ComboFix 10-11-12.01 - Mikel 2010-11-17 17:39:55.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1733 [GMT 1:00] Uruchomiony z: c:\documents and settings\Mikel\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Mikel\AUTORUN.INF c:\documents and settings\Mikel\Dane aplikacji\facemoods.com c:\documents and settings\Mikel\ktper.exe c:\documents and settings\Mikel\ktper.scr c:\program files\facemoods.com c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.crx c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.png c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsApp.dll c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsEng.dll c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe c:\windows\system32\_000009_.tmp.dll c:\windows\system32\explorer.exe D:\autorun.inf . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AIC32P -------\Service_aic32p ((((((((((((((((((((((((( Pliki utworzone od 2010-10-17 do 2010-11-17 ))))))))))))))))))))))))))))))) . 2010-11-16 09:49 . 2010-11-16 09:50 -------- d-----w- C:\4313eeb11a2cf22225a89ad6 2010-11-16 09:11 . 2010-11-16 09:11 -------- d-----w- C:\daf18cc39946a920a700e4 2010-11-16 09:11 . 2010-11-16 09:11 -------- d-----w- C:\e5ec0aa6d4d53e92f30bc3ddf73d 2010-11-15 22:30 . 2010-11-15 22:30 -------- d-----w- C:\a79f7f558867bbc14e99f6f318b7c93f 2010-11-15 22:30 . 2010-11-15 22:30 -------- d-----w- C:\a90529b1543617603bcb 2010-11-15 18:21 . 2010-11-16 20:06 -------- d-----r- C:\Program Files 2010-11-15 18:13 . 2010-11-15 17:39 -------- d-----w- C:\Documents and Settings . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 11:23 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2008-04-15 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2008-04-15 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-09 14:23 . 2008-04-15 12:00 669696 ----a-w- c:\windows\system32\wininet.dll 2010-09-09 14:23 . 2008-04-15 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2010-09-09 14:23 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-09-09 14:16 . 2008-04-15 12:00 370688 ----a-w- c:\windows\system32\html.iec 2010-09-01 11:52 . 2008-04-15 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:57 . 2008-04-15 12:00 1853056 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:03 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:54 . 2008-04-15 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2010-08-27 01:43 5632 ------w- c:\windows\system32\SET535.tmp 2010-08-26 13:39 . 2008-04-15 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:12 . 2008-04-15 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateMyDrivers"="c:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe" [2010-11-02 4388744] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12722784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-06-22 1298432] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 110592] "FC097D"="c:\windows\system32\E2EB09\FC097D.EXE" [2010-11-15 1468375] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 114688] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\Mikel\Menu Start\Programy\Autostart\ FC097D.lnk - c:\windows\system32\E2EB09\FC097D.EXE [2010-11-15 1468375] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\DCIM.exe"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"= "c:\\WINDOWS\\System32\\WLTRYSVC.EXE"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\WINDOWS\\system32\\WLTRAY.exe"= "c:\\WINDOWS\\System32\\bcmwltry.exe"= --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - AIC32P . . ------- Skan uzupełniający ------- . uStart Page = hxxp://start.facemoods.com/?a=tweak IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll HKCU-Run-wsctf.exe - wsctf.exe HKCU-Run-ktper - c:\documents and settings\Mikel\ktper.exe HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-17 17:45 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(704) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE . ************************************************************************** . Czas ukończenia: 2010-11-17 17:48:22 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-11-17 16:48 Przed: 65 583 009 792 bajtów wolnych Po: 66 124 963 840 bajtów wolnych - - End Of File - - 33F43423A8B70F4DCD5840C453C46A36