ComboFix 11-02-26.02 - Przemek 2011-02-27 19:25:38.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1023.662 [GMT 1:00] Uruchomiony z: c:\documents and settings\Przemek\Pulpit\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Zapora osobista *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Rezydentny antywirus jest aktywny . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Przemek\Moje dokumenty\Readiris.DUS . ((((((((((((((((((((((((( Pliki utworzone od 2011-01-27 do 2011-02-27 ))))))))))))))))))))))))))))))) . 2011-02-20 10:21 . 2011-02-20 11:37 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2011-02-01 11:50 . 2011-02-01 11:50 -------- d-----w- C:\b11c7126f40256b7e3ad . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:44 . 2006-03-02 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2006-03-02 12:00 1855232 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-21 14:04 . 2010-12-21 14:04 141264 ----a-w- c:\windows\system32\drivers\eamon.sys 2010-12-21 14:04 . 2010-12-21 14:04 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2010-12-21 12:47 . 2010-12-21 12:47 33120 ----a-w- c:\windows\system32\drivers\epfwndis.sys 2010-12-21 12:47 . 2010-12-21 12:47 134000 ----a-w- c:\windows\system32\drivers\epfw.sys 2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:52 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2010-12-20 23:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:25 . 2006-03-02 12:00 732160 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2006-03-02 12:00 726528 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 15:14 . 2006-03-02 12:00 2194048 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 15:14 . 2004-08-04 00:38 2070656 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-12-09 14:30 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2009-01-17 5853672] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-21 5575224] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on "SAOB Monitor"=c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe "Usługa Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" "nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /installquiet "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "RTHDCPL"=RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\HP\\hp laserjet m1522\\Fax Config utility1.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-02-02 752128] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008] R2 afcdpsrv;Usługa Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-02-02 3246040] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 Kmm4xNT;Kmm4xNT;c:\windows\system32\drivers\KMM4XNT.SYS [2011-02-10 95484] R2 Wybór systemu operacyjnego;Aktywator programu Acronis OS Selector;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-07-05 2155736] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-02-02 167968] R3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2011-02-01 107008] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-01-31 1691480] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2011-01-31 36864] S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2011-02-02 20504] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-02-01 27064] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-03-02 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-27 19:29 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2011-02-27 19:30:53 ComboFix-quarantined-files.txt 2011-02-27 18:30 Przed: 199 289 597 952 bajtów wolnych Po: 199 247 302 656 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 1AB92C54F161BDF0BBBF6F735E329F53