ComboFix 10-11-26.07 - Administrator 2010-11-27 20:50:49.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.503.329 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\xmlUpdater.exe c:\documents and settings\Default User\xmlUpdater.exe c:\windows\system32\config\systemprofile\xmlUpdater.exe c:\windows\system32\msconfig.exe D:\autorun.inf F:\autorun.inf G:\autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2010-10-27 do 2010-11-27 ))))))))))))))))))))))))))))))) . Nie utworzono żadnych nowych plików w tym okresie . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2008-07-22 . E88631E21A9CACA06104802F9E915115 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-07-22 . 8CD81261DA6BD4BCFBD857A25220A1FB . 689152 . . [5.82] . . c:\windows\system32\comctl32.dll [7] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [7] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2008-07-22 . 5F1CCDF37F28A88D0473B0C9EA1E0D58 . 487424 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2008-07-22 . 808DE3BFBABD3737BF331661D919E32B . 893952 . . [7.00.6000.20815] . . c:\windows\system32\wininet.dll [-] 2008-07-22 . B49A80A502FD86B2F05BC7BBD723DDAB . 1528832 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-07-22 . 0277E1A3E8B337555A45943808451981 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2008-07-22 . 5FB59F2506787A7E036B7C2EFF1CCE24 . 2190208 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe c:\windows\System32\wscntfy.exe ... - brak elementu !! c:\windows\System32\regsvc.dll ... - brak elementu !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "DriveSpace"="c:\program files\Drive Space Indicator\DrvSpace.exe" [2008-07-20 395716] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-07-22 124928] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-27 165584] R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [2010-11-12 8576] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-27 17744] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\C6.tmp --> c:\windows\system32\C6.tmp [?] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - HELPSVC *NewlyCreated* - VCDROM . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ Trusted Zone: google.com\mail FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ux58n8rk.default\ FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-27 20:55 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\C6.tmp" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="F272DDA33C04C6FDC0CB40A47315CCB5D6796FF184E7EC1469F79DEF4208F261A03FA4E26C0E9965BE4270ADFD2C60E4998E381551C7B437E26A0FA18D305FE740113E85E856CCE6B476759AB99EA2CFD79FBE68D23FA137DF87D6C0BA2D5C10F8163F6E271DB79F6EA62F68CD8F467B229ED120877065A05693CF5DBD4437924582ACA5AE6BE48F0B967338F867B1535B7D329800C4E3E70D52C9A99D80F20BF18C85571B0A121B7B8E0BCE8BD382A33B3817CE65EA3562A20D077DF430C3F6A0ED38521F8BB38B89D8B3956C42061D4EC82AE3EF5327CA07133FD1746493BA47E42A8B7CC0EC8BCDC69D189269425673B008206EB2B73FFDB5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5CA6171C11EC38DE3D9BA997B06FADFD38E287DC2CC0F1F73210BAE89DA52D45190D560C697456169F856FA510BB893CD42DE3CA4D69177E4642B7AEC73C282939EEFC69CE0CEE79F173CE0527DC6BD787265E5F6A403DDCC9BC8ADAF78E04AABCEA8BDE6F69D6989A4CAC26420EC1296AA296E1517F59CE28E32CA99BF3DF8DFD9274BCF91EF55A82ED108E7340DB5A986D4CAC1592C5E5CE0DB66A65F33F665AE84966E1EF19799B2A28D70D95F0ECB3C467AC08994308AE04E800CB4C091FB5E4C456DE59EF03D7C3C4AE27E69A34E0D971E5C5EAF06BBD88A56289EE88F675F3C0966C0B8FDC2FF65BD59E3D54D7475396ED290D581FF4CBF31B9B02EDFD85F5BC48C765EF3B1E6D0421135A815493CB2BEED5BDE18353777ECAC45ECB9AD3BF5E20F5016DA924CA7CF96931E6F7F7CF24272F6DDBCB59A394A48A921A075317ECE5BC26C88744A226DE4AE9ADE6A8621B685E40F9820D61A8EFB7DD354FFA3AD3F52854A706857E04DF205FE21A5E784E1B510ED104F7335388DAB7D9D7C457A34007BD8F2E76DBBF231C2078DCD3FD1FB639655E01288FCCDB45C92D5430948F49ECC96FD8A22BA66032F144CECCCF144B8A04FCFDAFE2756F8DEFB7CFBE076FA9B0921636A1D12A669AC9FEE28B40D6FA7FE1F0D3238AD0D88D3DE1A7F7BD418D6DE5B84888A7DD16D15646E25A14367B93A460301D5A83446277FD8DE5B7A1B58147EEE5737B7CE497731B680487A196892A5512B91A5B6F71163E86186856F491ECB6B9038C61DBEEB764E3D9C731AC6602BECF9C83C5B0DDC8396E21B7C73484C06F425A128C9722E86919B2761FADF171EE90E946D46C12F0EB709682807085E1DC53A033A54BBC03582164A9C6213A711D534C85C01FBDA1B4901398B1B90223A893828DF33A8DB6C2E54CEA2D21912EE1E6F0D76458D227572336BD2D34AF8B5EFC2EB2643EAA659FA9CBB8765B0A083D7189483E3B06FDFA" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(564) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(660) c:\windows\system32\scecli.dll c:\windows\system32\SETUPAPI.dll . Czas ukończenia: 2010-11-27 20:57:32 ComboFix-quarantined-files.txt 2010-11-27 19:57 Przed: 44 811 079 680 bajtów wolnych Po: 44 800 364 544 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff - - End Of File - - 9583568E6BBA7A6707785B483CCEF1C7