ComboFix 10-12-30.01 - zac 2010-12-30 21:23:34.3.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.511.220 [GMT 1:00] Uruchomiony z: C:\ComboFix.exe AV: McAfee Anti-Virus i McAfee Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Pliki utworzone od 2010-11-28 do 2010-12-30 ))))))))))))))))))))))))))))))) . 2010-12-30 17:26 . 2010-12-30 17:26 580096 -c--a-w- c:\windows\system32\dllcache\user32.dll 2010-12-30 17:25 . 2010-12-30 17:25 -------- d-----w- c:\windows\ERUNT 2010-12-30 17:24 . 2010-12-30 17:32 -------- d-----w- C:\SDFix 2010-12-30 14:36 . 2010-12-30 14:37 -------- d-----w- c:\windows\system32\temp_dllcache 2010-12-30 13:27 . 2010-12-30 13:27 -------- d-----w- c:\windows\LastGood 2010-12-29 22:28 . 2010-01-26 13:01 81920 ----a-w- c:\windows\eSellerateControl350.dll 2010-12-29 22:28 . 2010-01-26 13:01 356352 ----a-w- c:\windows\eSellerateEngine.dll 2010-12-29 19:35 . 2010-12-29 19:35 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2010-12-29 19:35 . 2010-12-29 19:35 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2010-12-29 19:35 . 2010-12-29 19:35 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2010-12-29 19:35 . 2010-12-29 19:35 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2010-12-29 15:51 . 2010-12-29 15:51 -------- d-----w- c:\documents and settings\Administrator 2010-12-29 13:43 . 2010-12-29 13:43 388096 ----a-r- c:\documents and settings\zac\Dane aplikacji\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-12-29 12:59 . 2010-12-29 12:59 -------- d-----w- c:\windows\RegBak 2010-12-25 10:52 . 2010-12-25 10:52 -------- d-----w- c:\documents and settings\All Users\Menu Start 2010-12-25 10:20 . 2010-12-25 10:20 -------- d-----w- C:\found.000 2010-12-17 10:50 . 2010-12-17 10:50 -------- d-----w- c:\program files\Convar 2010-12-17 10:31 . 2010-12-17 10:31 -------- d-----w- c:\documents and settings\zac\Dane aplikacji\PandoraRecovery 2010-12-17 10:28 . 2010-12-17 10:42 -------- d-----w- c:\program files\Pandora Recovery 2010-12-16 14:23 . 2010-12-16 14:23 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TNK Software 2010-12-16 14:23 . 2010-12-16 14:23 -------- d-----w- c:\documents and settings\zac\Dane aplikacji\TNK Software 2010-12-13 13:06 . 2010-12-13 13:06 -------- d-----r- c:\documents and settings\zac\Dane aplikacji\Brother 2010-12-13 12:34 . 2001-10-26 16:05 6912 ----a-w- c:\windows\system32\drivers\serscan.sys 2010-12-13 12:34 . 2007-10-03 00:05 126976 ----a-w- c:\windows\system32\BrfxD05a.dll 2010-12-13 12:34 . 2008-01-25 19:36 63488 ----a-w- c:\windows\system32\BrNetSti.dll 2010-12-13 12:34 . 2007-12-03 17:13 57856 ----a-w- c:\windows\system32\BrWiaNCp.dll 2010-12-11 23:44 . 2010-12-11 23:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Brother 2010-12-03 17:12 . 2010-12-03 17:12 -------- d-----w- c:\documents and settings\zac\Dane aplikacji\RDRM 2010-12-03 17:08 . 2010-12-03 17:12 -------- d-----w- c:\program files\ipla 2010-12-03 14:29 . 2010-12-03 14:29 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-03 14:26 . 2010-11-07 13:00 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-12-03 14:26 . 2008-09-19 12:44 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-10-27 11:15 . 2008-09-19 12:17 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-10-27 11:15 . 2008-09-19 12:17 348160 ----a-w- c:\windows\system32\msvcr71.dll . ------- Sigcheck ------- [-] 2008-09-08 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-12-30_16.33.08 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-30 17:25 . 2010-12-30 17:25 335872 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat + 2010-12-30 17:25 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2010-12-30 17:25 . 2010-12-30 17:25 335872 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2010-12-30 17:25 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2010-12-30 17:25 . 2010-12-30 17:25 8208384 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2010-12-30 17:25 . 2010-12-30 17:25 8208384 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\^.rnd] path=\.rnd backup=c:\windows\pss\.rndCommon Startup [HKLM\~\startupfolder\^NTUSER.DAT] path=\NTUSER.DAT backup=c:\windows\pss\NTUSER.DATCommon Startup [HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt] path=\NTUSER.DAT.bak_jv16pt backup=c:\windows\pss\NTUSER.DAT.bak_jv16ptCommon Startup [HKLM\~\startupfolder\^ntuser.dat.LOG] path=\ntuser.dat.LOG backup=c:\windows\pss\ntuser.dat.LOGCommon Startup [HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG] path=\NTUSER.DAT.tmp.LOG backup=c:\windows\pss\NTUSER.DAT.tmp.LOGCommon Startup [HKLM\~\startupfolder\^ntuser.ini] path=\ntuser.ini backup=c:\windows\pss\ntuser.iniCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] 2008-10-11 16:42 1085440 ----a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] 2007-12-21 16:57 86016 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 20:51 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-03-18 10:49 136176 ----atw- c:\documents and settings\zac\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-06-24 15:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!] 2010-11-22 12:15 18630656 ----a-w- c:\program files\ipla\ipla.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2009-10-16 11:51 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matrox Powerdesk] 2006-03-02 10:32 684032 ----a-w- c:\windows\system32\PDesk\pdesk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 20:51 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2008-06-08 08:31 2221352 ----a-w- d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-06-19 08:53 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] 2004-06-03 18:51 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2008-11-07 11:50 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 15:18 413696 ----a-w- d:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-10-27 11:15 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MGABGEXE"=2 (0x2) "ImapiService"=3 (0x3) "ALG"=3 (0x3) "SharedAccess"=2 (0x2) "mfevtp"=2 (0x2) "mfefire"=2 (0x2) "mcmscsvc"=2 (0x2) "McMPFSvc"=2 (0x2) "McShield"=2 (0x2) "McNaiAnn"=2 (0x2) "McODS"=3 (0x3) "McProxy"=2 (0x2) "McNASvc"=2 (0x2) "MSK80Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Tlen.pl\\tlen.exe"= "d:\\Program Files\\eMule\\emule.exe"= "d:\\Program Files\\DeluxeFTP\\DeluxeFTP.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"= "d:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"= "d:\\Program Files\\River Past\\Audio Converter\\AudioConverter.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "d:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "d:\\Program Files\\SopCast\\SopCast.exe"= "d:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Brother\\Brmfl08h\\FAXRX.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54925:UDP"= 54925:UDP:BrotherNetwork Scanner R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2008-09-08 97408] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-09-24 717296] S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-05-07 42144] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-11-19 10976] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] S3 ntportio;ntportio;\??\e:\fujitsusiemens\e\SE\SEMCtool_v8.4\ntportio.sys --> e:\fujitsusiemens\e\SE\SEMCtool_v8.4\ntportio.sys [?] S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2009-11-10 65664] S3 SER120;OTI Serial port driver;c:\windows\system32\drivers\ser120.sys [2008-11-19 33006] S3 UtilNT;UtilNT;c:\windows\system32\drivers\utilnt.sys [2008-09-26 5533] S4 0181511293715610mcinstcleanup;McAfee Application Installer Cleanup (0181511293715610);d:\temp\018151~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> d:\temp\018151~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S4 gupdate1c9a8c159b8f87e;Usługa Google Update (gupdate1c9a8c159b8f87e);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 133104] --- Inne Usługi/Sterowniki w Pamięci --- *Deregistered* - pxtdypow [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-10-16 11:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' 2010-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 18:34] 2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 18:34] 2010-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-2077806209-1417001333-1003Core1cb7f69fae8a6c0.job - c:\documents and settings\zac\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-11-06 10:49] 2010-12-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-2077806209-1417001333-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-12-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-2077806209-1417001333-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] . . ------- Skan uzupełniający ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\zac\Dane aplikacji\Mozilla\Firefox\Profiles\2035gvxn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-DAEMON Tools Lite - d:\program files\DAEMON Tools Lite\daemon.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-30 21:28 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2010-12-30 21:29:53 ComboFix-quarantined-files.txt 2010-12-30 20:29 ComboFix2.txt 2010-12-30 16:56 ComboFix3.txt 2010-12-30 16:35 ComboFix4.txt 2009-01-25 12:19 Przed: 15 630 225 408 bajtów wolnych Po: 15 617 921 024 bajtów wolnych - - End Of File - - 90D7FCECB8FA71450D61D719D28F742A