ComboFix 12-03-06.01 - Tomasz 2012-03-07 1:19.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3071.2664 [GMT 1:00] Uruchomiony z: c:\documents and settings\Tomasz\Pulpit\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\TEMP c:\documents and settings\Ela\Dane aplikacji\PriceGong c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\1.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\a.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\b.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\c.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\d.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\e.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\f.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\g.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\h.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\i.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\J.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\k.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\l.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\m.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\mru.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\n.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\o.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\p.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\q.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\r.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\s.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\t.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\u.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\v.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\w.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\x.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\y.xml c:\documents and settings\Ela\Dane aplikacji\PriceGong\Data\z.xml c:\documents and settings\tk2m rob\Dane aplikacji\PriceGong c:\documents and settings\tk2m rob\Dane aplikacji\PriceGong\Data\mru.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\1.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\a.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\b.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\c.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\d.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\e.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\f.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\g.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\h.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\i.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\J.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\k.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\l.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\m.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\mru.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\n.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\o.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\p.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\q.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\r.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\s.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\t.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\u.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\v.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\w.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\x.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\y.xml c:\documents and settings\Tomasz\Dane aplikacji\PriceGong\Data\z.xml c:\documents and settings\Tomasz\WINDOWS c:\windows\$NtUninstallKB30856$ c:\windows\$NtUninstallKB30856$\3606789828 c:\windows\$NtUninstallKB30856$\3666370047\@ c:\windows\$NtUninstallKB30856$\3666370047\L\wkyivedh c:\windows\$NtUninstallKB30856$\3666370047\loader.tlb c:\windows\$NtUninstallKB30856$\3666370047\U\@00000001 c:\windows\$NtUninstallKB30856$\3666370047\U\@000000c0 c:\windows\$NtUninstallKB30856$\3666370047\U\@000000cb c:\windows\$NtUninstallKB30856$\3666370047\U\@000000cf c:\windows\$NtUninstallKB30856$\3666370047\U\@80000000 c:\windows\$NtUninstallKB30856$\3666370047\U\@800000c0 c:\windows\$NtUninstallKB30856$\3666370047\U\@800000cb c:\windows\$NtUninstallKB30856$\3666370047\U\@800000cf c:\windows\IsUn0415.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\ccrpTmr6.dll c:\windows\system32\dds_log_trash.cmd c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\SET2C61.tmp c:\windows\system32\SETA01.tmp c:\windows\system32\SETA05.tmp c:\windows\system32\SETA0D.tmp . Zainfekowana kopia c:\windows\system32\drivers\serial.sys została znaleziona. Problem naprawiono Plik odzyskano z - The cat found it :) . ((((((((((((((((((((((((( Pliki utworzone od 2012-02-07 do 2012-03-07 ))))))))))))))))))))))))))))))) . . 2012-03-07 00:16 . 2008-04-14 16:11 65280 ----a-w- c:\windows\system32\drivers\serial.sys 2012-03-06 23:20 . 2012-03-06 23:20 -------- d-----w- c:\program files\LSoft Technologies 2012-03-06 23:09 . 2012-03-06 23:10 -------- d-----w- c:\program files\Open RegEdit 2012-03-06 23:09 . 2012-03-06 23:09 -------- d-----w- c:\windows\Open RegEdit 2012-03-01 01:10 . 2012-03-01 01:10 -------- d-----w- c:\program files\HitmanPro 2012-03-01 01:07 . 2012-03-01 18:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HitmanPro 2012-02-29 23:19 . 2012-02-29 23:19 98992 ----a-w- c:\windows\system32\drivers\50673378.sys 2012-02-29 23:19 . 2012-02-29 23:19 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-29 22:24 . 2012-02-29 22:24 -------- d-----w- c:\program files\SweetIM 2012-02-29 22:24 . 2012-02-29 22:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SweetIM 2012-02-29 20:12 . 2010-10-24 05:06 598528 ----a-w- c:\windows\system32\ztv7z.dll 2012-02-29 20:12 . 2010-10-24 05:06 178176 ----a-w- c:\windows\system32\ztvunrar39.dll 2012-02-29 07:28 . 2012-02-29 07:28 -------- d-----r- c:\documents and settings\LocalService\Ulubione 2012-02-29 02:16 . 2012-02-29 20:19 -------- d-sh--w- c:\documents and settings\Tomasz\Ustawienia lokalne\Dane aplikacji\da885dff . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 14:24 . 2011-07-02 22:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\prxtbSof1.dll" [2011-05-09 176936] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD1.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD1.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] 2011-05-09 09:49 176936 ----a-w- c:\program files\Softonic-Polska\prxtbSof1.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\prxtbSof1.dll" [2011-05-09 176936] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD1.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF}"= "c:\program files\Softonic-Polska\prxtbSof1.dll" [2011-05-09 176936] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD1.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "HW_OPENEYE_OUC_blueconnect"="c:\program files\blueconnect\UpdateDog\ouc.exe" [2009-06-23 110592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-02 8527872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-02 81920] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-03-23 888832] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-17 185896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-22 148888] "TrojanScanner"="d:\program files\Trojan Remover\Trjscan.exe" [2011-05-18 1233856] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213] Przyspieszenie uruchomienia programu AutoCAD.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2007-04-30 06:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\APSHook.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbHpNp scecli . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "WatchDog"=c:\program files\InterVideo\DVD Check\DVDCheck.exe "nwiz"=nwiz.exe /installquiet /nodetect "AccelerometerSysTrayApplet"=c:\windows\system32\AccelerometerSt.exe "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "atchk"="c:\program files\Intel\AMT\atchk.exe" "CognizanceTS"=rundll32.exe c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule "Cpqset"=c:\program files\Hewlett-Packard\Default Settings\cpqset.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bentley\\Program\\MicroStation\\ustation.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 51097832;51097832 Boot Guard Driver;c:\windows\system32\drivers\51097832.sys [2011-07-02 37392] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-04-26 100095] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-09 44720] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-03-29 13696] R1 51097831;51097831;c:\windows\system32\drivers\51097831.sys [2011-07-02 128016] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-01-23 39080] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-04-26 5808] R1 setup_9.0.0.722_02.07.2011_09-12drv;setup_9.0.0.722_02.07.2011_09-12drv;c:\windows\system32\drivers\5109783.sys [2011-07-02 315408] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-03-02 14336] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-27 221184] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-02 652360] R2 PCSUService;PC Speed Up Service;c:\program files\Przyspiesz Komputer\PCSUService.exe [2012-01-19 235232] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-09-09 540448] R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-03-07 150928] R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [2008-09-09 1489688] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-09-09 36608] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-02 20464] R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2008-09-09 47616] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2006-03-02 14336] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-03-02 14336] S2 gupdate;Usługa Google Update (gupdate); [x] S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-04-23 30008] S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2011-03-07 468368] S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [2011-10-19 7552] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-04-30 172131] S3 gupdatem;Usługa Google Update (gupdatem); [x] S3 HTCAND32;HTC Device Driver; [x] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-10-19 100480] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-08-22 11520] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel Akamai REG_MULTI_SZ Akamai . NETSVCS WYMAGA NAPRAWY - pokazano aktualnie istniejące wpisy 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto cmuda3 quickhealfirewall FsVga se44mdfl spbbcsvc picturetaker dcstor32 bthusb cpqalert lvckap NVNET vcsw pdlnebas nsausvc iviaspi vvdsvc AR5416 cacheserver sit_prt Si3114r5 cwafreportscheduler oracle_load_balancer_60_client-forms6ip9 sbservice acnusvc nuvaud2 PID_PEPI npkcmsvc SE2Dmgmt brmfrmps mpe smrt shuttleengine dsbrokerservice uleadburninghelper pdlndoem nHancer Atmuni toddsrv pavprsrv mfetdik hidgame SE2Cmdm clsched w810mdfl ATIBTXBAR cwbrxd XilinxPC4Driver veteboot WaveFDE websenseuserservice int15.sys dirms_defragmentation WinDriver6 konfig senfilt cpqfcalm USB11LDR mrvw245 PCDRSRVC USBCamera nvmd tabletservice sfsync04 networkx lvpopflt BUFADPT ADIDTSFiltService epson_pm_rpcv2_02 se26unic iaimtv2 zpnodecollector tmtdi MA8032C usbvm321 HWSCtrl avgfwsrv adminserver CXAVXBAR arc tvichw32 c-dillacdac11ba upperdev bthidmgr pcradminserver DSDrv4 wintab32 OEM02Afx elockservice hap16v2k Bcim ZD1211BU(ZyDAS) Subsonic dlacdbhm wanusb nnsvc isdrv122 slapd-config52 CTEDSPIO.DLL clmtomcatstartersvc CnxTrLan kl1 TdmService LKbdFlt2 RDID1007 ddxgb hap17v2k bthport mi-raysat_3dsMax2008_32 GBDevice AppnApi pdlnsv25 eSettingsService winachsx pwisvc pfmodnt PNDIS5 Pctspk Sunkfiltp alcxwdm tdsmapi wanminiportservice trayman pdlnacom symsecureport nfsds bthmodem mscsptisrv relational agentsrv bridge ovmsmaccessmanager nvnforce sqlagent$pinnaclesys KLOGNT tomcatcws3 cdudf_xp portio carboncopy32 MRV6X32P zebrceb MSMQ A88xEnc SndTDriverV32 avsvcmonitor incdrec ipassconnectengine Si3132r5 DgiVecp pepifilter aksusb cxpt_service WUSB54Gv4SVC openldap-slapd pavreport SWNC8U51 ZDPNDIS5 TeamViewer zpjava swupdtmr roxliveshare9 s217unic USBDeviceService backupexecdevicemediaservice forcewarewebinterface asapiw2k pdlncbas sgeclient avgarcln pdlnshay PGPdisk SQLAgent$MICROSOFTSMLBIZ streamip ialm catchme l8042pr2 nsm1bus wlancig tappsrv tapvpn aolservice GoToAssist tmlisten deventagent L8042Kbd ahcix86s odclientservice aexnsclient mcmscsvc FVXSCSI RT25USBAP RecAgent wencrservice midisyn mldserv wg4n lxdj_device pnmsrv webrootadminconsole retinaengine z800obex BCM43XV retroexplauncher Intels51 AsIO MREMPR5 emAudio siskp aswlsvc HssTrayService enxpsvr iksyssec avp freebsd minilog crystalaps wwsecsvc ramaint mskservice RIOXDRV ctprxy2k WUSB54GPV4SRV truecrypt cmigameport npfmntor aexnsclienttransport application anbmservice DSXUSB Dell1100_FUService zpcollector bwsvc {95808DC4-FA4A-4c74-92FE-5B863F82066B} s716nd5 SE2Bmdfl whoisd32 cpqvcagent WscNetDr vmnetadapter KMW_KBD LPCFilter OsaFsLoc UBHelper dladresm db2das00 NSSvcMgr cq_mem COMMONFX.DLL symappcore cpqfws2e se2End5 ibmpmsvc Usb20Scan d-link_st3402 useraccess sigfilt ASUSVRC JRAID VMAUDIO As6frin XTrapD12 nwlnkspx UMAXPCLS pdagent smservaz usbio ni_nic ntuneservice kpf4 mcusrmgr taphss s24eventmonitor dlapoolm WINFLASH eventclientmultiplexer btwdndis adiloader F700ius Defrag32 zebrbus IOSLINK Sus2pl advservice VRADFIL s7otranx generichidservice vaiomediaplatform-videoserver-appserver pop3d32 NVR0FLASHDev mxssvr gbpoll beatjammusicstreamingserver sonicatheaterinstallerservice sr_service p1131vid cvslock mysql admservice oracle_load_balancer_60_server-forms6ip9 IntelC51 svcwrsssdk susbser uagp35 psasrv sfvfs02 sbpci rt61 cusrvc MASPINT rp_fws websenseclientdeployservice GT891x Nmea ngdbserv evteng nuvvid2 mstee se45bus mcdetect.exe hmonitor pdlndldl vulfnths vga mediamaxxlservice tosrfhid tifmsony InterBaseServer AR5523 rapapp nvcap UsbserFilt cxusb scan ATIVTUTW ezplay issm bdpredir A4S2600 se2Cnd5 clnt_clientman AmdLLD tifm dashsvc sympxsvc kavsvc lxcf_device fuj02b1 epsonbidirectionalservice qcmerced ssisvr32 IFPUSB gotomypc buslogic EUSBMSD ctxcpusched pcampr5 SE2Dbus surveyor diskperf {a7447300-8075-4b0d-83f1-3d75c8ebc623} Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9170CDEC-E82E-4520-9044-A61F12D612F9}] 2010-05-04 12:51 76288 ----a-w- c:\program files\Bentley\MX V8i\MX\MFW\Exec\MXUserReg.EXE . . ------- Skan uzupełniający ------- . uStart Page = hxxp://plasmoo.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\documents and settings\Tomasz\Dane aplikacji\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\Tomasz\Dane aplikacji\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 62.179.1.62 62.179.1.63 DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2000i Plk\InstFred.ocx FF - ProfilePath - c:\documents and settings\Tomasz\Dane aplikacji\Mozilla\Firefox\Profiles\ol80weo3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Plasmoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://plasmoo.com/index.htm?SearchMashine=true&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Softonic-Polska Community Toolbar: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - %profile%\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Plasmoo Search Engine: engine@plasmoo.com - %profile%\extensions\engine@plasmoo.com FF - Ext: Nokia Maps 3D browser plugin: maps@ovi.com - %profile%\extensions\maps@ovi.com FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} . . ------- Skojarzenia plików ------- . .scr=AutoCADScriptFile . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-WatchDog - c:\program files\InterVideo\DVD Check\DVDCheck.exe Notify-OneCard - c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll AddRemove-Autodesk DWF Viewer - c:\progra~1\Autodesk\AUTODE~1\Setup.exe AddRemove-Bentley MX - c:\program files\Bentley\MX\mfw\inst\uninst\setup.exe AddRemove-SubEdit-Player_is1 - c:\program files\SubEdit-Player\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-07 01:28 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet142\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(1116) c:\windows\system32\DeviceNP.dll . - - - - - - - > 'lsass.exe'(1172) c:\windows\SbHpNp.dll . - - - - - - - > 'explorer.exe'(2964) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\windows\system32\msi.dll c:\program files\Common Files\Microsoft Shared\Web Components\11\1045\OWCI11.DLL c:\windows\system32\btmmhook.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\corel\Graphics8\programs\CMFFld80.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\System32\SCardSvr.exe c:\program files\Intel\AMT\atchksrv.exe c:\windows\system32\ifxtcs.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Intel\AMT\LMS.exe c:\documents and settings\Tomasz\Dane aplikacji\blueconnect\ouc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\IfxPsdSv.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\windows\system32\wscntfy.exe c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe . ************************************************************************** . Czas ukończenia: 2012-03-07 01:33:28 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-03-07 00:33 . Przed: 72 418 111 488 bajtów wolnych Po: 72 814 194 688 bajtów wolnych . - - End Of File - - 994CE33BB33BBB775BA742E8C17F7439