ComboFix 12-01-30.02 - Dom 2012-02-02 17:19:18.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1404 [GMT 1:00] Uruchomiony z: c:\documents and settings\Dom\Pulpit\ComboFix.exe AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Zapora osobista *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Dom\USTAWI~1\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll c:\documents and settings\Dom\Ustawienia lokalne\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll c:\windows\msxml4-KB954430-enu.LOG c:\windows\msxml4-KB973688-enu.LOG c:\windows\regopt.log c:\windows\system32\muzapp.exe c:\windows\system32\SET23E.tmp c:\windows\system32\SET24A.tmp c:\windows\system32\SET69.tmp c:\windows\system32\SET6B.tmp c:\windows\system32\SET7B.tmp c:\windows\system32\TZLog.log . . ((((((((((((((((((((((((( Pliki utworzone od 2012-01-02 do 2012-02-02 ))))))))))))))))))))))))))))))) . . 2012-01-14 10:23 . 2012-01-31 19:07 -------- d-----w- C:\Temp 2012-01-11 19:03 . 2012-01-30 20:16 -------- d-----r- C:\Program Files 2012-01-11 19:00 . 2012-01-11 18:22 -------- d-----w- C:\Documents and Settings . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-23 19:58 . 2011-12-23 19:58 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2011-12-23 19:58 . 2011-12-23 19:58 325552 ----a-w- c:\windows\MASetupCaller.dll 2011-12-23 19:58 . 2011-12-23 19:58 30568 ----a-w- c:\windows\MusiccityDownload.exe 2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll 2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll 2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll 2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll 2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll 2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax 2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll 2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll 2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll 2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll 2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll 2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll 2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll 2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax 2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll 2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe 2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll 2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll 2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax 2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll 2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll 2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax 2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax 2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll 2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax 2011-11-25 21:57 . 2006-03-02 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2006-03-02 12:00 1859840 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2006-03-02 12:00 61440 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21 . 2006-03-02 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2006-03-02 12:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-04 19:13 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176] "KiesHelper"="d:\programy\Kies\KiesHelper.exe" [2011-12-27 937360] "KiesPDLR"="d:\programy\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776] "nwiz"="nwiz.exe" [2007-11-06 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264] "Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344] "LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "KiesTrayAgent"="d:\programy\Kies\KiesTrayAgent.exe" [2011-12-27 3508624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ BlueSoleil.lnk - d:\programy\BlueSoleil.exe [2012-1-21 1183744] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Programy\\BlueSoleil.exe"= "d:\\Programy\\Skype\\Phone\\Skype.exe"= . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-01-11 239168] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-08-04 118104] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2012-01-11 38656] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2012-01-26 98560] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2012-01-26 14848] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2012-01-26 123648] S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2012-01-26 100352] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-02-01 c:\windows\Tasks\Norton Security Scan for Dom.job - c:\progra~1\NORTON~2\Engine\361~1.11\Nss.exe [2012-01-23 07:47] . . ------- Skan uzupełniający ------- . TCP: Interfaces\{BA912689-3F7F-4759-B110-01B8DABB8234}: NameServer = 213.199.225.10,213.199.225.14 FF - ProfilePath - c:\documents and settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\5ju11894.default\ FF - prefs.js: browser.startup.homepage - www.google.pl . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-01_Simmental - d:\programy\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - d:\programy\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - d:\programy\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - d:\programy\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - d:\programy\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - d:\programy\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - d:\programy\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - d:\programy\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - d:\programy\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - d:\programy\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - d:\programy\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - d:\programy\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - d:\programy\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - d:\programy\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - d:\programy\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - d:\programy\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - d:\programy\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - d:\programy\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - d:\programy\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-02 17:23 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(3552) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . d:\programy\BTNtService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2012-02-02 17:25:22 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-02-02 16:25 . Przed: 91 158 011 904 bajtów wolnych Po: 91 602 640 896 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - B2716A8AA98D03C49A56182899699589