Zaloguj się
Rejestracja
Pomoc
Ten temat jest zamknięty
Cytuj
ComboFix 10-01-04.01 - Bront 2010-01-07 0:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1521 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Bront\Moje dokumenty\Pobieranie\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\KB835221.exe
c:\windows\system32\kb888111.exe
c:\windows\system32\msconfig.exe
c:\windows\system32\SIntf16.dll
c:\windows\system32\midimap.dll . . . jest zainfekowany!!
.
((((((((((((((((((((((((( Pliki utworzone od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-06 22:14 . 2010-01-06 22:17 -------- d-----w- c:\program files\Anti Trojan Elite
2010-01-06 22:12 . 2010-01-06 22:12 -------- d-----w- c:\windows\system32\RTCOM
2010-01-06 21:59 . 2010-01-06 22:09 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-01-06 21:23 . 2010-01-06 22:01 -------- d-----w- c:\program files\ATS2
2010-01-06 21:10 . 2010-01-06 21:10 -------- d-----w- c:\program files\CCleaner
2010-01-06 20:59 . 2010-01-06 21:13 -------- d-----w- c:\program files\SkanerOnline
2009-12-20 11:42 . 2009-12-20 11:42 -------- d-----w- c:\program files\Winamp Detect
2009-12-20 11:42 . 2009-12-20 11:43 -------- d-----w- c:\documents and settings\Bront\Dane aplikacji\Winamp
2009-12-20 11:42 . 2009-12-20 11:42 -------- d-----w- c:\program files\Winamp
2009-12-19 09:58 . 2009-12-19 09:58 294656 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avglngx.dll
2009-12-16 17:23 . 2009-12-16 17:23 -------- d-----w- c:\program files\Motorola
2009-12-13 16:28 . 2009-12-23 10:17 4043544 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgui.exe
2009-12-13 16:28 . 2009-12-13 16:28 2033432 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgtray.exe
2009-12-13 16:28 . 2009-12-13 16:28 3776280 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\setup.exe
2009-12-13 16:28 . 2009-12-13 16:28 2352920 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgresf.dll
2009-12-10 12:34 . 2009-12-23 10:16 3966744 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgcorex.dll
2009-12-10 12:34 . 2009-12-10 12:34 844056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgupd.exe
2009-12-10 12:34 . 2009-12-10 12:34 1658136 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgupd.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 23:06 . 2008-06-16 03:28 49572 ----a-w- c:\windows\system32\perfc015.dat
2010-01-06 23:06 . 2008-06-16 03:28 356568 ----a-w- c:\windows\system32\perfh015.dat
2010-01-06 22:05 . 2010-01-06 22:05 -------- d-----w- c:\program files\Realtek
2010-01-06 22:05 . 2009-04-20 10:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-06 18:21 . 2009-04-20 08:23 -------- d-----w- c:\documents and settings\Bront\Dane aplikacji\uTorrent
2009-12-08 20:47 . 2009-04-20 14:22 -------- d-----w- c:\program files\ALLPlayer
2009-12-07 12:19 . 2009-12-07 12:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-07 12:19 . 2009-12-07 12:19 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-07 12:19 . 2009-12-07 12:19 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-07 12:19 . 2009-12-07 12:19 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-07 12:18 . 2009-12-07 12:18 -------- d-----w- c:\program files\AVG
2009-12-07 12:18 . 2009-12-07 12:18 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\avg9
2009-11-06 09:28 . 2009-04-20 19:00 1477 ----a-w- c:\windows\eReg.dat
.
------- Sigcheck -------
[-] 2008-09-01 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-16 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-06-16 . 37ED43F3DEC4400586554D61C3129478 . 112128 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[-] 2008-06-16 . 7F059A93D251284A8BC758327ECD3D69 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-07-06 . 04404B7F25984558AD3390BF84C4EB95 . 2153472 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-07-10 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2008-06-27 . 4EC7ED41D95D18B3CD1A2BD9DFEFB591 . 1424896 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-06-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-07-07 . 2BC05E243B86AA8E569EE3C5D8B3C424 . 2032128 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
c:\windows\System32\wscntfy.exe ... - brak elementu
c:\windows\System32\ctfmon.exe ... - brak elementu
c:\windows\System32\regsvc.dll ... - brak elementu
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]
"Steam"="d:\steam\Steam.exe" [2009-10-25 1217808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"SoundMan"="SOUNDMAN.EXE" [2008-08-19 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2009-06-14 4076544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-16 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-07 12:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-12 15:21 17531392 ----a-w- c:\windows\RTHDCPL.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Torrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11687:TCP"= 11687:TCP:BitComet 11687 TCP
"11687:UDP"= 11687:UDP:BitComet 11687 UDP
"9019:TCP"= 9019:TCP:lzkvfbyg
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-07 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-07 360584]
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [2010-01-06 9216]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-12-07 285392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-20 721904]
S2 zekznp;Microsoft Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-06-16 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-01-06 1684736]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-09-01 46592]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zekznp
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {7D229471-57E9-4E14-A839-72FFE324A614} = 213.184.16.1,213.184.16.2
FF - ProfilePath - c:\documents and settings\Bront\Dane aplikacji\Mozilla\Firefox\Profiles\rrr371ot.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-wsctf.exe - wsctf.exe
AddRemove-Stainless_Steel_6.0_Part1of2 - d:\medieval ii - total war\Uninstal.exe
AddRemove-Stainless_Steel_6.0_Part2of2 - d:\medieval ii - total war\Uninstal.exe
**************************************************************************
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zekznp]
"ServiceDll"="c:\windows\system32\phirvv.dll"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\scecli.dll
.
Czas ukończenia: 2010-01-07 00:07:37
ComboFix-quarantined-files.txt 2010-01-06 23:07
Przed: 1 868 042 240 bajtów wolnych
Po: 1 847 472 128 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 5251DD2CA77D5E5121E3C2CD50B3250C
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1521 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Bront\Moje dokumenty\Pobieranie\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\KB835221.exe
c:\windows\system32\kb888111.exe
c:\windows\system32\msconfig.exe
c:\windows\system32\SIntf16.dll
c:\windows\system32\midimap.dll . . . jest zainfekowany!!
.
((((((((((((((((((((((((( Pliki utworzone od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-06 22:14 . 2010-01-06 22:17 -------- d-----w- c:\program files\Anti Trojan Elite
2010-01-06 22:12 . 2010-01-06 22:12 -------- d-----w- c:\windows\system32\RTCOM
2010-01-06 21:59 . 2010-01-06 22:09 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-01-06 21:23 . 2010-01-06 22:01 -------- d-----w- c:\program files\ATS2
2010-01-06 21:10 . 2010-01-06 21:10 -------- d-----w- c:\program files\CCleaner
2010-01-06 20:59 . 2010-01-06 21:13 -------- d-----w- c:\program files\SkanerOnline
2009-12-20 11:42 . 2009-12-20 11:42 -------- d-----w- c:\program files\Winamp Detect
2009-12-20 11:42 . 2009-12-20 11:43 -------- d-----w- c:\documents and settings\Bront\Dane aplikacji\Winamp
2009-12-20 11:42 . 2009-12-20 11:42 -------- d-----w- c:\program files\Winamp
2009-12-19 09:58 . 2009-12-19 09:58 294656 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avglngx.dll
2009-12-16 17:23 . 2009-12-16 17:23 -------- d-----w- c:\program files\Motorola
2009-12-13 16:28 . 2009-12-23 10:17 4043544 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgui.exe
2009-12-13 16:28 . 2009-12-13 16:28 2033432 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgtray.exe
2009-12-13 16:28 . 2009-12-13 16:28 3776280 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\setup.exe
2009-12-13 16:28 . 2009-12-13 16:28 2352920 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgresf.dll
2009-12-10 12:34 . 2009-12-23 10:16 3966744 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgcorex.dll
2009-12-10 12:34 . 2009-12-10 12:34 844056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgupd.exe
2009-12-10 12:34 . 2009-12-10 12:34 1658136 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgupd.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 23:06 . 2008-06-16 03:28 49572 ----a-w- c:\windows\system32\perfc015.dat
2010-01-06 23:06 . 2008-06-16 03:28 356568 ----a-w- c:\windows\system32\perfh015.dat
2010-01-06 22:05 . 2010-01-06 22:05 -------- d-----w- c:\program files\Realtek
2010-01-06 22:05 . 2009-04-20 10:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-06 18:21 . 2009-04-20 08:23 -------- d-----w- c:\documents and settings\Bront\Dane aplikacji\uTorrent
2009-12-08 20:47 . 2009-04-20 14:22 -------- d-----w- c:\program files\ALLPlayer
2009-12-07 12:19 . 2009-12-07 12:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-07 12:19 . 2009-12-07 12:19 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-07 12:19 . 2009-12-07 12:19 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-07 12:19 . 2009-12-07 12:19 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-07 12:18 . 2009-12-07 12:18 -------- d-----w- c:\program files\AVG
2009-12-07 12:18 . 2009-12-07 12:18 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\avg9
2009-11-06 09:28 . 2009-04-20 19:00 1477 ----a-w- c:\windows\eReg.dat
.
------- Sigcheck -------
[-] 2008-09-01 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-16 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-06-16 . 37ED43F3DEC4400586554D61C3129478 . 112128 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[-] 2008-06-16 . 7F059A93D251284A8BC758327ECD3D69 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-07-06 . 04404B7F25984558AD3390BF84C4EB95 . 2153472 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-07-10 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2008-06-27 . 4EC7ED41D95D18B3CD1A2BD9DFEFB591 . 1424896 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-06-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-07-07 . 2BC05E243B86AA8E569EE3C5D8B3C424 . 2032128 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
c:\windows\System32\wscntfy.exe ... - brak elementu
c:\windows\System32\ctfmon.exe ... - brak elementu
c:\windows\System32\regsvc.dll ... - brak elementu
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]
"Steam"="d:\steam\Steam.exe" [2009-10-25 1217808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"SoundMan"="SOUNDMAN.EXE" [2008-08-19 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2009-06-14 4076544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-16 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-07 12:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-12 15:21 17531392 ----a-w- c:\windows\RTHDCPL.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Torrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11687:TCP"= 11687:TCP:BitComet 11687 TCP
"11687:UDP"= 11687:UDP:BitComet 11687 UDP
"9019:TCP"= 9019:TCP:lzkvfbyg
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-07 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-07 360584]
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [2010-01-06 9216]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-12-07 285392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-20 721904]
S2 zekznp;Microsoft Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-06-16 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-01-06 1684736]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-09-01 46592]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zekznp
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {7D229471-57E9-4E14-A839-72FFE324A614} = 213.184.16.1,213.184.16.2
FF - ProfilePath - c:\documents and settings\Bront\Dane aplikacji\Mozilla\Firefox\Profiles\rrr371ot.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-wsctf.exe - wsctf.exe
AddRemove-Stainless_Steel_6.0_Part1of2 - d:\medieval ii - total war\Uninstal.exe
AddRemove-Stainless_Steel_6.0_Part2of2 - d:\medieval ii - total war\Uninstal.exe
**************************************************************************
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zekznp]
"ServiceDll"="c:\windows\system32\phirvv.dll"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\scecli.dll
.
Czas ukończenia: 2010-01-07 00:07:37
ComboFix-quarantined-files.txt 2010-01-06 23:07
Przed: 1 868 042 240 bajtów wolnych
Po: 1 847 472 128 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 5251DD2CA77D5E5121E3C2CD50B3250C
