combofix.txt

Zmienia się data i czas w komputerze.

Nikt go nie użytkuje.


ComboFix 09-07-01.01 - Top Schrank 2009-07-03 11:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.511.258 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Top Schrank\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((( Pliki utworzone od 2009-06-03 do 2009-07-03 )))))))))))))))))))))))))))))))
.

2009-07-03 07:24 . 2009-06-27 08:01 89104 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090701.048\NAVENG.SYS
2009-07-03 07:24 . 2009-06-27 08:01 876144 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090701.048\NAVEX15.SYS
2009-07-03 07:24 . 2009-06-27 08:01 371248 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090701.048\EECTRL.SYS
2009-07-03 07:24 . 2009-06-27 08:01 259368 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090701.048\ECMSVR32.DLL
2009-07-03 07:24 . 2009-06-27 08:01 2414128 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090701.048\CCERASER.DLL
2009-07-03 07:24 . 2009-06-27 08:01 177520 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090701.048\NAVENG32.DLL
2009-07-03 07:24 . 2009-06-27 08:01 1181040 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090701.048\NAVEX32A.DLL
2009-07-03 07:24 . 2009-06-27 08:01 101936 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090701.048\ERASER.SYS
2009-07-01 15:09 . 2009-07-01 15:09 -------- d-----w- c:\documents and settings\LocalService\Pulpit
2009-07-01 06:00 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll
2009-07-01 06:00 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys
2009-07-01 06:00 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys
2009-07-01 06:00 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll
2009-07-01 06:00 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys
2009-06-29 12:28 . 2009-06-29 12:28 -------- d-----w- c:\documents and settings\Administrator.KAMERY\DoctorWeb
2009-06-29 08:12 . 2009-06-29 12:09 -------- d-----w- c:\program files\SkanerOnline
2009-06-29 08:08 . 2009-06-29 08:08 -------- d-sh--w- C:\found.002
2009-06-23 17:49 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-23 17:49 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys
2009-06-23 17:49 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-23 17:49 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-23 17:49 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys
2009-06-23 12:30 . 2009-06-23 12:30 -------- d-----w- c:\documents and settings\Top Schrank\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 11:07 . 2004-08-04 12:00 50458 ----a-w- c:\windows\system32\perfc015.dat
2009-07-01 11:07 . 2004-08-04 12:00 357326 ----a-w- c:\windows\system32\perfh015.dat
2009-05-07 15:34 . 2004-08-04 12:00 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:47 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:51 . 2004-08-04 12:00 1847424 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawid?owe wpisy nie s? pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" ctfmon.exe " = " c:\windows\system32\ctfmon.exe " [2008-04-14 15360]

c:\documents and settings\Top Schrank\Menu Start\Programy\Autostart\
H-Series.lnk - c:\program files\DVR\H-Series\Main\Main.exe [2007-12-10 1273856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= " Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= " FSFilter Activity Monitor "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
" DisableMonitoring " =dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
" DisableMonitoring " =dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
" DisableMonitoring " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
" EnableFirewall " = 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\DVR\\H-Series\\Server\\Server.exe " =
" c:\\Program Files\\DVR\\H-Series\\Main\\Main.exe " =
" c:\\Program Files\\DVR\\H-Series\\Search\\Search.exe " =
" c:\\Program Files\\DVR\\H-Series\\Remote\\Remote.exe " =
" c:\\Program Files\\DVR\\H-Series\\Setup\\Setup.exe " =
" c:\\Program Files\\DVR\\H-Series\\Viewer\\Viewer.exe " =
" c:\\Program Files\\DVR\\H-Series\\WatermarkViewer\\WaterMarkViewer.exe " =
" c:\\WINDOWS\\system32\\mmc.exe " =
" %windir%\\Network Diagnostic\\xpnetdiag.exe " =
" c:\\Program Files\\TightVNC\\WinVNC.exe " =

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
" 3389:TCP " = 3389:TCP:@xpsp2res.dll,-22009
" 1723:TCP " = 1723:TCP:@xpsp2res.dll,-22015
" 1701:UDP " = 1701:UDP:@xpsp2res.dll,-22016
" 500:UDP " = 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
" AllowInboundTimestampRequest " = 1 (0x1)
" AllowInboundMaskRequest " = 1 (0x1)
" AllowInboundRouterRequest " = 1 (0x1)
" AllowOutboundDestinationUnreachable " = 1 (0x1)
" AllowOutboundSourceQuench " = 1 (0x1)
" AllowOutboundParameterProblem " = 1 (0x1)
" AllowOutboundTimeExceeded " = 1 (0x1)
" AllowRedirect " = 1 (0x1)
" AllowOutboundPacketTooBig " = 1 (0x1)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [2009-04-01 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [2009-04-01 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [2009-04-01 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys [2009-07-01 276344]
R2 ComArT2D;ComArT 2ND Generation Board Device Device Driver;c:\windows\system32\drivers\ComArT2D.SYS [2007-12-07 39598]
R2 ComArT2M;ComArT 2ND Generation Board Master Device Driver;c:\windows\system32\drivers\CAP7146.SYS [2006-09-05 69482]
R2 ComArT2S;ComArT 2ND Generation Board Slave Device Driver;c:\windows\system32\drivers\SAA7146.SYS [2006-09-19 28064]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-04-01 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-01 101936]
S2 Harmonogram automatycznej us?ugi LiveUpdate;Harmonogram automatycznej us?ugi LiveUpdate; " c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe " -- & gt; c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
.
- - - - USUNI?TO PUSTE WPISY - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Skan uzupe?niaj?cy -------
.
uStart Page = hxxp://www.wp.pl/
TCP: {E17B02B4-6F70-42A2-961F-0E44287496A1} = 194.204.159.1,194.204.152.34
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 11:16
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


c:\docume~1\TOPSCH~1\USTAWI~1\Temp\Perflib_Perfdata_510.dat 16384 bytes

skanowanie pomyślnie uko?czone
ukryte pliki: 1

**************************************************************************
Binary file raw_enum.dat matches
.
Czas uko?czenia: 2009-07-03 11:16
ComboFix-quarantined-files.txt 2009-07-03 09:16

Przed: 9 001 283 584 bajtów wolnych
Po: 10 566 221 824 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT= " Microsoft Windows Recovery Console " /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= " Microsoft Windows XP Home Edition " /noexecute=optin /fastdetect

131 --- E O F --- 2009-07-03 05:40


Download file - link to post