ComboFix 11-10-08.05 - Pc 2011-10-09 9:12.9.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.765.276 [GMT 2:00] Uruchomiony z: c:\documents and settings\Pc\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Pc\Pulpit\CFScript.txt AV: AVG Anti-Virus plus Firewall *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . FILE :: "c:\windows\system32\uadiih.dll" . . ((((((((((((((((((((((((( Pliki utworzone od 2011-09-09 do 2011-10-09 ))))))))))))))))))))))))))))))) . . 2011-10-09 06:45 . 2011-10-09 06:45 -------- d-----w- c:\documents and settings\Administrator 2011-10-09 06:42 . 2011-10-09 06:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avg8 2011-10-08 21:01 . 2011-10-08 21:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Common Files 2011-10-08 21:00 . 2011-10-08 23:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MFAData 2011-10-08 20:03 . 2011-10-08 20:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avanquest . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-25 20:35 . 2010-03-14 11:06 13099824 ----a-w- c:\program files\kmplayer_[www.proramosy.pl].exe 2011-10-02 09:40 . 2011-06-22 13:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-10-08_21.57.18 ))))))))))))))))))))))))))))))))))))))))) . + 2011-10-09 06:48 . 2011-10-09 06:48 16384 c:\windows\temp\Perflib_Perfdata_ac.dat + 2004-08-03 22:44 . 2004-08-03 22:44 18944 c:\windows\system32\midimap(2).dll + 2011-10-08 23:25 . 2011-10-08 23:25 337408 c:\windows\Installer\abf3d.msi + 2011-10-08 20:41 . 2011-10-08 23:12 1650496 c:\windows\system32\Restore\rstrlog.dat + 2011-10-06 19:56 . 2011-10-06 19:56 13135872 c:\windows\Installer\1475a.msp . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024] . [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2007-08-03 53248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 864256] "TouchPadHotKey"="c:\program files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 364544] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "NPSStartup"="" [BU] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 40448] . c:\documents and settings\Pc\Menu Start\Programy\Autostart\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] TFPANEL.exe [2009-7-3 264192] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Utility Tray.lnk - c:\windows\system32\sistray.exe [2010-3-13 262144] WirelessSelector.lnk - c:\program files\FSC\Wireless Utility\WirelessSelector.exe [2010-3-13 650752] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2009-04-02 17:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2008-06-18 13:31 1122816 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-08-10 14:21 16384000 ----a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2008-02-20 14:20 360448 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "FsUsbExService"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5474:TCP"= 5474:TCP:yrkyn . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-03-13 685816] S2 mkyhtdc;Task Network;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-09 36608] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-12-09 90112] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-12-09 14976] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-12-09 121856] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-12-09 233472] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs mkyhtdc . . ------- Skan uzupełniający ------- . uStart Page = my.daemon-search.com IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html TCP: DhcpNameServer = 217.30.129.149 217.30.137.200 FF - ProfilePath - c:\documents and settings\Pc\Dane aplikacji\Mozilla\Firefox\Profiles\i3kgfb3m.default\ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-09 09:19 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mkyhtdc] "ServiceDll"="c:\windows\system32\usqsapq.dll" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(556) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll . - - - - - - - > 'lsass.exe'(612) c:\windows\system32\SETUPAPI.dll c:\windows\system32\psbase.dll . - - - - - - - > 'explorer.exe'(1816) c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\LINKINFO.dll c:\windows\system32\ntshrui.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\webcheck.dll . Czas ukończenia: 2011-10-09 09:21:06 ComboFix-quarantined-files.txt 2011-10-09 07:21 ComboFix2.txt 2011-10-09 07:07 ComboFix3.txt 2011-10-09 00:14 ComboFix4.txt 2011-10-08 22:38 . Przed: 24 274 128 896 bajtów wolnych Po: 24 264 056 832 bajtów wolnych . - - End Of File - - 337D4E7A85E26AC11E2EAF24CE2F4E19