ComboFix 12-02-19.02 - Michu 2012-02-21 18:09:44.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1565 [GMT 1:00] Uruchomiony z: c:\documents and settings\Michu\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Michu\Pulpit\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\documents and settings\Michu\Dane aplikacji\NPZAOETDVN.exe" . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Michu\Dane aplikacji\NPZAOETDVN.exe c:\documents and settings\Michu\Dane aplikacji\WinSystem . . ((((((((((((((((((((((((( Pliki utworzone od 2012-01-21 do 2012-02-21 ))))))))))))))))))))))))))))))) . . 2012-02-20 21:40 . 2012-02-20 21:40 -------- d-sh--w- c:\documents and settings\Michu\PrivacIE 2012-02-15 06:00 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-15 06:00 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll 2012-02-14 23:34 . 2012-02-14 23:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-02-14 23:32 . 2012-02-14 23:32 -------- d-sh--w- c:\documents and settings\Michu\IETldCache 2012-02-14 21:22 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-02-14 21:21 . 2011-12-18 13:41 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll 2012-02-14 21:21 . 2011-12-17 19:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-02-14 21:21 . 2011-12-17 19:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-02-14 21:21 . 2011-12-17 19:41 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-02-14 21:21 . 2011-12-17 19:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-02-14 21:21 . 2011-12-17 19:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-02-14 21:21 . 2011-12-17 19:41 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-02-14 21:20 . 2012-02-14 21:21 -------- dc-h--w- c:\windows\ie8 2012-02-05 02:59 . 2012-02-05 02:59 -------- d-----w- c:\program files\SystemRequirementsLab 2012-02-05 02:59 . 2012-02-05 02:59 -------- d-----w- c:\documents and settings\Michu\SystemRequirementsLab . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-12 17:20 . 2008-04-14 19:35 1860224 ----a-w- c:\windows\system32\win32k.sys 2011-12-17 19:41 . 2008-04-14 20:50 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-17 19:41 . 2008-04-14 20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-12-17 19:41 . 2008-04-14 20:50 43520 ------w- c:\windows\system32\licmgr10.dll 2011-12-16 12:23 . 2008-04-14 19:41 385024 ------w- c:\windows\system32\html.iec 2011-12-03 11:53 . 2011-08-04 20:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-25 21:57 . 2008-04-14 20:50 293888 ----a-w- c:\windows\system32\winsrv.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-02-20_21.37.27 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-21 16:55 . 2012-02-21 16:55 16384 c:\windows\Temp\Perflib_Perfdata_71c.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8462336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "svchost"="c:\documents and settings\Michu\Dane aplikacji\svchost.exe" [BU] "Windows Live"="c:\documents and settings\Michu\Dane aplikacji\CQCN15BHG6.exe" [BU] "47004"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\msdubmn.com" [BU] . c:\documents and settings\Michu\Menu Start\Programy\Autostart\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\windows\system32\exHelper.exe"= c:\windows\system32\exHelper.exe "d:\\Obrazy gier\\FIFA 12\\Fifa.12.CLONEDVD-P2P\\FIFA.12\\Game\\fifa.exe"= . R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-24 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-24 17744] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-11-02 21992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 hidusb2;hidusb2;\??\c:\docume~1\Michu\USTAWI~1\Temp\hidusb2.sys --> c:\docume~1\Michu\USTAWI~1\Temp\hidusb2.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] . Zawartość folderu 'Zaplanowane zadania' . 2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-1801674531-1003Core.job - c:\documents and settings\Michu\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-12-07 19:38] . 2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-1801674531-1003UA.job - c:\documents and settings\Michu\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-12-07 19:38] . 2012-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-1614895754-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2012-02-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1614895754-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . . ------- Skan uzupełniający ------- . uStart Page = about:blank IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Michu\Dane aplikacji\Mozilla\Firefox\Profiles\oddmpje4.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - www.interia.pl FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Explorer_Run-Windows Defender - c:\documents and settings\Michu\Dane aplikacji\NPZAOETDVN.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-21 18:14 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-02-21 18:15:32 ComboFix-quarantined-files.txt 2012-02-21 17:15 ComboFix2.txt 2012-02-20 21:39 . Przed: 4 376 363 008 bajtów wolnych Po: 4 365 074 432 bajtów wolnych . - - End Of File - - 4855A0692E591F173D8BD3E66EB6100B