Wklejka #269385 | Wklej.org

submitted by marek 7 months, 1 week ago
syntax
ComboFix 10-01-26.02 - Marek 2010-01-26  22:32:00.1.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1033.18.1015.788 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Marek\My Documents\Pobieranie\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Uninstall.ini

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-12-26 do 2010-01-26  )))))))))))))))))))))))))))))))
.

2010-01-26 21:00 . 2010-01-26 21:00	--------	d-----w-	c:\windows\system32\LogFiles
2010-01-26 20:55 . 2010-01-26 20:55	1078	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
2010-01-26 20:55 . 2010-01-26 20:55	1078	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
2010-01-26 20:55 . 2010-01-26 20:55	1078	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
2010-01-26 20:55 . 2010-01-26 20:55	1078	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
2010-01-26 20:55 . 2010-01-26 20:55	--------	d-----w-	c:\program files\Microsoft Bootvis
2010-01-26 20:01 . 2010-01-26 20:01	--------	d-----w-	C:\FOUND.000
2010-01-26 19:55 . 2010-01-26 19:55	--------	d-----w-	c:\program files\Common Files\Adobe
2010-01-26 19:49 . 2010-01-26 19:49	--------	d-----w-	c:\program files\Realtek AC97
2010-01-26 03:44 . 2010-01-25 20:19	67608	----a-w-	c:\documents and settings\Marek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 03:42 . 2010-01-26 03:42	--------	d-----w-	c:\windows\Downloaded Installations
2010-01-26 03:41 . 2005-03-23 09:01	245760	----a-w-	c:\windows\system32\Check.exe
2010-01-26 03:41 . 2010-01-26 03:41	--------	d-----w-	c:\program files\acer
2010-01-26 03:40 . 2010-01-26 03:40	--------	d-----w-	C:\Acer
2010-01-26 03:40 . 2005-01-03 10:51	78208	----a-w-	c:\windows\system32\drivers\epm-shd.sys
2010-01-26 03:40 . 2004-09-01 22:57	221258	----a-w-	c:\windows\system32\Epm-Po.dll
2010-01-26 03:40 . 2004-07-19 12:10	4096	----a-w-	c:\windows\system32\drivers\epm-psd.sys
2010-01-25 22:50 . 2010-01-25 22:51	--------	d-----w-	c:\documents and settings\Marek\Application Data\Nokia
2010-01-25 22:50 . 2010-01-25 22:51	--------	d-----w-	c:\documents and settings\Marek\Application Data\Datalayer
2010-01-25 22:50 . 2010-01-25 22:50	--------	d-----w-	c:\documents and settings\Marek\Phone Browser
2010-01-25 22:11 . 2010-01-25 22:11	--------	d-----w-	c:\documents and settings\Marek\Gadu-Gadu
2010-01-25 21:32 . 2010-01-25 21:33	--------	d-----w-	c:\documents and settings\Marek\Ulubione
2010-01-25 20:31 . 2010-01-25 20:31	45056	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\ARPPRODUCTICON.exe
2010-01-25 20:31 . 2010-01-25 20:31	40960	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut7.exe
2010-01-25 20:31 . 2010-01-25 20:31	3638	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut5.exe
2010-01-25 20:31 . 2010-01-25 20:31	2238	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut9.EXE
2010-01-25 20:31 . 2010-01-25 20:31	2238	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut8.exe
2010-01-25 20:31 . 2010-01-25 20:31	2238	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut4.exe
2010-01-25 20:31 . 2010-01-25 20:31	2238	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut3.exe
2010-01-25 20:31 . 2010-01-25 20:31	2238	----a-r-	c:\documents and settings\Marek\Application Data\Microsoft\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut2.exe
2010-01-25 20:25 . 2010-01-25 20:25	--------	d-----w-	c:\documents and settings\Marek\Application Data\Ahead
2010-01-25 20:25 . 2003-03-29 15:45	89184	----a-w-	c:\windows\system32\drivers\imagedrv.sys
2010-01-25 20:24 . 2001-07-06 17:24	283920	----a-w-	c:\windows\system32\ImagXpr5.dll
2010-01-25 20:24 . 2001-07-06 13:41	569344	----a-w-	c:\windows\system32\imagr5.dll
2010-01-25 20:24 . 2001-07-06 11:44	544768	----a-w-	c:\windows\system32\imagx5.dll
2010-01-25 20:24 . 2001-06-26 07:15	38912	----a-w-	c:\windows\system32\picn20.dll
2010-01-25 20:24 . 2010-01-25 20:24	--------	d-----w-	c:\program files\Common Files\Ahead
2010-01-25 20:24 . 2001-07-09 10:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
2010-01-25 20:24 . 2010-01-25 20:24	--------	d-----w-	c:\program files\Ahead
2010-01-25 20:14 . 2010-01-25 20:14	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-01-25 20:13 . 2010-01-25 20:13	--------	d-----w-	c:\documents and settings\Marek\Application Data\DAEMON Tools Lite
2010-01-25 20:13 . 2010-01-25 20:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-01-25 19:26 . 2010-01-25 19:26	--------	d-----w-	c:\documents and settings\Marek\Local Settings\Application Data\Downloaded Installations
2010-01-25 19:12 . 2010-01-25 19:12	--------	d-----w-	c:\documents and settings\Marek\Local Settings\Application Data\GHISLER
2010-01-25 19:11 . 2009-09-04 16:29	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2010-01-25 19:11 . 2006-09-28 15:05	2414360	----a-w-	c:\windows\system32\d3dx9_31.dll
2010-01-25 19:11 . 2010-01-25 19:11	--------	d-----w-	c:\windows\Logs
2010-01-25 19:10 . 2010-01-25 19:10	--------	d-----w-	c:\documents and settings\Marek\Local Settings\Application Data\Thunderbird
2010-01-25 19:10 . 2010-01-25 19:10	--------	d-----w-	c:\documents and settings\Marek\Application Data\Thunderbird
2010-01-25 19:10 . 2010-01-25 19:10	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-01-25 19:10 . 2006-10-26 18:56	33104	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-01-25 19:10 . 2006-10-26 18:56	32592	----a-w-	c:\windows\system32\msonpmon.dll
2010-01-25 19:07 . 2010-01-25 19:07	--------	d-----w-	c:\program files\NAPI-PROJEKT
2010-01-25 19:07 . 2010-01-25 19:07	--------	d-----w-	c:\windows\SHELLNEW
2010-01-25 19:07 . 2010-01-25 19:07	--------	d-----w-	c:\documents and settings\Marek\Local Settings\Application Data\Microsoft Help
2010-01-25 19:07 . 2010-01-25 19:07	--------	d-----w-	c:\program files\EASEUS
2010-01-25 19:06 . 2010-01-25 19:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-25 19:06 . 2010-01-25 19:06	--------	d-----w-	c:\program files\Azureus
2010-01-25 19:06 . 2010-01-25 19:06	--------	d-----r-	C:\MSOCache
2010-01-25 19:03 . 2010-01-25 19:03	9212577	----a-w-	C:\epm.zip
2010-01-25 18:59 . 2010-01-25 18:59	--------	d-----w-	c:\program files\MarBit
2010-01-25 18:56 . 2010-01-25 18:56	--------	d-s---w-	c:\documents and settings\Marek\UserData
2010-01-25 18:52 . 2010-01-25 18:52	--------	d-----w-	C:\totalcmd
2010-01-25 18:52 . 2010-01-25 18:52	--------	d-----w-	c:\documents and settings\Marek\Application Data\GHISLER
2010-01-25 18:52 . 2009-08-13 06:50	545	----a-w-	c:\windows\UC.PIF
2010-01-25 18:52 . 2009-08-13 06:50	545	----a-w-	c:\windows\RAR.PIF
2010-01-25 18:52 . 2009-08-13 06:50	545	----a-w-	c:\windows\PKZIP.PIF
2010-01-25 18:52 . 2009-08-13 06:50	545	----a-w-	c:\windows\PKUNZIP.PIF
2010-01-25 18:52 . 2009-08-13 06:50	545	----a-w-	c:\windows\NOCLOSE.PIF
2010-01-25 18:52 . 2009-08-13 06:50	545	----a-w-	c:\windows\LHA.PIF
2010-01-25 18:52 . 2009-08-13 06:50	545	----a-w-	c:\windows\ARJ.PIF
2010-01-25 18:47 . 2004-08-04 04:00	26496	----a-w-	c:\windows\system32\dllcache\usbstor.sys

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 19:42 . 2005-03-16 18:10	76487	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-25 22:46 . 2010-01-25 22:46	--------	d-----w-	c:\program files\DIFX
2010-01-25 22:46 . 2010-01-25 22:46	--------	d-----w-	c:\program files\Common Files\Nokia
2010-01-25 22:46 . 2010-01-25 22:46	--------	d-----w-	c:\documents and settings\Marek\Application Data\PC Suite
2010-01-25 22:46 . 2010-01-25 22:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Suite
2010-01-25 22:46 . 2010-01-25 22:46	--------	d-----w-	c:\program files\Common Files\PCSuite
2010-01-25 22:46 . 2010-01-25 22:46	--------	d-----w-	c:\program files\Nokia
2010-01-25 20:32 . 2005-03-16 18:31	1024	---h--r-	c:\windows\system32\NTIBUN4.dll
2010-01-25 20:32 . 2005-03-16 18:30	6144	----a-w-	c:\windows\system32\drivers\NTIDrvr.sys
2010-01-25 20:30 . 2005-03-16 18:30	1024	---h--r-	c:\windows\system32\NTIMPEG2.dll
2010-01-25 20:30 . 2005-03-16 18:30	1024	---h--r-	c:\windows\system32\NTIMP3.dll
2010-01-25 20:30 . 2005-03-16 18:30	1024	---h--r-	c:\windows\system32\NTIFCD3.dll
2010-01-25 20:30 . 2005-03-16 18:30	1024	---h--r-	c:\windows\system32\NTICDMK7.dll
2010-01-25 19:09 . 2010-01-25 19:09	--------	d-----w-	c:\program files\Winamp
2010-01-25 19:09 . 2010-01-25 19:09	--------	d-----w-	c:\documents and settings\Marek\Application Data\Winamp
2010-01-25 19:09 . 2010-01-25 19:09	--------	d-----w-	c:\program files\Microsoft Works
2010-01-25 19:02 . 2010-01-25 19:02	0	----a-w-	c:\windows\nsreg.dat
2010-01-25 19:02 . 2010-01-25 19:02	--------	d-----w-	c:\program files\K-Lite Codec Pack
2010-01-25 18:32 . 1979-12-31 23:00	4094	----a-w-	c:\windows\CLEANUP.CMD
2010-01-25 18:32 . 1979-12-31 23:00	228	----a-w-	c:\windows\HOTFIX.BAT
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-19 88358]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-02-22 180224]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-02-22 2889216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-25 691696]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\jow6f3ga.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 22:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  


C:\FOUND.000
C:\BOOK
C:\SYSINFO
C:\BOOTSECT.DOS 32768 bytes
C:\WINDOWS
C:\ntldr 262144 bytes
C:\NTDETECT.COM 65536 bytes
C:\boot.ini 32768 bytes
C:\Documents and Settings
C:\Program Files
C:\CONFIG.SYS 0 bytes
C:\AUTOEXEC.BAT 32768 bytes
C:\IO.SYS 0 bytes
C:\MSDOS.SYS 0 bytes
C:\System Volume Information
C:\pagefile.sys 1598029824 bytes
C:\hiberfil.sys 1064828928 bytes
C:\Acer
C:\totalcmd
C:\epm.zip 9240576 bytes
C:\MSOCache
C:\ISACER.ID 32768 bytes
C:\Qoobox
C:\ComboFix
C:\cmdcons
C:\cmldr 294912 bytes
C:\Boot.bak 32768 bytes

skanowanie pomyślnie ukończone
ukryte pliki: 27

**************************************************************************
.
Czas ukończenia: 2010-01-26  22:39:29
ComboFix-quarantined-files.txt  2010-01-26 21:39

Przed: 7 330 562 048 bytes free
Po: 7 386 202 112 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F0AA8FBA7022188722FD1386C5C041C2
Did you know, that…?
