ComboFix 12-01-31.01 - ADM 01-02-2012 14:56:34.2.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.48.1045.18.2008.802 [GMT 1:00] Uruchomiony z: c:\users\ADM\AppData\Local\Temp\7ZipSfx.000\ComboFix_www.INSTALKI.pl_.exe AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: Zapora osobista *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Rezydentny antywirus jest aktywny . . . ((((((((((((((((((((((((( Pliki utworzone od 2012-01-01 do 2012-02-01 ))))))))))))))))))))))))))))))) . . 2012-02-01 14:02 . 2012-02-01 14:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-01 11:24 . 2008-09-26 17:04 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys 2012-02-01 11:24 . 2008-09-26 17:04 113152 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2012-02-01 11:24 . 2008-09-26 17:04 101760 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2012-02-01 11:24 . 2008-09-26 17:03 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2012-02-01 11:17 . 2012-02-01 11:25 -------- d-----w- c:\program files\PLAY ONLINE 2012-01-31 07:47 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF24B733-D6D0-4651-BD09-AEA4FF95B419}\mpengine.dll 2012-01-30 11:16 . 2011-12-20 17:50 79360 ----a-w- c:\windows\system32\ff_vfw.dll 2012-01-30 11:16 . 2011-12-20 17:49 48128 ----a-w- c:\windows\system32\ff_acm.acm 2012-01-30 11:16 . 2012-01-30 11:16 -------- d-----w- c:\program files\ffdshow 2012-01-30 10:48 . 2012-01-30 10:48 237 ----a-w- C:\user.js 2012-01-30 10:48 . 2012-01-30 10:48 -------- d-----w- c:\program files\BabylonToolbar 2012-01-30 10:48 . 2012-01-30 10:48 -------- d-----w- c:\users\ADM\AppData\Local\Babylon 2012-01-30 10:48 . 2012-01-30 10:48 -------- d-----w- c:\users\ADM\AppData\Roaming\Babylon 2012-01-30 10:48 . 2012-01-30 10:48 -------- d-----w- c:\programdata\Babylon 2012-01-30 10:48 . 2012-01-30 10:48 -------- d-----w- c:\program files\FoxTabFLVPlayer 2012-01-30 10:25 . 2012-01-30 10:25 -------- d-----w- c:\users\ADM\AppData\Local\Apple Computer 2012-01-30 10:25 . 2012-01-30 14:00 -------- d-----w- c:\users\ADM\AppData\Roaming\Apple Computer 2012-01-30 10:24 . 2012-01-30 10:24 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin7.dll 2012-01-30 10:24 . 2012-01-30 10:24 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin6.dll 2012-01-30 10:24 . 2012-01-30 10:24 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin5.dll 2012-01-30 10:24 . 2012-01-30 10:24 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin4.dll 2012-01-30 10:24 . 2012-01-30 10:24 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin3.dll 2012-01-30 10:24 . 2012-01-30 10:24 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin2.dll 2012-01-30 10:24 . 2012-01-30 10:24 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin.dll 2012-01-30 10:22 . 2012-01-30 10:24 -------- d-----w- c:\program files\QuickTime 2012-01-30 10:22 . 2012-01-30 10:22 -------- d-----w- c:\programdata\Apple Computer 2012-01-30 10:19 . 2012-01-30 10:19 -------- d-----w- c:\users\ADM\AppData\Local\Apple 2012-01-30 10:19 . 2012-01-30 10:19 -------- d-----w- c:\program files\Apple Software Update 2012-01-30 10:19 . 2012-01-30 10:19 -------- d-----w- c:\programdata\Apple 2012-01-22 11:37 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-22 11:37 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-22 11:37 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-22 11:37 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-22 11:37 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-22 11:37 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-01-20 17:51 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2012-01-20 17:31 . 2012-01-20 17:31 -------- d-----w- c:\program files\Windows Portable Devices 2012-01-19 19:50 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2012-01-19 19:50 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2012-01-19 19:50 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2012-01-19 19:49 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2012-01-19 19:49 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2012-01-19 19:49 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-01-19 19:49 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-01-19 19:49 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2012-01-19 19:49 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe 2012-01-19 19:49 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll 2012-01-19 17:12 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-01-19 17:12 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-01-19 17:12 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll 2012-01-19 17:12 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax 2012-01-19 17:12 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-01-19 17:12 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-01-19 17:12 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll 2012-01-19 17:12 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-01-19 17:12 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-01-19 17:12 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2012-01-19 17:12 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-01-19 17:10 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-01-19 17:10 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-01-19 17:10 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-01-19 17:10 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll 2012-01-19 17:10 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-01-19 17:10 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2012-01-19 17:10 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll 2012-01-19 17:10 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2012-01-19 17:10 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-01-19 17:09 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2012-01-19 17:09 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2012-01-19 17:09 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll 2012-01-19 17:09 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll 2012-01-19 17:09 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-01-19 17:08 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-01-19 17:08 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-01-19 17:07 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys 2012-01-19 17:07 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll 2012-01-19 17:07 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-01-19 17:07 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll 2012-01-19 17:07 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll 2012-01-19 17:06 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2012-01-19 17:06 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2012-01-19 17:06 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2012-01-19 17:06 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2012-01-19 17:05 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-01-19 17:04 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll 2012-01-18 18:24 . 2012-01-18 18:25 -------- d-----w- c:\windows\system32\ca-ES 2012-01-18 18:24 . 2012-01-18 18:25 -------- d-----w- c:\windows\system32\eu-ES 2012-01-18 18:24 . 2012-01-18 18:25 -------- d-----w- c:\windows\system32\vi-VN 2012-01-18 09:04 . 2012-01-18 09:04 -------- d-----w- c:\windows\system32\EventProviders 2012-01-17 15:02 . 2012-01-17 15:02 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-17 15:02 . 2012-01-17 15:02 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-17 15:02 . 2012-01-17 15:02 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-01-17 15:02 . 2012-01-17 15:02 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-01 12:05 . 2011-10-04 15:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-07 09:08 . 2011-10-17 19:17 236576 ------w- c:\windows\system32\MpSigStub.exe 2011-11-22 19:10 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-11-22 19:10 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-09-16 14:12 . 2011-11-22 22:07 3623592 ----a-w- c:\program files\Common Files\ApnToolbarInstaller.exe 2011-09-16 14:12 . 2011-11-22 22:07 143240 ----a-w- c:\program files\Common Files\ApnStub.exe 2010-01-26 10:11 . 2011-11-22 22:07 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe 2012-01-17 15:02 . 2011-10-04 15:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}] 2009-11-08 08:55 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880] "TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392] "ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768] "PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-10-12 34352] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-11 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-11 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-11 145944] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2008-8-26 752168] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=d2dcfaf900000000000000216ba3ad42 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 0.0.0.0 FF - ProfilePath - c:\users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\gbfqknkg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - d2dcfaf900000000000000216ba3ad42 FF - user.js: extensions.BabylonToolbar_i.hardId - d2dcfaf900000000000000216ba3ad42 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15369 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:48 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-01 15:02 Windows 6.0.6002 Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(3404) c:\windows\system32\btmmhook.dll . Czas ukończenia: 2012-02-01 15:04:28 ComboFix-quarantined-files.txt 2012-02-01 14:04 ComboFix2.txt 2012-02-01 12:31 . Przed: 104 283 963 392 bajtów wolnych Po: 105 090 256 896 bajtów wolnych . - - End Of File - - CC97EE55FA885677B21894899E943C1F