ADVERTISEMENT

log.txt

Log z ComboFix - Log z ComboFix, wirusy autorun.inf

Witam, na dyskach pojawił się folder autorun.inf którego nie da sie usunąć i podejrzewam wirusy. Log z combofix:


Download file - link to post

ComboFix 13-02-12.01 - KamiloS 2013-02-12 19:51:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1535.1002 [GMT 1:00]
Uruchomiony z: c:\documents and settings\KamiloS\Moje dokumenty\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dawid\Pulpit\server.exe
c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\sLT.exf
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Us³ugi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HOST_GENERIC_PROCESS
.
.
((((((((((((((((((((((((( Pliki utworzone od 2013-01-12 do 2013-02-12 )))))))))))))))))))))))))))))))
.
.
2013-02-12 18:57 . 2013-02-12 18:57 5157 ----a-w- c:\windows\system32\drivers\fjmqkn.sys
2013-02-12 18:40 . 2013-02-12 18:40 -------- d-----w- c:\documents and settings\KamiloS\Dane aplikacji\Malwarebytes
2013-02-12 18:40 . 2013-02-12 18:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2013-02-12 18:40 . 2013-02-12 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-12 18:40 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-12 16:49 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2013-02-12 15:47 . 2013-02-12 15:47 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2013-02-12 14:55 . 2013-02-12 15:51 -------- d-----w- c:\documents and settings\KamiloS\Ustawienia lokalne\Dane aplikacji\Google
2013-02-12 14:55 . 2013-02-12 15:51 -------- d-----w- c:\program files\Google
2013-02-11 14:16 . 2013-02-11 14:16 -------- d-----w- c:\documents and settings\Dawid\Dane aplikacji\Ahead
2013-02-09 20:05 . 2013-02-09 20:05 -------- d-----w- c:\documents and settings\Dawid\Ustawienia lokalne\Dane aplikacji\Ahead
2013-02-09 09:17 . 2013-02-09 09:18 -------- d-----w- c:\documents and settings\KamiloS\Ustawienia lokalne\Dane aplikacji\Ahead
2013-02-09 09:16 . 2013-02-11 17:55 -------- d-----w- c:\documents and settings\KamiloS\Dane aplikacji\Ahead
2013-02-09 09:15 . 2013-02-09 09:17 -------- d-----w- c:\program files\Common Files\Ahead
2013-02-06 18:08 . 2013-02-06 18:08 -------- d-----w- c:\documents and settings\KamiloS\Ustawienia lokalne\Dane aplikacji\Identities
2013-02-05 21:19 . 2013-02-05 21:19 -------- d-----w- c:\documents and settings\KamiloS\Ustawienia lokalne\Dane aplikacji\HP
2013-02-02 18:04 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-02-02 17:39 . 2013-02-02 17:39 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-02-02 17:39 . 2013-02-02 17:39 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-02-02 17:33 . 2013-02-02 17:53 -------- d-----w- c:\program files\Sony Ericsson
2013-02-02 10:23 . 2013-02-02 10:23 -------- d-----w- c:\documents and settings\KamiloS\Dane aplikacji\Gearbox Software
2013-02-02 09:06 . 2013-02-02 09:06 -------- d-----w- c:\program files\CCleaner
2013-02-01 19:27 . 2013-02-02 17:39 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-01-31 19:47 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2013-01-31 19:10 . 2013-01-31 19:10 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-01-31 19:06 . 2004-07-15 23:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2013-01-31 19:06 . 2004-07-15 23:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2013-01-31 19:06 . 2004-07-15 23:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2013-01-31 19:06 . 2004-07-15 23:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2013-01-31 19:06 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2013-01-31 19:06 . 2013-01-31 19:06 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2013-01-31 19:06 . 2013-01-31 19:06 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2013-01-31 19:05 . 2013-01-31 19:05 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-31 19:05 . 2013-02-02 11:16 -------- d-----w- c:\documents and settings\KamiloS\Dane aplikacji\DAEMON Tools Lite
2013-01-31 19:05 . 2013-02-12 18:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-01-31 19:04 . 2013-01-31 19:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2013-01-30 19:31 . 2013-01-30 20:01 -------- d-----w- c:\program files\EAGLE-6.4.0
2013-01-30 19:31 . 2013-01-30 19:31 -------- d-----w- c:\documents and settings\KamiloS\Dane aplikacji\CadSoft
2013-01-30 18:18 . 2013-01-30 18:24 -------- d-----w- C:\UsbFix
2013-01-30 17:32 . 2013-02-02 09:07 -------- d-s---w- c:\documents and settings\KamiloS\UserData
2013-01-30 17:26 . 2013-01-30 17:26 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\WEBREG
2013-01-30 17:24 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_d02c.dll
2013-01-30 17:24 . 2009-02-10 20:03 589824 ----a-r- c:\windows\system32\hpost_d02c.dll
2013-01-30 17:24 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2013-01-30 17:24 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2013-01-30 17:24 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2013-01-30 17:21 . 2013-01-30 17:21 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2013-01-30 17:20 . 2013-01-30 17:20 -------- d-----w- c:\program files\Common Files\HP
2013-01-30 17:19 . 2013-01-31 15:51 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HP
2013-01-30 16:47 . 2013-01-31 15:52 -------- d-----w- c:\documents and settings\KamiloS\Dane aplikacji\HP
2013-01-30 16:44 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2013-01-30 16:44 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2013-01-30 16:43 . 2009-04-16 13:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2013-01-30 16:43 . 2009-04-16 13:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2013-01-30 16:43 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2013-01-30 16:43 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2013-01-30 16:37 . 2013-01-30 16:38 -------- d-----w- c:\program files\MailShare
2013-01-30 16:37 . 2011-01-08 00:37 178176 ----a-w- c:\windows\system32\unrar.dll
2013-01-30 16:35 . 2013-01-30 16:35 -------- d-----w- c:\program files\SystemRequirementsLab
2013-01-30 16:35 . 2013-01-30 16:35 -------- d-----w- c:\documents and settings\KamiloS\SystemRequirementsLab
2013-01-30 16:35 . 2013-01-30 16:35 -------- d-----w- c:\windows\Sun
2013-01-30 16:33 . 2013-01-30 16:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2013-01-30 16:31 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2013-01-30 16:31 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-01-30 16:31 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2013-01-30 16:31 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2013-01-30 16:31 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2013-01-30 16:31 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-01-30 16:29 . 2013-01-30 17:23 -------- d-----w- c:\program files\HP
2013-01-30 15:39 . 2013-02-06 14:25 -------- d-----w- c:\documents and settings\Dawid\Dane aplikacji\GHISLER
2013-01-30 15:39 . 2013-01-30 15:40 -------- d-----w- C:\totalcmd
2013-01-30 07:29 . 2013-02-05 17:38 -------- d-----w- c:\documents and settings\KamiloS\Dane aplikacji\XnView
2013-01-30 07:28 . 2013-02-12 18:13 -------- d-----w- c:\program files\XnView
2013-01-29 19:15 . 2013-01-29 19:15 216064 ----a-w- c:\windows\iun3405.exe
2013-01-29 19:15 . 2013-01-29 19:16 -------- d-----w- c:\program files\EWB512
2013-01-29 18:37 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-29 18:37 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-29 18:37 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-29 18:37 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-29 18:37 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-29 18:37 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-29 18:37 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-29 18:37 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-29 18:37 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-29 18:36 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-29 18:36 . 2013-01-29 18:36 -------- d-----w- c:\program files\AVAST Software
2013-01-29 18:36 . 2013-01-29 18:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2013-01-29 18:17 . 2013-02-10 19:53 -------- d-----w- c:\documents and settings\KamiloS\Dane aplikacji\Skype
2013-01-29 18:17 . 2013-01-29 18:17 -------- d-----w- c:\program files\Common Files\Skype
2013-01-29 18:17 . 2013-01-29 18:17 -------- d-----r- c:\program files\Skype
2013-01-29 18:17 . 2013-01-29 18:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2013-01-28 18:34 . 2013-01-28 18:34 -------- d-----w- C:\Archivos de programa
2013-01-28 18:32 . 2013-01-29 17:17 -------- d-----w- c:\documents and settings\KamiloS\Ustawienia lokalne\Dane aplikacji\ChomikBox
2013-01-28 18:32 . 2013-02-12 18:54 -------- d-----w- c:\documents and settings\KamiloS\Ustawienia lokalne\Dane aplikacji\Temp
2013-01-28 18:25 . 2013-01-28 18:25 -------- d-----w- c:\program files\VirtualDJ
2013-01-25 13:12 . 2013-01-25 13:13 -------- d-----w- c:\documents and settings\Dawid\Ustawienia lokalne\Dane aplikacji\Adobe
2013-01-24 19:26 . 2013-01-24 19:26 -------- d-----w- c:\program files\PANDORA.TV
2013-01-24 19:25 . 2013-02-11 14:34 -------- d-----w- c:\program files\The KMPlayer
2013-01-24 19:22 . 2009-03-25 16:48 109864 ----a-w- c:\windows\system32\drivers\s1018unic.sys
2013-01-24 19:22 . 2009-03-25 16:48 10792 ----a-w- c:\windows\system32\drivers\s1018cr.sys
2013-01-24 19:15 . 2013-01-24 19:15 -------- d-----w- c:\windows\system32\LogFiles
2013-01-24 18:59 . 2013-01-24 18:59 -------- d-----w- c:\program files\Avanquest update
2013-01-24 18:59 . 2013-01-24 18:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avanquest
2013-01-24 18:59 . 2013-01-24 18:59 -------- d-----w- c:\documents and settings\KamiloS\Ustawienia lokalne\Dane aplikacji\Sony Ericsson
2013-01-24 18:59 . 2013-01-24 18:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\BVRP Software
2013-01-24 18:59 . 2009-03-25 16:48 86824 ----a-w- c:\windows\system32\drivers\s1018bus.sys
2013-01-24 18:59 . 2009-03-25 16:48 12200 ----a-w- c:\windows\system32\drivers\s1018whnt.sys
2013-01-24 18:59 . 2009-03-25 16:48 12200 ----a-w- c:\windows\system32\drivers\s1018wh.sys
2013-01-24 18:59 . 2013-01-24 18:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson
2013-01-23 18:25 . 2013-01-24 12:49 -------- d-----w- c:\documents and settings\Dawid\Ustawienia lokalne\Dane aplikacji\Temp
2013-01-23 18:25 . 2013-02-01 19:32 -------- d-----w- c:\documents and settings\Dawid\Ustawienia lokalne\Dane aplikacji\ChomikBox
2013-01-23 18:25 . 2013-01-23 18:25 -------- d-----w- c:\program files\ChomikBox
2013-01-23 17:07 . 2013-02-01 19:29 -------- d-----w- c:\documents and settings\Dawid\.gstreamer-0.10
2013-01-23 17:07 . 2013-01-23 17:07 -------- d-----w- c:\documents and settings\Dawid\Dane aplikacji\OpenFM
2013-01-23 10:35 . 2013-01-23 10:37 -------- d-----w- c:\documents and settings\KamiloS\Ustawienia lokalne\Dane aplikacji\Adobe
2013-01-23 10:35 . 2013-01-23 10:35 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-21 11:43 . 2013-01-21 12:05 -------- d-----w- c:\documents and settings\Dawid\Dane aplikacji\.minecraft
2013-01-13 19:28 . 2004-08-03 22:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 21:21 . 2013-01-12 16:57 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-09 21:21 . 2013-01-12 16:57 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-30 18:23 . 2013-01-30 18:23 28359847 ----a-w- C:\UsbFix_Upload_Me_OPARKA-39B5B25B.zip
2013-01-12 16:56 . 2013-01-12 16:56 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-12 16:56 . 2013-01-12 16:56 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-12 16:56 . 2013-01-12 16:56 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-12 16:56 . 2013-01-12 16:56 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= " {472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" Nowe Gadu-Gadu " = " c:\program files\Nowe Gadu-Gadu\gg.exe " [2009-08-31 11473512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" LogMeIn Hamachi Ui " = " c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe " [2012-12-14 2333184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
" EnableLUA " = 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= " Driver "
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BDARemote.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-04-21 16:03 172032 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChomikBox]
2012-11-15 21:19 5979648 ----a-w- c:\program files\ChomikBox\chomikbox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-14 10:08 2333184 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 225280 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18775808 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2012-09-12 10:17 445624 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
" AntiVirusOverride " =dword:00000001
" FirewallOverride " =dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
" AntiVirusOverride " =dword:00000001
" AntiVirusDisableNotify " =dword:00000001
" FirewallDisableNotify " =dword:00000001
" FirewallOverride " =dword:00000001
" UpdatesDisableNotify " =dword:00000001
" UacDisableNotify " =dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
" EnableFirewall " = 0 (0x0)
" DisableNotifications " = 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\Opera\\opera.exe " =
" c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe " =
" c:\\Program Files\\Java\\jre7\\bin\\javaw.exe " =
" c:\\WINDOWS\\system32\\javaw.exe " =
" c:\\Program Files\\Skype\\Phone\\Skype.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe " =
" c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe " =
" c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe " =
" c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe " =
" c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe " =
" c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe " =
" c:\\Documents and Settings\\Dawid\\Pulpit\\WinCSX.exe " =
" c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe " =
" c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe " =
" c:\\Program Files\\CCleaner\\CCleaner.exe " =
" c:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe " =
" d:\\Gry\\Brothers\\System\\bia.exe " =
" c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe " =
" c:\\Documents and Settings\\KamiloS\\Moje dokumenty\\mbam-setup-1.70.0.1100.exe " =
" c:\\Program Files\\Nowe Gadu-Gadu\\spellchecker_gg.exe " =
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-01-29 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-01-29 361032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-01-31 242240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-01-29 21256]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 1436160]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [2013-01-24 625304]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\fjmqkn.sys -- & gt; c:\windows\system32\drivers\fjmqkn.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2013-02-02 12400]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2013-01-24 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2013-01-24 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2013-01-24 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2013-01-24 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2013-01-24 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2013-01-24 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2013-01-24 109864]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-01-24 155320]
.
--- Inne Us³ugi/Sterowniki w Pamiêci ---
.
*NewlyCreated* - AMSINT32
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-12 15:51 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
ZawartoϾ folderu 'Zaplanowane zadania'
.
2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-12 21:21]
.
2013-02-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-29 22:50]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-12 15:49]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-12 15:49]
.
.
------- Skan uzupe³niaj¹cy -------
.
TCP: DhcpNameServer = 192.168.25.1
.
- - - - USUNIÊTO PUSTE WPISY - - - -
.
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
AddRemove-Brothers in Arms - wersja PL - d:\gry\Brothers\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-12 19:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyœlnie ukoñczone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= " FlashBroker "
" LocalizedString " = " @c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
" Enabled " =dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= " c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= " {FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= " IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= " {00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= " {FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
" Version " = " 1.0 "
.
--------------------- Pliki DLL ³adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - & gt; 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - & gt; 'explorer.exe'(604)
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozosta³e uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe
c:\program files\PANDORA.TV\PanService\PanProcess.exe
.
**************************************************************************
.
Czas ukoñczenia: 2013-02-12 19:59:55 - komputer zosta³ uruchomiony ponownie
ComboFix-quarantined-files.txt 2013-02-12 18:59
.
Przed: 8 147 177 472 bajtów wolnych
Po: 7 943 864 320 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= " Microsoft Windows Recovery Console " /cmdcons
UnsupportedDebug= " do not select this " /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= " Microsoft Windows XP Professional " /noexecute=optin /fastdetect
.
- - End Of File - - 53E48C558EBDB10E5D7CC2760221E3D4