nie dawno miałem problem z kompem stacjonarnym teraz mam kłopoty z laptopem na początku nie mogłem w chodzić w dyski normalnie tylko z pola adresu ale combofix usunął co trzeba i z tym nie ma problemu ale za to system strasznie wolno się ładuje niby pulpit wyskakuje szybko ale nim pokażą sie wszystkie ikonki w trayu tzn od sieci itp to mija jeszzce kilka minut i przez te kilka minut nie mogę nic uruchomic tylko musze czekac... daję logi z hijacka i combofixa
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:47, on 2009-03-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5277 bytes
- Kod: Zaznacz wszystko
ComboFix 09-03-02.03 - Stepienio 2009-03-03 12:07:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2046.1571 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Stepienio\Pulpit\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))
.
2009-03-03 12:03 . 2009-03-03 12:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 19:51 . 2009-02-28 19:51 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Winamp
2009-02-28 19:50 . 2009-03-03 12:09 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne
2009-02-28 19:50 . 2008-10-07 19:04 <DIR> d-------- c:\documents and settings\Administrator\Ulubione
2009-02-28 19:50 . 2008-10-07 18:11 <DIR> d--h----- c:\documents and settings\Administrator\Szablony
2009-02-28 19:50 . 2009-02-28 20:11 <DIR> d-------- c:\documents and settings\Administrator\Pulpit
2009-02-28 19:50 . 2008-10-07 19:04 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty
2009-02-28 19:50 . 2008-10-07 19:04 <DIR> dr------- c:\documents and settings\Administrator\Menu Start
2009-02-28 19:50 . 2008-10-07 19:04 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji
2009-02-28 19:50 . 2009-02-28 19:51 <DIR> d-------- c:\documents and settings\Administrator
2009-02-27 14:00 . 2009-02-27 14:00 <DIR> d-------- c:\program files\Avira
2009-02-27 14:00 . 2009-02-27 14:00 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Avira
2009-02-26 11:37 . 2009-02-26 11:37 <DIR> d-------- c:\documents and settings\Stepienio\DoctorWeb
2009-02-25 19:06 . 2009-02-25 19:06 <DIR> d-------- c:\program files\Kaspersky Lab
2009-02-25 19:04 . 2009-02-25 19:04 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-02-23 14:21 . 2009-02-28 19:43 588 --a------ c:\windows\system32\settingsbkup.sfm
2009-02-23 14:21 . 2009-02-28 19:43 588 --a------ c:\windows\system32\settings.sfm
2009-02-23 12:25 . 1999-10-11 02:00 41,984 --------- c:\windows\Ctregrun.exe
2009-02-23 12:25 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2009-02-23 12:24 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2009-02-23 12:24 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2009-02-23 12:23 . 2009-02-23 12:23 <DIR> d--h----- c:\program files\Creative Installation Information
2009-02-23 12:23 . 2009-02-23 12:23 <DIR> d-------- c:\program files\Common Files\Creative
2009-02-23 12:17 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE
2009-02-23 12:16 . 2009-02-23 12:16 <DIR> d-------- c:\windows\system32\Data
2009-02-23 12:16 . 2000-12-13 11:21 7,572,224 --------- c:\windows\system32\CT8MGM.SF2
2009-02-23 12:16 . 2004-02-03 04:50 59,392 -ra------ c:\windows\system32\a3d.dll
2009-02-23 12:16 . 2004-11-23 03:52 20,480 --a------ c:\windows\INRES.DLL
2009-02-23 12:15 . 2003-11-11 11:08 77,824 --------- c:\windows\system32\ctdvda32.dll
2009-02-23 10:18 . 2009-02-23 10:18 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-02-22 14:14 . 2009-02-25 20:46 <DIR> d-------- C:\Downloads
2009-02-21 17:19 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-02-21 17:19 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-02-03 18:12 . 2009-02-03 18:12 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-03 18:12 . 2009-02-03 18:12 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 15:46 . 2009-02-03 15:46 193 --a------ c:\windows\dvdtoaviconverter.ini
2009-02-03 14:31 . 2009-02-03 15:46 <DIR> d-------- C:\My Video
2009-02-03 14:27 . 2009-02-03 14:27 <DIR> d-------- c:\program files\MyDVDTools
2009-02-03 14:27 . 2006-03-24 14:55 958,464 --a------ c:\windows\system32\advdaudio.ocx
2009-02-03 14:27 . 2003-08-07 14:01 237,568 --a------ c:\windows\system32\lame_enc.dll
2009-02-03 14:27 . 2002-05-23 20:40 110,080 --a------ c:\windows\system32\advd.dll
2009-02-03 14:27 . 2001-06-23 21:20 23,040 --a------ c:\windows\system32\auth.dll
2009-02-03 14:27 . 2009-02-03 15:46 1 --a------ c:\windows\system32\SysDVDtoavi.dat
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 08:12 --------- d-----w c:\program files\BitComet
2009-02-23 11:53 --------- d-----w c:\program files\Creative
2009-02-23 11:28 --------- d-----w c:\documents and settings\Stepienio\Dane aplikacji\Creative
2009-02-23 11:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 09:56 --------- d-----w c:\program files\VstPlugins
2009-02-03 17:12 --------- d-----w c:\program files\Java
2009-01-30 12:56 --------- d-----w c:\documents and settings\Stepienio\Dane aplikacji\iPlus
2009-01-30 12:52 --------- d-----w c:\program files\iPlus
2009-01-19 14:49 --------- d-----w c:\program files\Microsoft.NET
2009-01-19 14:49 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-19 14:49 --------- d-----w c:\program files\Common Files\L&H
2009-01-19 14:48 --------- d-----w c:\program files\Microsoft Works
2009-01-19 12:59 --------- d-----w c:\program files\microsoft frontpage
2009-01-19 12:03 --------- d-----w c:\program files\Common Files\Java
2009-01-18 22:42 --------- d-----w c:\program files\Image-Line
2009-01-18 22:42 --------- d-----w c:\program files\ASIO4ALL v2
2009-01-18 22:41 --------- d-----w c:\program files\Outsim
2009-01-11 18:39 --------- d-----w c:\documents and settings\Stepienio\Dane aplikacji\U3
2009-01-11 11:23 --------- d-----w c:\program files\Gadu-Gadu
2006-06-15 18:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 16:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 11:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2008-10-14 11:23 76 --sh--r c:\windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2006-11-14 1849032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2009-01-20 07:37 2523960 c:\program files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2007-10-09 18:17 2183168 c:\windows\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 01:44 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-10-31 10:51 57344 c:\program files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 14:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 15:43 118784 c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2006-11-14 10:12 1849032 c:\program files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager]
--a------ 2008-05-30 14:26 409600 c:\program files\iPlus\iPlusChecker.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-02-22 04:46 13508608 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-02-22 04:46 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-05-10 00:01 36864 c:\windows\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
--------- 2005-11-04 18:07 49152 c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-03 18:12 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]
--a------ 2004-08-04 01:44 1033728 c:\windows\explorer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2008-02-22 04:46 86016 c:\windows\system32\nvhotkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-02-22 04:46 1626112 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SbUsb AudCtrl]
-ra------ 2005-05-26 10:52 128000 c:\windows\system32\sbusbdll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-07-27 13:19 282624 c:\windows\stsystra.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\KONAMI\\PES09\\pes2009.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13014:TCP"= 13014:TCP:BitComet 13014 TCP
"13014:UDP"= 13014:UDP:BitComet 13014 UDP
R3 axvbusx;axvbusx;c:\windows\system32\drivers\axvbusx.sys [2002-12-11 8384]
R3 axvscsi;axvscsi;c:\windows\system32\drivers\axvscsi.sys [2002-12-19 97888]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-10-07 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-10-07 7424]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2005-06-10 1694592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\EXPLORER.EXE
\Shell\explore\Command - D:\EXPLORER.EXE
\Shell\open\Command - D:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3681cf96-ed51-11dd-9cf0-001d09d6bb51}]
\Shell\AutoRun\command - J:\d.com
\Shell\explore\Command - J:\d.com
\Shell\open\Command - J:\d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64b4e28e-a1db-11dd-8599-848d8edf3e94}]
\Shell\AutoRun\command - D:\EXPLORER.EXE
\Shell\explore\Command - D:\EXPLORER.EXE
\Shell\open\Command - D:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64b4e293-a1db-11dd-8599-848d8edf3e94}]
\Shell\AutoRun\command - D:\EXPLORER.EXE
\Shell\explore\Command - D:\EXPLORER.EXE
\Shell\open\Command - D:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83fa11fc-961c-11dd-8564-001d09d6bb51}]
\Shell\AutoRun\command - D:\d.com
\Shell\explore\Command - D:\d.com
\Shell\open\Command - D:\d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1808141-eef3-11dd-9cf6-001d09d6bb51}]
\Shell\AutoRun\command - I:\d.com
\Shell\explore\Command - I:\d.com
\Shell\open\Command - I:\d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7f7d402-c47f-11dd-9c5a-001fe1cba7e5}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7f7d403-c47f-11dd-9c5a-001fe1cba7e5}]
\Shell\AutoRun\command - I:\EXPLORER.EXE
\Shell\explore\Command - I:\EXPLORER.EXE
\Shell\open\Command - I:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfb4232e-c139-11dd-9c50-806d6172696f}]
\Shell\AutoRun\command - D:\EXPLORER.EXE
\Shell\explore\Command - D:\EXPLORER.EXE
\Shell\open\Command - D:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d61a7f32-eecd-11dd-9cf5-001d09d6bb51}]
\Shell\AutoRun\command - D:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d61a7f33-eecd-11dd-9cf5-001d09d6bb51}]
\Shell\AutoRun\command - I:\d.com
\Shell\explore\Command - I:\d.com
\Shell\open\Command - I:\d.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc87b05e-e7d7-11dd-9ce1-001d09d6bb51}]
\Shell\AutoRun\command - D:\EXPLORER.EXE
\Shell\explore\Command - D:\EXPLORER.EXE
\Shell\open\Command - D:\EXPLORER.EXE
.
.
------- Skan uzupełniający -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
FF - ProfilePath - c:\documents and settings\Stepienio\Dane aplikacji\Mozilla\Firefox\Profiles\xfsxdkow.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Stepienio\Dane aplikacji\Mozilla\Firefox\Profiles\xfsxdkow.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 12:09:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-682003330-2146954855-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ae,94,33,4c,bf,77,29,6d,41,c8,bf,c1,72,e2,fe,56,67,32,52,b3,44,d2,b0,
9a,0b,08,1c,a1,80,28,76,ad,07,aa,94,62,37,ae,72,8c,24,6e,4a,17,bc,87,64,06,\
"??"=hex:aa,a0,c2,bf,4f,f8,1f,b5,7e,76,c8,94,98,41,55,5f
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(980)
c:\windows\System32\BCMLogon.dll
.
Czas ukończenia: 2009-03-03 12:11:06
ComboFix-quarantined-files.txt 2009-03-03 11:11:03
Przed: 3 740 504 064 bajtów wolnych
Po: 3,735,896,064 bajtów wolnych
244
oraz skasuj folder C:\