ComboFix 12-02-22.01 - Damiano 2012-02-23  19:31:40.3.2 - x86
Uruchomiony z: c:\documents and settings\Damiano\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Damiano\Pulpit\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 * Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-01-23 do 2012-02-23  )))))))))))))))))))))))))))))))
.
.
2012-02-22 11:52 . 2012-02-22 11:52	--------	d-----w-	C:\spoolerlogs
2012-02-21 21:37 . 2012-02-22 18:44	--------	d-sh--w-	c:\documents and settings\Damiano\Ustawienia lokalne\Dane aplikacji\367a4043
2012-02-20 15:41 . 2012-02-20 15:41	--------	d-----w-	c:\documents and settings\Damiano\Dane aplikacji\LibreOffice
2012-02-20 15:40 . 2012-02-20 15:40	--------	d-----w-	c:\windows\ShellNew
2012-02-20 15:38 . 2012-02-20 15:40	--------	d-----w-	c:\program files\LibreOffice 3.4
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:28 . 2011-05-23 15:45	17488	----a-w-	c:\windows\gdrv.sys
2012-02-17 22:24 . 2011-05-12 10:15	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Błąd usług kryptograficznych !!
.
(((((((((((((((((((((((((((((   SnapShot_2012-02-22_18.48.16   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-23 18:28 . 2012-02-23 18:28	16384              c:\windows\Temp\Perflib_Perfdata_52c.dat
+ 2012-02-23 18:31 . 2012-02-23 18:31	16384              c:\windows\Temp\Perflib_Perfdata_3b4.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-04-01 405504]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-05-04 11981408]
"H/PC Connection Agent"="d:\activesync\Wcescomm.exe" [2006-11-13 1289000]
"PC Suite Tray"="d:\nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-11-27 2169368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8523776]
"nwiz"="nwiz.exe" [2007-11-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-28 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Nokia.PCSync"="d:\nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
.
c:\documents and settings\Damiano\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Monitor Apache Servers.lnk - e:\apache software foundation\Apache2.2\bin\ApacheMonitor.exe [2008-12-10 41042]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2010-10-16 950272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disableregedit"= 0 (0x0)
"RestrictRun"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"e:\\programowanie\\programy\\Eclipse\\eclipse\\eclipse.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"e:\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"e:\\Football Manager 2010\\fm.exe"=
"d:\activesync\rapimgr.exe"= d:\activesync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\activesync\wcescomm.exe"= d:\activesync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\activesync\WCESMgr.exe"= d:\activesync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aeba;aeba;c:\windows\system32\aeba.sys [x]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 OracleXETNSListener;OracleXETNSListener;e:\programowanie\programy\Oracle10g\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\DRIVERS\RTLTEAMING.SYS [2009-05-05 28544]
R3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\DRIVERS\RTLVLAN.SYS [2009-02-16 17536]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R3 Tomcat5;Apache Tomcat;c:\tomcat5_5\Tomcat 5.5\bin\tomcat5.exe [2008-08-29 57344]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;e:\programowanie\programy\oracle10g\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S2 Apache2.2;Apache2.2;e:\apache software foundation\Apache2.2\bin\httpd.exe [2008-12-09 24636]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136]
S2 OracleServiceDAMIAN;OracleServiceDAMIAN;e:\programowanie\programy\oracle\bin\ORACLE.EXE DAMIAN [x]
S2 OracleServiceXE;OracleServiceXE;e:\programowanie\programy\oracle10g\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
S2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt5x.sys [2008-07-09 22016]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
NETSVCS WYMAGA NAPRAWY - pokazano aktualnie istniejące wpisy
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://wyborcza.biz/biznes/0,0.html?p=005
uInternet Settings,ProxyServer = 192.168.1.1:3128
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://download09.managerzone.com/soccer-3d/PowerLoader.cab
FF - ProfilePath - c:\documents and settings\Damiano\Dane aplikacji\Mozilla\Firefox\Profiles\zbvobdmx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-23 19:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
"ImagePath"="\"c:\mysql\bin\mysqld\" --defaults-file=\"c:\mysql\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\OracleOraHome92TNSListener]
"ImagePath"="e:\programowanie\programy\Oracle\BIN\TNSLSNR "
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-725345543-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65F2FA5F-74C4-2F7C-5C9E-E3D78FD60CE0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hafnaihmmemepckf"=hex:6d,61,68,6d,68,65,68,69,70,64,66,64,6c,66,65,6a,6e,63,
   6e,6d,63,6a,6f,6f,68,6f,00,00
"jagnnifcjnnnogmfjmdn"=hex:6f,61,6b,6e,67,69,63,70,63,6d,70,66,6b,61,6f,69,6d,
   63,67,70,6f,64,65,6f,66,67,6c,65,69,6b,00,00
.
[HKEY_USERS\S-1-5-21-602162358-725345543-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d3,16,4e,60,8f,60,2a,4c,ad,c0,23,79,41,74,ee,26,20,0e,cf,43,b2,7d,9d,
   31,d3,7f,a6,92,aa,86,c9,7d,0e,8f,f3,28,11,9f,54,aa,85,81,40,57,ec,d0,b1,48,\
"??"=hex:1e,c8,fa,44,6e,c9,61,10,4a,b7,4e,64,42,36,e7,9a
.
Czas ukończenia: 2012-02-23  19:39:41
ComboFix-quarantined-files.txt  2012-02-23 18:39
ComboFix2.txt  2012-02-22 18:54
.
Przed: 2 592 362 496 bajtów wolnych
Po: 2 587 856 896 bajtów wolnych
.
- - End Of File - - 8F553045AA2BDCB29FF0CE37D191D0AF