ComboFix 12-01-04.02 - d530 2012-01-04 19:15:34.1.1 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1271.903 [GMT 1:00] Uruchomiony z: c:\documents and settings\d530\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\HP c:\documents and settings\All Users\Dane aplikacji\HP\Digital Imaging\Data\Mars.ini c:\documents and settings\All Users\Dane aplikacji\HP\Digital Imaging\Data\RedBox.ini c:\documents and settings\All Users\Dane aplikacji\HP\Digital Imaging\hp deskjet F4100 series\1291289352\Data\1291289352.ini c:\documents and settings\d530\Dane aplikacji\HP c:\documents and settings\d530\Dane aplikacji\HP\ScLogs\SolutionCenter.htm c:\documents and settings\d530\Menu Start\Internet Explorer.lnk c:\documents and settings\d530\Moje dokumenty\~WRL0003.tmp c:\documents and settings\d530\Moje dokumenty\~WRL0005.tmp c:\documents and settings\d530\Moje dokumenty\~WRL1696.tmp c:\documents and settings\d530\Moje dokumenty\~WRL1970.tmp c:\documents and settings\d530\Moje dokumenty\~WRL2620.tmp c:\documents and settings\d530\Moje dokumenty\~WRL2888.tmp c:\documents and settings\d530\Moje dokumenty\~WRL3371.tmp c:\documents and settings\d530\Moje dokumenty\~WRL3738.tmp c:\documents and settings\d530\Moje dokumenty\~WRL3979.tmp c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\AutoRun.inf c:\windows\system32\CddbCdda.dll c:\windows\system32\CF22376.exe c:\windows\system32\CF22379.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\msssc.dll c:\windows\system32\TZLog.log . . ((((((((((((((((((((((((( Pliki utworzone od 2011-12-04 do 2012-01-04 ))))))))))))))))))))))))))))))) . . 2012-01-04 18:01 . 2012-01-04 18:01 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-04 18:01 . 2012-01-04 18:01 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-01-04 18:01 . 2012-01-04 18:01 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-04 18:01 . 2012-01-04 18:01 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-04 16:13 . 2012-01-04 16:13 -------- d-----w- c:\documents and settings\Administrator 2011-12-22 10:14 . 2007-11-14 02:08 100992 ----a-w- c:\windows\system32\drivers\adusbser.sys 2011-12-22 10:13 . 2011-12-22 17:28 -------- d-----w- c:\program files\Orange . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 14:40 . 2003-04-16 12:00 1859840 ----a-w- c:\windows\system32\win32k.sys 2011-11-15 08:51 . 2011-05-26 13:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-01 16:07 . 2003-04-16 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-31 23:37 . 2008-03-04 10:15 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-10-31 23:37 . 2003-04-16 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2011-10-31 23:37 . 2003-04-16 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2011-10-31 23:37 . 2003-04-16 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2011-10-28 05:32 . 2003-04-16 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:49 . 2003-04-16 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:49 . 2002-09-20 17:12 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2003-04-16 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2008-03-04 09:55 692736 ----a-w- c:\windows\system32\inetcomm.dll 2012-01-04 18:01 . 2011-03-31 11:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-05-05 13345376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Action Manager 32.lnk backup=c:\windows\pss\Action Manager 32.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr] 2003-05-08 10:34 69632 ------w- c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-06-22 11:02 136176 ----atw- c:\documents and settings\d530\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:21 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] 2008-03-26 16:41 1232896 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2008-04-16 10:53 1079808 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-05-27 09:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ServiceLayer"=3 (0x3) "MDM"=2 (0x2) "FTRTSVC"=2 (0x2) "ABBYY.Licensing.FineReader.Professional.9.0"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\RALINK\\Common\\RaUI.exe"= "c:\\Program Files\\Analog Devices\\SoundMAX\\DLSLoader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "2552:UDP"= 2552:UDP:Windows Media Format SDK (iexplore.exe) "2553:UDP"= 2553:UDP:Windows Media Format SDK (iexplore.exe) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) . S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-06-09 11352] S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [2011-12-22 100992] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-07-08 102656] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 32856] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-02 19472] S3 MadgeTRN;Sterownik NDIS5 karty Madge Token-Ring;c:\windows\system32\drivers\mdgndis5.sys [2008-03-04 164586] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-06-25 450560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Zawartość folderu 'Zaplanowane zadania' . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-413027322-839522115-1003Core.job - c:\documents and settings\d530\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-06-22 11:02] . 2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-413027322-839522115-1003UA.job - c:\documents and settings\d530\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-06-22 11:02] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx FF - ProfilePath - c:\documents and settings\d530\Dane aplikacji\Mozilla\Firefox\Profiles\fmyohac4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl . - - - - USUNIĘTO PUSTE WPISY - - - - . MSConfigStartUp-ABBYY Screenshot Reader Retail - c:\program files\ABBYY Screenshot Reader\ScreenShotReader.exe MSConfigStartUp-BEWINTERNET-PLSessionManager - c:\program files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-04 19:24 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-01-04 19:27:25 ComboFix-quarantined-files.txt 2012-01-04 18:27 . Przed: 17 384 542 208 bajtów wolnych Po: 17 494 577 152 bajtów wolnych . - - End Of File - - 4EF4B64E6E564C409AC8F7D2825FC9D2