ComboFix 11-02-25.01 - Mariusz 2011-02-27 13:59:15.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1129 [GMT 1:00] Uruchomiony z: M:\ComboFix.exe AV: System antywirusowy NOD32 2.70 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((( Pliki utworzone od 2011-01-27 do 2011-02-27 ))))))))))))))))))))))))))))))) . 2011-02-26 23:56 . 2011-02-26 23:56 -------- d-----w- c:\documents and settings\Administrator 2011-02-26 11:12 . 2011-02-26 11:12 -------- d-----w- c:\program files\Support Tools 2011-02-26 10:10 . 2011-02-26 10:10 -------- d-----w- c:\windows\system32\wbem\Repository 2011-02-21 09:55 . 2011-02-21 09:56 -------- d-----w- c:\documents and settings\Mariusz\.screenshooter 2011-02-21 09:52 . 2011-02-21 09:52 -------- d-----w- c:\documents and settings\Mariusz\Ustawienia lokalne\Dane aplikacji\LearnPulse 2011-02-09 17:19 . 2011-02-24 17:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\boost_interprocess 2011-02-09 12:18 . 2011-02-09 12:18 -------- d-----w- c:\program files\SymNetDrv 2011-02-09 12:13 . 2011-02-09 12:13 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\Symantec 2011-02-09 12:13 . 2011-02-27 09:22 -------- d-----w- c:\program files\Norton Personal Firewall 2011-02-09 12:13 . 2011-02-27 09:23 -------- d-----w- c:\program files\Common Files\Symantec Shared 2011-02-09 12:13 . 2011-02-09 12:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Symantec 2011-02-09 11:52 . 2011-02-09 11:52 -------- d-----w- c:\documents and settings\Mariusz\Ustawienia lokalne\Dane aplikacji\Temp 2011-02-09 11:52 . 2011-02-09 11:52 -------- d-----w- c:\program files\Zoom Player 2011-02-09 09:41 . 2011-02-09 11:44 -------- d-----w- c:\program files\Symantec 2011-02-08 23:22 . 2011-02-08 23:22 -------- d-----w- c:\program files\Total Video Converter 2011-02-08 23:21 . 2011-02-08 23:21 -------- d-----w- c:\program files\FastStone MaxView 2011-02-08 23:20 . 2011-02-08 23:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ZoomBrowser 2011-02-08 23:19 . 2011-02-08 23:19 -------- d-----w- c:\program files\Vertus Fluid Mask 3 2011-02-08 23:19 . 2011-02-08 23:19 -------- d-----w- c:\program files\RAR Password Recovery Magic 2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 19:58 . 2011-01-21 19:58 245760 ----a-w- c:\documents and settings\NetworkService\NTUSER.DAT.tmp 2011-01-21 19:58 . 2011-01-21 19:58 245760 ----a-w- c:\documents and settings\LocalService\NTUSER.DAT.tmp 2011-01-21 14:44 . 2008-04-14 20:50 440832 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2008-04-14 20:30 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2008-04-14 19:35 1855232 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2008-04-14 20:50 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:52 . 2008-04-14 20:50 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:52 . 2008-04-14 20:50 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:52 . 2008-04-14 20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:25 . 2008-04-14 20:50 732160 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2008-04-14 19:41 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2008-04-14 20:49 726528 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 15:14 . 2008-04-14 21:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-12-09 15:14 . 2008-04-14 19:59 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 14:30 . 2008-04-14 20:50 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr . ------- Sigcheck ------- [-] 2010-01-15 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2011-02-26_10.47.13 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-27 09:22 . 2011-02-27 09:22 16384 c:\windows\temp\Perflib_Perfdata_554.dat - 2011-02-26 10:29 . 2011-02-26 10:29 16384 c:\windows\temp\Perflib_Perfdata_554.dat + 2010-01-19 12:27 . 2011-02-26 11:12 2968 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin + 2011-02-26 11:12 . 2011-02-26 11:12 219136 c:\windows\Installer\cd8c4.msi . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-10-24 329096] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408] "StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008] "ProcessLassoManagementConsole"="c:\program files\Process Lasso\processlasso.exe" [2010-08-30 414224] "ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2010-08-30 241680] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-01-19 949376] "iamapp"="c:\program files\Norton Personal Firewall\IAMAPP.EXE" [2001-12-01 378536] "Symantec NetDriver Monitor"="c:\progra~1\SymNetDrv\SNDMon.exe" [2011-02-09 95960] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Mariusz\Menu Start\Programy\Autostart\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2010-1-19 663552] Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2010-5-27 1512448] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ ColorVisionStartup.lnk - c:\program files\ColorVision\Utility\ColorVisionStartup.exe [2007-2-13 385024] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2010-01-06 22:27 1657448 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Spamihilator\\spamihilator.exe"= "c:\\Program Files\\Spamihilator\\cdcc.exe"= "c:\\Program Files\\Spamihilator\\dccproc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4 "11853:TCP"= 11853:TCP:BitComet 11853 TCP "11853:UDP"= 11853:UDP:BitComet 11853 UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-03-17 26248] R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-03-17 20616] R0 Si3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2010-01-15 116264] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2010-01-19 15424] R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2010-01-19 57344] R2 NISSERV;Norton Personal Firewall Service;c:\program files\Norton Personal Firewall\NISSERV.EXE [2001-12-01 63144] R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [2009-01-06 27136] R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-03-17 122504] S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [2010-02-12 171136] S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-03-17 14216] S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2009-03-11 12288] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S4 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 136176] --- Inne Usługi/Sterowniki w Pamięci --- *Deregistered* - aftdypob *Deregistered* - uphcleanhlp . . ------- Skan uzupełniający ------- . uStart Page = hxxp://picasaweb.google.com/hekselman uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Open with KUSO EXIF Viewer - c:\program files\KUSO EXIF Viewer\EXIF.htm . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-27 14:02 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(3260) c:\windows\system32\WININET.dll c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Czas ukończenia: 2011-02-27 14:03:30 ComboFix-quarantined-files.txt 2011-02-27 13:03 ComboFix2.txt 2011-02-26 22:46 ComboFix3.txt 2011-02-26 10:48 ComboFix4.txt 2011-02-26 10:09 ComboFix5.txt 2011-02-26 22:58 Przed: 53 300 588 544 bajtów wolnych Po: 53 283 241 984 bajtów wolnych - - End Of File - - C413AFFC7A5F53A8E740026E4C2D52DA