ComboFix 11-04-13.03 - TERMINATOR 2011-04-21  18:48:14.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.3071.2506 [GMT 2:00]
Uruchomiony z: c:\documents and settings\TERMINATOR\Pulpit\combo\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall Pro *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-03-21 do 2011-04-21  )))))))))))))))))))))))))))))))
.
.
Nie utworzono żadnych nowych plików w tym okresie
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-21 16:40 . 2010-04-19 09:35	443448	----a-w-	c:\windows\system32\drivers\sptd.sys
2011-03-07 05:33 . 2010-04-13 11:57	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-04 12:00	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-04 12:00	1858176	----a-w-	c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2004-08-04 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-02-22 11:43 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 12:00	455936	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 12:00	357888	----a-w-	c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 12:00	290432	----a-w-	c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 12:00	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 12:00	978944	----a-w-	c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 12:00	974848	----a-w-	c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2010-04-13 11:56	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-04-13 11:56	677888	----a-w-	c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="c:\programy\Tlen.pl\tlen.exe" [2009-01-17 5853672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-19 13680640]
"nwiz"="nwiz.exe" [2009-02-19 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-19 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe" [2010-06-16 1070296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"OutpostMonitor"="c:\programy\OUTPOS~1\op_mon.exe" [2008-08-22 1157448]
"OutpostFeedBack"="c:\programy\Outpost Firewall Pro\feedback.exe" [2008-08-05 435528]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\programy\OUTPOS~1\wl_hook.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Programy\\NAPI-PROJEKT\\napisy.exe"=
"c:\\Programy\\Tlen.pl\\tlen.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"6909:TCP"= 6909:TCP:Services
"6910:TCP"= 6910:TCP:Services
"2926:TCP"= 2926:TCP:Services
"7739:TCP"= 7739:TCP:Services
"2863:TCP"= 2863:TCP:Services
"4161:TCP"= 4161:TCP:Services
"8831:TCP"= 8831:TCP:Services
"7081:TCP"= 7081:TCP:Services
"5332:TCP"= 5332:TCP:Services
"9164:TCP"= 9164:TCP:Services
"9440:TCP"= 9440:TCP:Services
"9441:TCP"= 9441:TCP:Services
"4207:TCP"= 4207:TCP:Services
"4050:TCP"= 4050:TCP:Services
"4190:TCP"= 4190:TCP:Services
"6847:TCP"= 6847:TCP:Services
"5894:TCP"= 5894:TCP:Services
"7629:TCP"= 7629:TCP:Services
"4331:TCP"= 4331:TCP:Services
"8487:TCP"= 8487:TCP:Services
"9721:TCP"= 9721:TCP:Services
"5095:TCP"= 5095:TCP:Services
"2004:TCP"= 2004:TCP:Services
"7565:TCP"= 7565:TCP:Services
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-04-07 95872]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-12-06 673920]
R2 acssrv;Agnitum Client Security Service;c:\programy\OUTPOS~1\acs.exe [2010-12-06 1238344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2010-12-06 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-12-06 234640]
R3 xcpip;Sterownik protokołu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Sterownik IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2010-12-06 33408]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-04-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-TERMINAT-75FC76-TERMINATOR.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-04 02:44]
.
2011-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Skan uzupełniający -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - c:\programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\TERMINATOR\Dane aplikacji\Mozilla\Firefox\Profiles\s90ce5yi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-21 18:51
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000415
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{85DCB3AA-90D3-444B-880C-C72951252E55}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.42.3"
"UniqueId"="001234184BC46AD6"
"ScannerBuild"=dword:00001b0e
"ScannerVersionId"=dword:000013a0
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\programy\OUTPOS~1\wl_hook.dll
.
- - - - - - - > 'explorer.exe'(1600)
c:\windows\system32\WININET.dll
c:\programy\Tlen.pl\hook.dll
c:\windows\system32\webcheck.dll
.
Czas ukończenia: 2011-04-21  18:54:50
ComboFix-quarantined-files.txt  2011-04-21 16:54
.
Przed: 30 374 883 328 bajtów wolnych
Po: 30 378 958 848 bajtów wolnych
.
- - End Of File - - 9BA0479FA651A368A4E354776053DA85