ComboFix 10-10-12.03 - Anetka 2010-10-14 9:49.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.895.360 [GMT 2:00] Uruchomiony z: c:\documents and settings\Anetka\Pulpit\ComboFix.exe AV: COMODO Antivirus *On-access scanning disabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dane aplikacji\hpe27.dll c:\documents and settings\All Users\Dane aplikacji\hpeA6.dll . ((((((((((((((((((((((((( Pliki utworzone od 2010-09-14 do 2010-10-14 ))))))))))))))))))))))))))))))) . 2010-10-14 06:24 . 2010-10-14 06:24 -------- d-----w- C:\VritualRoot 2010-10-14 06:21 . 2010-10-14 06:21 -------- d-----w- c:\program files\COMODO 2010-10-14 05:55 . 2010-10-14 07:25 -------- d-----w- c:\documents and settings\Anetka\Dane aplikacji\Skype 2010-10-14 05:55 . 2010-10-14 05:55 -------- d-----w- c:\program files\Common Files\Skype 2010-10-14 05:55 . 2010-10-14 05:55 -------- d-----r- c:\program files\Skype 2010-10-13 18:19 . 2010-10-14 06:35 -------- d-----w- c:\program files\Kalendarz XP 2010-10-13 16:28 . 2010-10-13 16:40 85328 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-10-13 16:26 . 2010-10-14 06:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Comodo 2010-10-13 16:21 . 2010-10-13 16:21 -------- d-----w- c:\documents and settings\Anetka\Ustawienia lokalne\Dane aplikacji\Opera 2010-10-13 16:21 . 2010-10-13 16:21 -------- d-----w- c:\program files\Opera 2010-10-12 14:43 . 2010-10-13 18:42 -------- d-----w- c:\documents and settings\Anetka\Dane aplikacji\uTorrent 2010-10-12 14:09 . 2010-10-13 18:47 -------- d-----w- c:\program files\blueconnect . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "ACU"="c:\program files\Atheros\ACU.exe" [2006-07-04 336001] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-11-10 1725440] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2010-10-13 882176] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Anetka^Menu Start^Programy^Autostart^Spis treści programu OneNote.onetoc2] path=c:\documents and settings\Anetka\Menu Start\Programy\Autostart\Spis treści programu OneNote.onetoc2 backup=c:\windows\pss\Spis treści programu OneNote.onetoc2Startup [HKLM\~\startupfolder\C:^Documents and Settings^Anetka^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk] path=c:\documents and settings\Anetka\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10] 2010-05-04 14:05 11981408 ----a-w- c:\program files\Gadu-Gadu 10\gg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2009-05-18 15:56 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2009-09-24 12:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\hotpliki\\aplikacja\\gift\\giftl.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Wru\\Wru.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7421:TCP"= 7421:TCP:hdouec R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-09-10 15592] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-09-10 239240] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-09-10 25240] R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-06-03 306296] R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-06-03 162936] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-05-16 27632] S2 moivcyxx;Image Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2010-05-16 90112] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-04-29 1684736] S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2010-06-07 221184] S3 fzymaqvoi;fzymaqvoi;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-05-16 13224] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-05-16 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-05-16 8320] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-05-16 86696] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-05-16 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-05-16 114472] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-05-16 108328] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-05-16 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-05-16 104616] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-05-16 109736] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - ASNDIS5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs moivcyxx [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-05-18 15:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.bearshare.com/ uSearchMigratedDefaultURL = hxxp://dpxml.infospace.com/info/dog/webresults.htm?&qkw={searchTerms} uInternet Connection Wizard,ShellNext = iexplore IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {EA2839F2-3E23-4B74-88AA-ED2BDC773E87} = 208.67.222.222,194.204.159.1 FF - ProfilePath - c:\documents and settings\Anetka\Dane aplikacji\Mozilla\Firefox\Profiles\xfg81lt5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/ FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&q= FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: c:\documents and settings\Anetka\Dane aplikacji\Mozilla\plugins\np-mswmp.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-IPLA! - c:\program files\ipla\ipla.exe MSConfigStartUp-Nokia - c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe AddRemove-gratkaRP - c:\gratka\Rzymska_Przygoda\uninstall.exe AddRemove-Tactical Ops - c:\program files\Infogrames\Tactical Ops\Uninst.isu [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fzymaqvoi] "ImagePath"="\??\c:\windows\system32\01.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\moivcyxx] "ServiceDll"="c:\windows\system32\bkyefuod.dll" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(852) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(908) c:\windows\system32\guard32.dll . Czas ukończenia: 2010-10-14 10:02:08 ComboFix-quarantined-files.txt 2010-10-14 08:02 Przed: 39 598 612 480 bajtów wolnych Po: 40 279 502 848 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 4931BEAF0DB84E4749ED259E4455956D