ComboFix 12-07-20.02 - Administrator 2012-07-20  16:58:47.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.511.237 [GMT 2:00]
Uruchomiony z: E:\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-20 do 2012-07-20  )))))))))))))))))))))))))))))))
.
.
2012-07-19 20:18 . 2012-07-19 20:18	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\xuwlgkwwdidrned
2012-07-14 10:04 . 2012-07-14 10:04	--------	d-----w-	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\ESET
2012-06-28 00:29 . 2009-03-18 15:35	26176	---ha-w-	c:\windows\system32\hamachi.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 22:00 . 2012-05-06 22:00	27632	----a-w-	c:\windows\system32\drivers\seehcri.sys
2012-05-03 02:54 . 2012-05-03 02:54	42392	----a-w-	c:\windows\system32\xfcodec.dll
2012-07-20 13:40 . 2012-04-05 13:40	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-08 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-20_14.48.41   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-20 14:54 . 2012-07-20 14:54	16384              c:\windows\temp\Perflib_Perfdata_4e4.dat
+ 2001-10-26 16:15 . 2012-07-20 14:59	93486              c:\windows\system32\perfc015.dat
+ 2001-08-17 21:30 . 2012-07-20 14:59	77852              c:\windows\system32\perfc009.dat
+ 2001-10-26 16:15 . 2012-07-20 14:59	503448              c:\windows\system32\perfh015.dat
+ 2001-08-17 21:30 . 2012-07-20 14:59	443424              c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-05-09 08:49	176936	----a-w-	c:\program files\XfireXO\prxtbXfi0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\programy\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"egui"="e:\programy\Antywirus\egui.exe" [2010-04-07 2145000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"nwiz"="nwiz.exe" [2006-11-17 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="e:\programy\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]
2011-07-04 17:45	13374048	----a-w-	e:\programy\Gadu-Gadu 10\gg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-24 19:17	116648	----atw-	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programy\\Gadu-Gadu 10\\gg.exe"=
"e:\\Programy\\Winamp\\winamp.exe"=
"e:\\Gry\\Metin2\\metin2client.bin"=
"e:\\Pandora\\PandoraMT2\\metin2.bin"=
"e:\\Program Files\\Metin2\\metin2client.bin"=
"e:\\Elite\\EliteMT2\\metin2.bin"=
"e:\\Gry\\cod\\CoDMP.exe"=
"e:\\Programy\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Gry\\avvaaaloon\\av.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57523:TCP"= 57523:TCP:Pando Media Booster
"57523:UDP"= 57523:UDP:Pando Media Booster
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-04-07 95872]
R2 ekrn;ESET Service;e:\programy\Antywirus\ekrn.exe [2010-04-07 810120]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\programy\hamachi-2.exe -s --> e:\programy\hamachi-2.exe -s [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-03-24 242240]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2012-05-07 27632]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 113120]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:57]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-220523388-1801674531-500Core.job
- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-03-24 19:17]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-220523388-1801674531-500UA.job
- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-03-24 19:17]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\r701u2tn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-20 17:04
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(2820)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Czas ukończenia: 2012-07-20  17:05:15
ComboFix-quarantined-files.txt  2012-07-20 15:05
ComboFix2.txt  2012-07-20 14:49
.
Przed: 3 376 017 408 bajtów wolnych
Po: 3 366 531 072 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2A336A911497B45E150F646EC601AA77