ComboFix 11-11-22.01 - centrino 2011-11-23   2:34.1.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.1022.570 [GMT 1:00]
Uruchomiony z: c:\documents and settings\centrino\Pulpit\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\All Users\Dane aplikacji\TEMP\430C6D84.TMP
c:\documents and settings\All Users\Dane aplikacji\TEMP\DFC5A2B2.TMP
C:\khq
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\CddbCdda.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\WindowsUpdate.log
D:\khq
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-10-23 do 2011-11-23  )))))))))))))))))))))))))))))))
.
.
2011-11-23 01:40 . 2011-11-23 01:40	56200	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{B87B112D-CBE8-491B-89D4-1FE59645D001}\offreg.dll
2011-11-22 22:17 . 2011-10-06 19:48	6668624	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{B87B112D-CBE8-491B-89D4-1FE59645D001}\mpengine.dll
2011-11-22 22:17 . 2010-10-19 20:51	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-22 22:12 . 2011-11-22 22:12	--------	d-----w-	c:\program files\Microsoft Security Client
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 01:12 . 2011-05-16 17:35	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-09-18 08:18 . FD5CF6498773C6F23D4AC2A1FB1E8D2B . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 07:53 . E788F2220B5CF436EF2E8B5C2AF487F0 . 953856 . . [------] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 07:53 . 6AD95CC91367A030F369B3288E08AAE0 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 18:20 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 18:20 . D15A9B62B42ED33563BF3722891A86F7 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2006-11-01 19:19 . 785BA57DAEA4DAF2F3C9B359FEDA0EBF . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 19:00 . CFA664EFA06EEE2B02721C1384F51123 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-23 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"{067A4D22-0884-4116-9A39-A1A740C8D447}"="c:\program files\ERA\blue connect compressor\bmoc -d" [X]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 15600128]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-18 114688]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 458752]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 DirectNT;DirectNT;c:\windows\system32\drivers\DirectNT.sys [2009-10-09 3424]
S1 MpKslf8ebc1a5;MpKslf8ebc1a5;\??\c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{B87B112D-CBE8-491B-89D4-1FE59645D001}\MpKslf8ebc1a5.sys --> c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{B87B112D-CBE8-491B-89D4-1FE59645D001}\MpKslf8ebc1a5.sys [?]
S3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [2009-10-09 21888]
S3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [2009-10-09 5888]
S3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [2009-10-09 70784]
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 20:52]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 20:52]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902433401-553749132-977211287-1006Core1cca96519d1d5f8.job
- c:\documents and settings\centrino\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-10-13 21:31]
.
2011-11-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
2011-11-23 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Skan uzupełniający -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.pl/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ściągnij przy pomocy FlashGet'a - c:\program files\FlashGet\jc_link.htm
IE: Ściągnij wszystko przy pomocy FlashGet'a - c:\program files\FlashGet\jc_all.htm
LSP: bmnet.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 02:41
Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'explorer.exe'(356)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\system32\bmwebcfg.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2011-11-23  02:46:45 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-11-23 01:46
.
Przed: 10 156 933 120 bajtów wolnych
Po: 11 994 726 400 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 751ADA722301E73D816519171D051323