File::
C:\Windows\system32\urqRKCvW.dll
C:\Windows\system32\rlpuuufu.dll
C:\Windows\system32\bycyixhs.dll
, po tym "wizualnie" wszystko wróciło do normy, za pomoc z góry dziękuję
ComboFix 08-09-20.05 - Tom 2008-09-21 21:07:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.369 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Tom\Moje dokumenty\ComboFix.exe
Użyto następujących komend :: C:\Documents and Settings\Tom\Moje dokumenty\CFScript.txt
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
FILE ::
C:\Windows\system32\bycyixhs.dll
C:\Windows\system32\rlpuuufu.dll
C:\Windows\system32\urqRKCvW.dll
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Ania\Cookies\ania@tradedoubler[2].txt
C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\WINDOWS\system32\blphcn4dj0e90g.scr
C:\WINDOWS\system32\lphcn4dj0e90g.exe
C:\WINDOWS\system32\phcn4dj0e90g.bmp
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssservers.dat
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((( Pliki utworzone od 2008-08-21 do 2008-09-21 )))))))))))))))))))))))))))))))
.
2008-09-21 19:23 . 2008-09-21 19:44 <DIR> d-------- C:\Program Files\a-squared Free
2008-09-21 18:17 . 2008-09-21 21:11 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-09-21 18:17 . 2008-09-21 18:17 77,824 --a------ C:\WINDOWS\system32\TDSSpsnn.dll
2008-09-21 18:16 . 2008-09-21 18:17 55,296 --a------ C:\WINDOWS\system32\drivers\TDSSjcxe.sys
2008-09-21 18:16 . 2008-09-21 18:17 36,352 --a------ C:\WINDOWS\system32\TDSSjjsm.dll
2008-09-15 19:30 . 2008-09-15 19:30 <DIR> d-------- C:\Program Files\Migajek Software
2008-09-15 19:30 . 2008-09-15 19:34 <DIR> d-------- C:\Documents and Settings\Tom\Dane aplikacji\HateML
2008-09-10 22:00 . 2008-09-21 14:14 <DIR> d-------- C:\Documents and Settings\Ania\Dane aplikacji\OpenOffice.org2
2008-09-04 21:53 . 2008-09-04 21:53 <DIR> d-------- C:\Documents and Settings\Tom\Dane aplikacji\CyberLink
2008-08-26 13:13 . 2008-08-26 13:13 <DIR> d-------- C:\WINDOWS\system32\pl
2008-08-26 13:13 . 2008-08-26 13:13 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-26 13:13 . 2008-08-26 13:13 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 13:11 . 2008-08-26 13:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-26 13:04 . 2008-08-26 13:04 <DIR> d-------- C:\WINDOWS\EHome
2008-08-26 12:23 . 2004-08-04 00:35 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-08-23 13:56 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-23 13:56 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-23 13:56 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 19:16 --------- d-----w C:\Documents and Settings\Tom\Dane aplikacji\OpenOffice.org2
2008-08-15 11:05 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\Gadu-Gadu
2008-08-10 20:37 --------- d-----w C:\Program Files\BearShare
2008-08-07 15:36 --------- d-----w C:\Program Files\Common Files\NSV
2008-08-07 15:28 --------- d-----w C:\Documents and Settings\Tom\Dane aplikacji\Winamp
2008-08-06 18:54 --------- d-----w C:\Program Files\OpenOffice.org 2.1
2008-08-04 19:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-08-04 18:55 --------- d-----w C:\Program Files\IrfanView
2008-08-04 18:54 --------- d-----w C:\Program Files\Winamp Toolbar
2008-08-04 18:54 --------- d-----w C:\Program Files\Winamp
2008-08-04 18:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-08-04 18:53 --------- d-----w C:\Program Files\Winamp Remote
2008-08-04 18:45 --------- d-----w C:\Documents and Settings\Tom\Dane aplikacji\Gadu-Gadu
2008-08-04 18:43 --------- d-----w C:\Program Files\Gadu-Gadu
2008-08-04 18:42 --------- d-----w C:\Program Files\MarBit
2008-08-04 18:38 98,304 ----a-w C:\WINDOWS\system32\qttask.exe
2008-08-04 18:37 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack
2008-08-04 18:28 --------- d-----w C:\Program Files\Alwil Software
2008-08-04 18:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-04 18:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-08-04 18:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 18:23 --------- d-----w C:\Program Files\CyberLink
2008-08-04 18:21 --------- d-----w C:\Program Files\Ahead
2008-08-04 18:19 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-04 18:18 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-04 18:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-08-04 18:14 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-04 18:14 --------- d-----w C:\Program Files\GIGABYTE
2008-08-04 18:13 --------- d-----w C:\Documents and Settings\Tom\Dane aplikacji\InstallShield
2008-08-04 18:10 --------- d-----w C:\Program Files\ATI Technologies
2008-08-04 18:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-04 18:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-04 17:57 --------- d-----w C:\Program Files\Usługi online
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 335872]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2008-08-04 98304]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 36352]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-10-06 3305472]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\Ania\Menu Start\Programy\Autostart\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
C:\Documents and Settings\Tom\Menu Start\Programy\Autostart\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Gigabyte Wireless Utility.lnk - C:\Program Files\GIGABYTE\Common\GNConfig.exe [2008-08-04 741376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys]
@="driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Migajek Software\\HateML\\DbgListener\\DbgListener.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-lphcn4dj0e90g - C:\WINDOWS\system32\lphcn4dj0e90g.exe
HKLM-Run-inrhcj4dj0e90g - C:\Documents and Settings\Tom\Ustawienia lokalne\Temp\.tt198.tmp.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 21:16:35
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
PROCES: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.dll.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
.
**************************************************************************
.
Czas ukończenia: 2008-09-21 21:17:53 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-09-21 19:17:46
Przed: 25˙882˙550˙272 bajt˘w wolnych
Po: 26,096,357,376 bajt˘w wolnych
194 --- E O F --- 2008-09-09 18:18:35
