ComboFix 11-11-22.01 - Tomek 2011-11-22 19:46:21.6.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1760 [GMT 1:00] Uruchomiony z: c:\documents and settings\Tomek\Pulpit\ComboFix.exe AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Zapora osobista *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . . ((((((((((((((((((((((((( Pliki utworzone od 2011-10-22 do 2011-11-22 ))))))))))))))))))))))))))))))) . . 2011-11-22 05:09 . 2011-11-22 05:09 428088 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-11-21 20:59 . 2008-04-15 12:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys 2011-11-21 20:59 . 2008-04-15 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys 2011-11-21 19:10 . 2011-11-21 19:10 -------- d-s---w- c:\documents and settings\Tomek\UserData 2011-11-20 19:50 . 2011-11-22 17:20 -------- d-----w- c:\program files\TNod User & Password Finder 2011-11-20 19:49 . 2011-11-20 19:49 -------- d-----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\ESET 2011-11-20 19:49 . 2011-11-20 19:49 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\ESET 2011-11-20 19:49 . 2011-11-20 19:49 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET 2011-11-20 19:48 . 2011-11-20 19:48 -------- d-----w- c:\program files\ESET 2011-11-20 19:48 . 2011-11-20 19:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET 2011-11-20 10:12 . 2011-11-20 10:12 -------- d-s---w- c:\documents and settings\LocalService\UserData 2011-11-20 10:03 . 2011-11-22 17:20 -------- d-sh--w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\6525ab2d 2011-11-12 14:09 . 2011-11-12 14:09 679936 ----a-w- c:\windows\system32\Fliqlo.scr 2011-11-12 14:09 . 2011-11-12 14:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Screentime 2011-11-12 14:09 . 2011-11-12 14:09 -------- d-----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Screentime 2011-11-09 19:33 . 2011-11-09 19:33 -------- d-----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\SKIDROW 2011-11-08 20:42 . 2011-11-08 20:42 338432 ----a-w- c:\windows\system32\Mss32.dll 2011-11-08 20:26 . 2011-11-08 20:26 -------- d-----w- c:\program files\Common Files\Steam . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-20 06:56 . 2011-07-03 06:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-12 21:54 . 2011-11-12 21:43 4 ----a-w- C:\napis.zip 2011-10-10 14:22 . 2011-04-16 19:12 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 09:41 . 2008-07-29 17:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2008-04-15 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2008-04-15 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-06 14:10 . 2008-04-15 12:00 1859200 ----a-w- c:\windows\system32\win32k.sys 2011-09-05 13:56 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-09-05 13:56 . 2008-04-15 12:00 669696 ----a-w- c:\windows\system32\wininet.dll 2011-09-05 13:56 . 2008-04-15 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-09-05 13:55 . 2008-04-15 12:00 370688 ----a-w- c:\windows\system32\html.iec 2011-11-10 05:14 . 2011-06-18 07:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-07-03 2177576] "EADM"="c:\program files\Origin\Origin.exe" [2011-11-07 28846216] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "Steam"="d:\steam\Steam.exe" [2011-11-08 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\Updreg.exe" [2000-05-10 90112] "AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 180224] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272] "NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000] "TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [BU] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\Tomek\Menu Start\Programy\Autostart\ Miranda IM.lnk - c:\program files\Miranda IM\miranda32.exe [2010-3-4 817760] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Miranda IM\\miranda32.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "d:\\FIFA 11\\Game\\fifa.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "d:\\utorrent.exe"= "d:\\Virtua Tennis 4\\VT4.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "e:\\Dassault Systemes\\B16\\intel_a\\code\\bin\\orbixd.exe"= "e:\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\FIFA 12\\FIFA 12\\Game\\fifa.exe"= "d:\\Steam\\Steam.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\NAPI-PROJEKT\\napisy.exe"= . S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 114984] S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-07-11 14912] S2 BBDemon;Backbone Service;e:\dassault systemes\B16\intel_a\code\bin\CATSysDemon.exe [2005-09-06 35840] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-22 2214504] S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] . . ------- Skan uzupełniający ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 FF - ProfilePath - c:\documents and settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\eyidv2zn.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-22 19:51 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2011-11-22 19:52:06 ComboFix-quarantined-files.txt 2011-11-22 18:52 ComboFix2.txt 2011-11-22 17:22 . Przed: 15 457 587 200 bajtów wolnych Po: 15 444 541 440 bajtów wolnych . - - End Of File - - 3E9B12741A49C12ED6ECC0240E0D6859