ComboFix 12-04-16.01 - Kris 2012-04-16 12:47:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1027 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Kris\Moje dokumenty\Pobieranie\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ADS - WINNT: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\documents and settings\Kris\szsgt.exe
c:\documents and settings\Kris\WINDOWS
c:\winnt\XSxS
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-03-16 do 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 10:47 . 2012-04-16 10:47 -------- d-----w- c:\winnt\LastGood
2012-04-14 20:22 . 2012-04-14 20:22 -------- d-----w- c:\documents and settings\Kris\Ustawienia lokalne\Dane aplikacji\ESET
2012-04-12 20:57 . 2012-04-12 20:59 -------- d-----w- c:\program files\AutoMapa EU
2012-04-08 18:58 . 2012-04-08 18:58 -------- d-----w- c:\program files\Common Files\Java
2012-04-08 18:57 . 2012-04-08 18:57 73728 ----a-w- c:\winnt\system32\javacpl.cpl
2012-03-30 11:35 . 2012-03-30 12:01 -------- d-----w- c:\program files\Convar
2012-03-18 06:59 . 2012-03-18 06:59 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 06:59 . 2012-03-18 06:59 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 18:57 . 2010-11-16 18:51 472808 ----a-w- c:\winnt\system32\deployJava1.dll
2012-03-18 06:59 . 2011-04-18 10:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-17 739704]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-12-11 25343016]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"BigDog303"="c:\winnt\VM303_STI.EXE" [2005-10-25 61440]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\NX Client for Windows\\nxclient.exe"=
"c:\\Program Files\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [2010-03-03 691696]
R4 ehdrv;ehdrv;c:\winnt\system32\DRIVERS\ehdrv.sys --> c:\winnt\system32\DRIVERS\ehdrv.sys [?]
R4 epfwtdir;epfwtdir;c:\winnt\system32\DRIVERS\epfwtdir.sys --> c:\winnt\system32\DRIVERS\epfwtdir.sys [?]
S3 B-Service;B-Service;c:\documents and settings\Kris\Moje dokumenty\Pobieranie\B-Service.exe --> c:\documents and settings\Kris\Moje dokumenty\Pobieranie\B-Service.exe [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\winnt\system32\drivers\ggflt.sys [2012-01-09 13224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\winnt\system32\drivers\s1018bus.sys [2012-01-03 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\winnt\system32\drivers\s1018mdfl.sys [2012-01-03 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\winnt\system32\drivers\s1018mdm.sys [2012-01-03 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\winnt\system32\drivers\s1018mgmt.sys [2012-01-03 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\winnt\system32\drivers\s1018nd5.sys [2012-01-03 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\winnt\system32\drivers\s1018obex.sys [2012-01-03 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\winnt\system32\drivers\s1018unic.sys [2012-01-03 109864]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-04-02 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Skan uzupełniający -------
.
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.179.1.62 192.168.0.1
FF - ProfilePath - c:\documents and settings\Kris\Dane aplikacji\Mozilla\Firefox\Profiles\sogr9q7d.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file)
WebBrowser-{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-16 12:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\winnt\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)??????????????????0?????????@??????????????
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
[at]Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
"LastWPAEventLogged"=hex:d5,07,05,00,06,00,07,00,0f,00,38,00,24,00,fd,02
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\winnt\system32\Ati2evxx.dll
.
Czas ukończenia: 2012-04-16 12:55:41
ComboFix-quarantined-files.txt 2012-04-16 10:55
.
Przed: 14 477 033 472 bajtów wolnych
Po: 15 896 662 016 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 474CFFEFF9A9455C36552108776C8A41