ComboFix 09-09-17.04 - piotrek 2009-09-18 19:50.1.

1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.679 [GMT 2:00
]
Uruchomiony z: c:\documents and settings\piotrek\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090917-0] *On-access scanning disabled* (Upda
ted) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))
))))))))))))))))))))
.
c:\documents and settings\piotrek\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\piotrek\Ulubione\Online Security Test.url
c:\documents and settings\RK\Dane aplikacji\wiaserva.log
c:\documents and settings\RK\delself.bat
c:\documents and settings\RK\Menu Start\Programy\Autostart\ikowin32.exe
c:\documents and settings\RK\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\RK\sys32_nov.exe
c:\windows\system32\ieuinit.inf
c:\windows\system32\sys32_nov.exe
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Us³ugi ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
-------\Service_npf

((((((((((((((((((((((((( Pliki utworzone od 2009-08-18 do 2009-09-18 )))))))

))))))))))))))))))))))))
.
2009-09-18 17:38 . 2009-09-18 17:38 -------- d-----w- c:\progr
am files\Trend Micro
2009-08-23 15:42 . 2009-08-23 16:42 -------- d-----w- c:\docum
ents and settings\RK\Dane aplikacji\Skype
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2009-09-18 17:55 . 2007-12-16 13:01 28090400 --sha-w- c:\windo
ws\system32\drivers\fidbox.dat
2009-09-18 17:53 . 2007-12-16 13:01 332228 --sha-w- c:\windows\syste
m32\drivers\fidbox.idx
2009-09-13 11:49 . 2009-07-18 15:46 -------- d-----w- c:\progr
am files\Opera 10 Beta
2009-08-27 17:06 . 2009-08-13 16:24 -------- d-----w- c:\progr
am files\EPSON
2009-08-27 16:54 . 2009-08-13 16:26 -------- d-----w- c:\docum
ents and settings\All Users\Dane aplikacji\EPSON
2009-08-23 16:40 . 2006-05-03 18:03 -------- d-----w- c:\progr
am files\eMule
2009-08-17 16:10 . 2006-08-03 13:30 1279456 ----a-w- c:\windows\syste
m32\aswBoot.exe
2009-08-17 16:06 . 2006-08-03 13:30 93392 ----a-w- c:\windows\syste
m32\drivers\aswmon.sys
2009-08-17 16:06 . 2006-08-03 13:30 94160 ----a-w- c:\windows\syste
m32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-06 07:36 114768 ----a-w- c:\windows\syste
m32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-06 07:36 20560 ----a-w- c:\windows\syste
m32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2006-08-03 13:30 51376 ----a-w- c:\windows\syste
m32\drivers\aswTdi.sys
2009-08-17 16:04 . 2006-08-03 13:30 23152 ----a-w- c:\windows\syste
m32\drivers\aswRdr.sys
2009-08-17 16:03 . 2006-08-03 13:30 26944 ----a-w- c:\windows\syste
m32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-02-03 14:39 97480 ----a-w- c:\windows\syste
m32\AVASTSS.scr
2009-08-09 17:15 . 2007-06-22 10:24 -------- d-----w- c:\docum
ents and settings\piotrek\Dane aplikacji\uTorrent
2009-08-09 17:07 . 2006-04-24 09:46 -------- d--h--w- c:\progr
am files\InstallShield Installation Information
2009-07-23 14:18 . 2009-07-23 14:18 -------- d-----w- c:\docum
ents and settings\RK\Dane aplikacji\DAEMON Tools Lite
2009-07-18 15:37 . 2006-05-03 13:19 721904 ----a-w- c:\windows\syste
m32\drivers\sptd.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))
))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domy lne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\
SEPCSuite.exe" [2008-07-02 393216]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23
691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2005-11
-09 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-1
1-09 49263]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16
221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch
.exe" [2004-06-16 81920]
"C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe
" [2001-12-05 147456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-
09 919016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-10-24 90112]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-01-28 1228800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader
_sl.exe [2005-9-23 29696]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [200
5-9-20 1200128]
LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [
2007-8-3 299008]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s
ys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewa
ll]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\gry\\Anno1701\\Anno1701.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-0
6 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-06 20560]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [200
9-06-12 13224]
S3 GT680xNT;USB Scanner Driver;c:\windows\system32\drivers\Gt680x.sys [2007-02-0
8 17932]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s
3017bus.sys [2009-06-12 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\
drivers\s3017mdfl.sys [2009-06-12 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\d
rivers\s3017mdm.sys [2009-06-12 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c
:\windows\system32\drivers\s3017mgmt.sys [2009-06-12 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\
windows\system32\drivers\s3017nd5.sys [2009-06-12 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system3
2\drivers\s3017obex.sys [2009-06-12 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\
windows\system32\drivers\s3017unic.sys [2009-06-12 110120]
.
.
------- Skan uzupe³niaj¹cy -------
.
TCP: {CD99A306-6B3C-419E-9D90-4C0C55930506} = 194.204.152.34,194.204.159.1
TCP: {EABDFAE0-C63E-4BA2-AD5A-F93BF6969A24} = 10.0.0.2
FF - ProfilePath - c:\documents and settings\piotrek\Dane aplikacji\Mozilla\Fire
fox\Profiles\npvioac2.default\
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.
- - - - USUNIÊTO PUSTE WPISY - - - -
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.ex
e

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2009-09-18 19:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomy lnie ukoñczone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-527237240-926492609-1417001333-1003\Software\SecuROM\!CAUTI
ON! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,4e,20,28,a6,84,eb,8a,80,9c,3c,93,b5,84,f0,53,74,c1,3c,98,af,ed,27,
4b,1f,e5,cc,1a,3b,65,05,03,55,77,d9,fa,58,98,2e,44,07,65,77,6c,f0,d4,09,4f,\
"??"=hex:5a,cc,2b,df,7e,e1,a8,74,d9,b9,a0,49,66,37,fd,ef
[HKEY_USERS\S-1-5-21-527237240-926492609-1417001333-1003\Software\SecuROM\Licens
e information*]
"datasecu"=hex:9c,a3,e4,0f,90,40,e3,2a,6c,50,b5,f0,fa,ae,a9,b5,03,d5,89,b5,0c,
5f,0c,3e,72,f4,c8,73,c7,f6,dd,d6,c7,fc,98,29,b3,71,24,ce,03,70,01,2b,79,3d,\
"rkeysecu"=hex:18,2b,8f,3c,97,95,d9,04,92,ea,4d,8f,74,f4,59,2a
.
--------------------- Pliki DLL ³adowane pod uruchomionymi procesami -------------
--------
- - - - - - - > 'explorer.exe'(1300)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozosta³e uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Crypserv.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Czas ukoñczenia: 2009-09-18 19:58 - komputer zosta³ uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-09-18 17:58
Przed: 74€653€696 bajtów wolnych
Po: 1€352€499€200 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/fastdetect /NoExecute=OptIn /usepmtimer
179 --- E O F --- 2008-08-07 18:47