ComboFix 09-01-09.02 - Violetta 2009-01-10 3:37:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.275 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Violetta\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-10 do 2009-01-10 )))))))))))))))))))))))))))))))
.
2009-01-10 03:18 . 2009-01-10 03:18
2009-01-10 02:52 . 2009-01-10 02:52
2009-01-10 02:22 . 2009-01-10 02:22
2009-01-10 02:17 . 2009-01-10 02:17
2009-01-10 02:17 . 2009-01-10 02:17
2009-01-10 02:17 . 2009-01-10 02:17 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-10 02:17 . 2009-01-10 02:17 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-10 02:17 . 2009-01-10 02:52 32,800 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-10 02:17 . 2009-01-10 02:52 1,192 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-10 02:17 . 2009-01-10 02:52 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-10 02:17 . 2009-01-10 02:52 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-10 01:36 . 2009-01-10 01:36 97 --a------ c:\documents and settings\Violetta\reg.reg
2009-01-10 01:23 . 2009-01-10 01:24
2009-01-09 23:43 . 2009-01-09 23:43
2009-01-09 22:29 . 2009-01-09 22:29
2009-01-09 22:29 . 2009-01-09 22:29
2009-01-09 22:07 . 2009-01-09 22:07
2009-01-09 21:37 . 2009-01-09 21:38
2009-01-09 21:36 . 2009-01-10 03:38
2009-01-09 21:36 . 2008-03-11 19:48
2009-01-09 21:36 . 2008-03-11 19:00
2009-01-09 21:36 . 2009-01-09 21:54
2009-01-09 21:36 . 2008-03-11 19:48
2009-01-09 21:36 . 2008-03-11 19:48
2009-01-09 21:36 . 2009-01-10 02:16
2009-01-09 21:36 . 2009-01-10 02:52
2009-01-09 21:18 . 2009-01-09 21:18
2009-01-09 21:18 . 2009-01-09 21:18
2008-12-26 01:35 . 2008-12-26 01:35
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 02:30 --------- d-----w c:\program files\Mozilla Firefox 2.0.0.12
2009-01-10 02:25 --------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-10 01:52 --------- d-----w c:\documents and settings\Violetta\Dane aplikacji\Lavasoft
2009-01-10 01:22 --------- d-----w c:\program files\Kalendarz XP
2009-01-09 22:08 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-28 19:14 --------- d-----w c:\program files\City Interactive
2008-11-16 12:00 --------- d-----w c:\documents and settings\Violetta\Dane aplikacji\Leadertech
2008-11-14 10:50 --------- d-----w c:\documents and settings\Violetta\Dane aplikacji\Teleca
2008-11-14 10:46 --------- d-----w c:\program files\Common Files\Adobe
2008-11-14 10:39 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Teleca
2008-11-14 10:38 --------- d-----w c:\program files\Sony Ericsson
2008-11-14 10:38 --------- d-----w c:\program files\Common Files\Teleca Shared
2008-11-14 10:38 --------- d-----w c:\program files\Common Files\Sony Ericsson Shared
2008-11-14 10:38 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson
2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon(2).dll
2008-11-11 18:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat
2001-02-23 18:22 299,008 ----a-w c:\program files\bestplayer1.0.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2004-08-04 15360]
“SpeedX”=“c:\progra~1\Speed-X\SpeedX.exe” [2006-06-27 46718]
“H/PC Connection Agent”=“c:\program files\Microsoft ActiveSync\WCESCOMM.EXE” [2005-01-19 405583]
“Picasa Media Detector”=“c:\program files\Picasa2\PicasaMediaDetector.exe” [2008-02-26 443968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-10-22 7700480]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2006-01-12 155648]
“Vistadrv”=“c:\program files\Vistadrives\vsdrv.exe” [2006-07-30 121089]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“Symantec PIF AlertEng”=“c:\program files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2008-01-29 583048]
“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2007-06-13 528384]
“Adobe Photo Downloader”=“c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe” [2007-03-09 63712]
“nwiz”=“nwiz.exe” [2006-10-22 c:\windows\system32\nwiz.exe]
“NvMediaCenter”=“NvMCTray.dll” [2006-10-22 c:\windows\system32\nvmctray.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“WIAWizardMenu”=“c:\windows\system32\sti_ci.dll” [2004-08-04 137216]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
ka.bat [2008-02-20 195]
Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2008-03-11 882176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.iv41”= ir41_32.dll
“MSACM.CEGSM”= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“ose”=3 (0x3)
“MDM”=2 (0x2)
“wuauserv”=2 (0x2)
“wscsvc”=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Microsoft ActiveSync\wcescomm.exe”=
“c:\Program Files\Microsoft ActiveSync\WCESMgr.exe”=
“c:\Program Files\BitSpirit\BitSpirit.exe”=
“c:\Program Files\LimeWire\LimeWire.exe”=
“c:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe”=
R4 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-09-07 198336]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-04-17 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-04-17 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-04-17 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-04-17 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-04-17 98568]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-04-29 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-04-29 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-04-29 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-04-29 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-04-29 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-04-29 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-04-29 97704]
— Other Services/Drivers In Memory —
*Deregistered* - DwShield00003EFE
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Eksport do programu Microsoft Excel - d:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: Pobierz z BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(B)
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\cenetflt.dll
FF - ProfilePath - c:\documents and settings\Violetta\Dane aplikacji\Mozilla\Firefox\Profiles\cu7ma9m0.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\bin\npjava11.dll
FF - plugin: c:\program files\Java\bin\npjava12.dll
FF - plugin: c:\program files\Java\bin\npjava13.dll
FF - plugin: c:\program files\Java\bin\npjava14.dll
FF - plugin: c:\program files\Java\bin\npjava32.dll
FF - plugin: c:\program files\Java\bin\npjpi160_05.dll
FF - plugin: c:\program files\Java\bin\npoji610.dll
FF - plugin: c:\program files\K-Lite Mega Codec Pack 3.3.8\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Mega Codec Pack 3.3.8\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 2.0.0.12\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox 2.0.0.12\plugins\npdjvu.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 03:39:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\konfig]
“ImagePath”=“d:\opt\MBCASE\pm\bin\mcp”
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\license]
“ImagePath”=“d:\opt\MBCASE\pm\bin\mcp”
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mcp]
“ImagePath”=“d:\opt\MBCASE\pm\bin\mcp”
.
Czas ukończenia: 2009-01-10 3:40:09
ComboFix-quarantined-files.txt 2009-01-10 02:39:54
Przed: 962,924,544 bajtów wolnych
Po: 1,671,323,648 bajtów wolnych
180
Po zalogowaniu wyskakuje blad cmd i zamyka sie autoIT i musze sie logowac ponownie i tak w kolko puki nie zatrzymam koonczenia pracy autoit