs.exe
c:program filesPC Tools Firewall PlusFWService.exe
d:windowssystem32HPZipm12.exe
d:windowssystem32PnkBstrA.exe
d:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-05 18:17:15 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt2008-12-05 17:17:03
ComboFix2.txt2008-07-18 16:00:17
Przed: 27 381 637 120 bajtów wolnych
Po: 27,378,663,424 bajtów wolnych
241oto log z combofix. wpisy w hjt usunalem przed uruchomieniem combofix
Nie ważne jak mocno uderzasz, ale jak mocny cios potrafisz przyjąć od życia i iść dalej. Ile możesz znieść i ciągle iść na przód! Tak się wygrywa. Użalanie się nad sobą nie przynosi rozwiązań.... !