ComboFix 12-02-19.02 - Michu 2012-02-20 22:34:07.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1474 [GMT 1:00] Uruchomiony z: c:\documents and settings\Michu\Pulpit\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\directory\CyberGate c:\directory\CyberGate\install\server.exe c:\documents and settings\All Users\iiuvhdlc.exe c:\documents and settings\All Users\tvdnawnsvchost.exe c:\documents and settings\All Users\zkuosloe.exe c:\documents and settings\Michu\Dane aplikacji\32.tmp c:\documents and settings\Michu\Dane aplikacji\33.tmp c:\documents and settings\Michu\Dane aplikacji\510076215.exe c:\documents and settings\Michu\Dane aplikacji\Adobe\adobe.exe c:\documents and settings\Michu\Dane aplikacji\beisqf.exe c:\documents and settings\Michu\Dane aplikacji\bs.exe c:\documents and settings\Michu\Dane aplikacji\hgzbad.exe c:\documents and settings\Michu\Dane aplikacji\jpqlgb.exe c:\documents and settings\Michu\Dane aplikacji\key c:\documents and settings\Michu\Dane aplikacji\logs.dat c:\documents and settings\Michu\Dane aplikacji\nvpzyb.exe c:\documents and settings\Michu\Dane aplikacji\WinSyst c:\documents and settings\Michu\Dane aplikacji\WinSyst\Winosx.exe c:\documents and settings\Michu\Dane aplikacji\WinSystem\Winosx.exe c:\documents and settings\Michu\mue5n0u.exe c:\documents and settings\Michu\Szablony\explorer.exe c:\windows\msmqinst.log . . ((((((((((((((((((((((((( Pliki utworzone od 2012-01-20 do 2012-02-20 ))))))))))))))))))))))))))))))) . . 2012-02-15 06:00 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-15 06:00 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll 2012-02-14 23:34 . 2012-02-14 23:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-02-14 23:32 . 2012-02-14 23:32 -------- d-sh--w- c:\documents and settings\Michu\IETldCache 2012-02-14 21:22 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-02-14 21:21 . 2011-12-18 13:41 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll 2012-02-14 21:21 . 2011-12-17 19:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-02-14 21:21 . 2011-12-17 19:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-02-14 21:21 . 2011-12-17 19:41 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-02-14 21:21 . 2011-12-17 19:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-02-14 21:21 . 2011-12-17 19:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-02-14 21:21 . 2011-12-17 19:41 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-02-14 21:20 . 2012-02-14 21:21 -------- dc-h--w- c:\windows\ie8 2012-02-05 02:59 . 2012-02-05 02:59 -------- d-----w- c:\program files\SystemRequirementsLab 2012-02-05 02:59 . 2012-02-05 02:59 -------- d-----w- c:\documents and settings\Michu\SystemRequirementsLab 2012-01-26 22:07 . 2012-02-20 21:37 -------- d-----w- c:\documents and settings\Michu\Dane aplikacji\WinSystem 2012-01-26 17:44 . 2008-07-25 09:16 35320 ---h--w- c:\documents and settings\Michu\Dane aplikacji\NPZAOETDVN.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-12 17:20 . 2008-04-14 19:35 1860224 ----a-w- c:\windows\system32\win32k.sys 2011-12-17 19:41 . 2008-04-14 20:50 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-17 19:41 . 2008-04-14 20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-12-17 19:41 . 2008-04-14 20:50 43520 ------w- c:\windows\system32\licmgr10.dll 2011-12-16 12:23 . 2008-04-14 19:41 385024 ------w- c:\windows\system32\html.iec 2011-12-03 11:53 . 2011-08-04 20:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-25 21:57 . 2008-04-14 20:50 293888 ----a-w- c:\windows\system32\winsrv.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8462336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "Windows Defender"="c:\documents and settings\Michu\Dane aplikacji\NPZAOETDVN.exe" [2008-07-25 35320] . c:\documents and settings\Michu\Menu Start\Programy\Autostart\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\windows\system32\exHelper.exe"= c:\windows\system32\exHelper.exe "c:\\Documents and Settings\\Michu\\Dane aplikacji\\NPZAOETDVN.exe"= "d:\\Obrazy gier\\FIFA 12\\Fifa.12.CLONEDVD-P2P\\FIFA.12\\Game\\fifa.exe"= . R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-24 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-24 17744] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-11-02 21992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 hidusb2;hidusb2;\??\c:\docume~1\Michu\USTAWI~1\Temp\hidusb2.sys --> c:\docume~1\Michu\USTAWI~1\Temp\hidusb2.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CEFDD5B2-F808-B0F0-A86D-137DC3FF1EB2}] 2008-07-25 09:16 35320 ---h--w- c:\documents and settings\Michu\Dane aplikacji\NPZAOETDVN.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-1801674531-1003Core.job - c:\documents and settings\Michu\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-12-07 19:38] . 2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-1801674531-1003UA.job - c:\documents and settings\Michu\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-12-07 19:38] . 2012-02-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1614895754-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2012-02-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1614895754-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . . ------- Skan uzupełniający ------- . uStart Page = about:blank IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Michu\Dane aplikacji\Mozilla\Firefox\Profiles\oddmpje4.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - www.interia.pl FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=182bb79c000000000000001de0cbc697&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - user.js: extensions.BabylonToolbar_i.id - 182bb79c000000000000001de0cbc697 FF - user.js: extensions.BabylonToolbar_i.hardId - 182bb79c000000000000001de0cbc697 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15352 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:25 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-Gdryre - c:\documents and settings\Michu\Dane aplikacji\Gdryre.exe HKCU-Run-Windefender - c:\documents and settings\Michu\Dane aplikacji\IPserver.exe HKLM-Explorer_Run-svchost - c:\documents and settings\Michu\Dane aplikacji\svchost.exe HKLM-Explorer_Run-Windows Live - c:\documents and settings\Michu\Dane aplikacji\CQCN15BHG6.exe HKLM-Explorer_Run-47004 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msdubmn.com HKLM_ActiveSetup-{0C9EBBF5-D2B2-3A4C-4CEB-FA5B5BF1BEFF} - c:\documents and settings\Michu\Dane aplikacji\adobe\adobe.exe HKLM_ActiveSetup-{E4EAF82D-DCFD-2B9E-EDB6-E1ED0DBFDEAC} - c:\documents and settings\Michu\Dane aplikacji\CQCN15BHG6.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-20 22:37 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-02-20 22:39:04 ComboFix-quarantined-files.txt 2012-02-20 21:38 . Przed: 4 239 114 240 bajtów wolnych Po: 4 534 267 904 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - DFAD553DBC0EB781F0AFAB22C85455EF