Untitled

ComboFix 10-02-09.01 - MiChAł 2010-02-09  21:39:44.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1667 [GMT 1:00]

Uruchomiony z: f:\download\ComboFix.exe

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 * Rezydentny antywirus jest aktywny

 

.

 

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Adobe\Photoshop.exe

c:\windows\system32\twain_32.dll

 

.

(((((((((((((((((((((((((   Pliki utworzone od 2010-01-09 do 2010-02-09  )))))))))))))))))))))))))))))))

.

 

2010-02-09 20:21 . 2010-02-09 20:21     --------        d-----w-        c:\windows\ERUNT

2010-02-09 20:18 . 2010-02-09 20:27     --------        d-----w-        C:\SDFix

2010-02-09 19:49 . 2010-01-07 15:07     38224   ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-09 19:49 . 2010-02-09 19:49     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2010-02-09 19:49 . 2010-01-07 15:07     19160   ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-02-09 19:49 . 2010-02-09 19:49     --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-02-09 13:18 . 2010-02-09 13:18     --------        d-----w-        c:\program files\Lavalys

2010-02-08 22:14 . 2010-02-08 22:14     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\AVS4YOU

2010-02-07 11:44 . 2010-02-07 11:44     --------        d-----w-        c:\program files\SubEdit-Player

2010-02-07 11:37 . 2010-02-07 11:39     --------        d-----w-        c:\program files\URUSoft

2010-01-29 19:01 . 2010-01-29 19:17     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\Blizzard Entertainment

2010-01-23 11:40 . 2010-01-23 11:44     --------        d-----w-        c:\program files\Foxit Software

2010-01-13 13:08 . 2010-01-13 13:08     --------        d-----w-        c:\program files\Hamachi

2010-01-12 18:49 . 2010-01-16 18:20     --------        d-----w-        c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

 

.

((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-01 21:41 . 2009-07-21 21:32     2568    --sha-w-        c:\windows\system32\KGyGaAvL.sys

2010-02-01 15:12 . 2009-11-02 17:17     --------        d-----w-        c:\program files\Nowe Gadu-Gadu

2010-01-22 15:56 . 2009-11-21 23:05     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\BioWare

2010-01-16 18:27 . 2008-08-20 18:28     --------        d-----w-        c:\program files\Odkurzacz

2010-01-13 13:08 . 2009-09-23 08:41     25280   ----a-w-        c:\windows\system32\drivers\hamachi.sys

2009-12-16 13:42 . 2009-12-16 13:34     --------        d-----w-        c:\program files\Opera

2009-12-15 12:22 . 2009-12-15 12:22     --------        d-----w-        c:\program files\PDFArea

2009-11-21 22:09 . 2001-10-26 16:15     89036   ----a-w-        c:\windows\system32\perfc015.dat

2009-11-21 22:09 . 2001-10-26 16:15     499854  ----a-w-        c:\windows\system32\perfh015.dat

2009-07-21 21:32 . 2009-07-21 21:32     88      --sh--r-        c:\windows\system32\5471A9B09A.sys

.

 

------- Sigcheck -------

 

[-] 2008-05-08 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

 

[-] 2008-04-14 . E1A9A883950ADB8F0536E2201A3C2A00 . 101888 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe

[-] 2008-04-14 . E1A9A883950ADB8F0536E2201A3C2A00 . 101888 . . [5.4.3790.5512] . . c:\windows\system32\dllcache\wuauclt.exe

 

[-] 2008-05-08 . 1B70DB042A98B52BBBFEA5CBF8AF3FD2 . 3851264 . . [7.00.5730.13] . . c:\windows\system32\mshtml.dll

[-] 2008-05-08 . 1B70DB042A98B52BBBFEA5CBF8AF3FD2 . 3851264 . . [7.00.5730.13] . . c:\windows\system32\dllcache\mshtml.dll

 

[-] 2008-05-08 . F284A6225A3057A1E19985E1D4B47ADA . 809472 . . [7.00.5730.13] . . c:\windows\system32\wininet.dll

[-] 2008-05-08 . F284A6225A3057A1E19985E1D4B47ADA . 809472 . . [7.00.5730.13] . . c:\windows\system32\dllcache\wininet.dll

 

[-] 2008-04-14 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

 

[-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

"zaian"="c:\documents and settings\MiChAł\zaian.exe" [2010-02-09 102400]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 16208384]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]

"CHotkey"="mHotkey.exe" [2004-12-08 550912]

"ShowWnd"="ShowWnd.exe" [2003-09-18 36864]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]

"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 16200]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

c:\documents and settings\MiChAˆ\Menu Start\Programy\Autostart\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]

UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]

Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

 

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-20 434176]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"d:\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=

"d:\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=

"d:\\Activision\\Call of Duty Modern Warfare 2\\iw4mp.exe"=

"c:\\Program Files\\Hamachi\\hamachi.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-09-19 2915944]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-03-13 33800]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-08-20 685816]

S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2008-08-20 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2008-08-20 85696]

.

.

------- Skan uzupełniający -------

.

uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\MiChAł\Dane aplikacji\Mozilla\Firefox\Profiles\dq7hsb55.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.pl/

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-09 21:41

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

skanowanie ukrytych procesów ...  

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...  

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

 

[HKEY_USERS\S-1-5-21-1482476501-1085031214-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:e1,75,2c,1f,f4,b8,4d,a0,5c,80,29,f5,e9,5e,bf,e1,da,a9,4e,6e,4d,91,f1,

   a3,ba,3f,3d,11,ca,cc,cf,81,55,3d,3e,86,c3,31,13,ca,c4,af,df,b3,86,a9,f5,e3,\

"??"=hex:e6,80,e4,94,9b,2f,a8,0d,22,0a,08,5b,2b,4f,57,57

 

[HKEY_USERS\S-1-5-21-1482476501-1085031214-1417001333-1003\Software\SecuROM\License information*]

"datasecu"=hex:2e,49,0a,3f,0f,2f,6d,20,68,6f,ad,2b,03,a1,74,4a,19,ad,07,d0,e9,

   b9,e1,36,43,26,0d,40,2d,9b,de,95,87,2c,b5,f5,01,0e,ce,30,12,1a,f3,cb,57,6a,\

"rkeysecu"=hex:c8,84,d4,c9,ee,66,76,4e,63,3b,9a,32,00,c8,07,f8

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

 

- - - - - - - > 'lsass.exe'(792)

c:\windows\system32\scecli.dll

.

Czas ukończenia: 2010-02-09  21:42:44

ComboFix-quarantined-files.txt  2010-02-09 20:42

 

Przed: 1 920 741 376 bajtów wolnych

Po: 1 848 979 456 bajtów wolnych

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 925B2561912D325160C54CE635A83E09