ComboFix 12-03-20.01 - Janusz 2012-03-20 21:57:22.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2302.1881 [GMT 1:00] Uruchomiony z: C:\Documents and Settings\Janusz\Pulpit\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\All Users\Dane aplikacji\TEMP C:\WINDOWS\$NtUninstallKB5654$ C:\WINDOWS\$NtUninstallKB5654$\2094198767 C:\WINDOWS\$NtUninstallKB5654$\3015681449\@ C:\WINDOWS\$NtUninstallKB5654$\3015681449\cfg.ini C:\WINDOWS\$NtUninstallKB5654$\3015681449\Desktop.ini C:\WINDOWS\$NtUninstallKB5654$\3015681449\L\ynatsnyt C:\WINDOWS\$NtUninstallKB5654$\3015681449\twl.dll C:\WINDOWS\$NtUninstallKB5654$\3015681449\U\00000001.@ C:\WINDOWS\$NtUninstallKB5654$\3015681449\U\00000002.@ C:\WINDOWS\$NtUninstallKB5654$\3015681449\U\00000004.@ C:\WINDOWS\$NtUninstallKB5654$\3015681449\U\80000000.@ C:\WINDOWS\$NtUninstallKB5654$\3015681449\U\80000004.@ C:\WINDOWS\$NtUninstallKB5654$\3015681449\U\80000032.@ C:\WINDOWS\$NtUninstallKB5654$\3015681449\version C:\WINDOWS\system32\dds_trash_log.cmd C:\WINDOWS\system32\dllcache\dlimport.exe C:\WINDOWS\system32\dllcache\wmpvis.dll F:\install.exe Zainfekowana kopia C:\WINDOWS\system32\drivers\afd.sys została znaleziona. Problem naprawiono Plik odzyskano z - The cat found it :) ((((((((((((((((((((((((( Pliki utworzone od 2012-02-20 do 2012-03-20 ))))))))))))))))))))))))))))))) 2012-03-20 21:05:38 . 2012-03-20 21:05:38 29904 ----a-w- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{6E22B14F-17A0-4730-8B59-10C4EACCCD29}\MpKsl852775de.sys 2012-03-20 21:04:51 . 2012-03-20 21:04:51 56200 ----a-w- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{6E22B14F-17A0-4730-8B59-10C4EACCCD29}\offreg.dll 2012-03-20 20:53:41 . 2011-08-17 13:49:54 138496 -c--a-w- C:\WINDOWS\system32\dllcache\afd.sys 2012-03-20 20:53:41 . 2011-08-17 13:49:54 138496 ----a-w- C:\WINDOWS\system32\drivers\afd.sys 2012-03-20 18:20:17 . 2012-03-20 18:20:17 -------- d-----w- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools 2012-03-20 05:52:40 . 2012-02-08 06:03:00 6552120 ----a-w- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{6E22B14F-17A0-4730-8B59-10C4EACCCD29}\mpengine.dll 2012-03-20 05:33:38 . 2012-03-20 05:33:40 -------- d-----w- C:\Documents and Settings\UpdatusUser 2012-03-20 05:30:31 . 2012-01-17 12:45:54 876864 ----a-w- C:\WINDOWS\system32\nvhdagenco3220103.dll 2012-03-19 19:27:32 . 2012-03-19 19:28:09 -------- d-----w- C:\Documents and Settings\Administrator 2012-03-19 19:25:06 . 2012-03-20 05:31:36 -------- d-----w- C:\NVIDIA 2012-03-19 18:24:57 . 2012-02-29 20:30:31 54272 ----a-w- C:\WINDOWS\system32\nvwddi.dll 2012-03-19 18:23:58 . 2012-03-20 05:33:36 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-03-19 18:22:53 . 2010-06-02 03:55:30 74072 ----a-w- C:\WINDOWS\system32\XAPOFX1_5.dll 2012-03-19 18:22:53 . 2010-06-02 03:55:30 527192 ----a-w- C:\WINDOWS\system32\XAudio2_7.dll 2012-03-19 18:22:53 . 2010-06-02 03:55:30 239960 ----a-w- C:\WINDOWS\system32\xactengine3_7.dll 2012-03-19 18:22:53 . 2010-05-26 10:41:02 2106216 ----a-w- C:\WINDOWS\system32\D3DCompiler_43.dll 2012-03-19 18:22:52 . 2010-05-26 10:41:02 248672 ----a-w- C:\WINDOWS\system32\d3dx11_43.dll 2012-03-19 18:22:52 . 2010-05-26 10:41:02 1868128 ----a-w- C:\WINDOWS\system32\d3dcsx_43.dll 2012-03-19 18:22:51 . 2010-05-26 10:41:02 470880 ----a-w- C:\WINDOWS\system32\d3dx10_43.dll 2012-03-19 18:22:51 . 2010-05-26 10:41:02 1998168 ----a-w- C:\WINDOWS\system32\D3DX9_43.dll 2012-03-17 22:54:37 . 2012-03-19 15:40:05 -------- d-----w- C:\Documents and Settings\Janusz\.gstreamer-0.10 2012-03-13 19:38:04 . 2009-09-04 16:44:40 515416 ----a-w- C:\WINDOWS\system32\XAudio2_5.dll 2012-03-13 19:38:03 . 2009-09-04 16:44:40 238936 ----a-w- C:\WINDOWS\system32\xactengine3_5.dll 2012-03-13 19:38:03 . 2009-09-04 16:29:32 1974616 ----a-w- C:\WINDOWS\system32\D3DCompiler_42.dll 2012-03-13 19:38:02 . 2009-09-04 16:29:34 235344 ----a-w- C:\WINDOWS\system32\d3dx11_42.dll 2012-03-13 19:38:02 . 2009-09-04 16:29:32 5501792 ----a-w- C:\WINDOWS\system32\d3dcsx_42.dll 2012-03-13 19:38:01 . 2009-09-04 16:29:34 453456 ----a-w- C:\WINDOWS\system32\d3dx10_42.dll 2012-03-13 19:38:01 . 2009-09-04 16:29:30 1892184 ----a-w- C:\WINDOWS\system32\D3DX9_42.dll 2012-03-13 19:38:00 . 2009-03-09 14:27:22 453456 ----a-w- C:\WINDOWS\system32\d3dx10_41.dll 2012-03-13 19:38:00 . 2009-03-09 14:27:22 1846632 ----a-w- C:\WINDOWS\system32\D3DCompiler_41.dll 2012-03-13 18:58:30 . 2012-03-13 18:58:30 -------- d-----w- C:\Program Files\Common Files\Steam 2012-03-13 18:58:26 . 2012-03-20 21:05:28 -------- d-----w- C:\Program Files\Steam 2012-03-11 20:22:57 . 2012-03-11 20:22:58 -------- d-----w- C:\Program Files\Przeglądarka migawek 2012-03-04 08:10:50 . 2012-03-04 08:10:50 -------- d-----w- C:\Program Files\Common Files\Skype 2012-02-29 11:55:50 . 2012-02-29 11:55:56 -------- d-----w- C:\Program Files\LogMeIn Hamachi . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-02-29 23:58:00 . 2011-12-25 19:30:32 13417632 ----a-w- C:\WINDOWS\system32\drivers\nv4_mini.sys 2012-02-29 23:58:00 . 2011-12-25 19:30:30 4309760 ----a-w- C:\WINDOWS\system32\nv4_disp.dll 2012-02-08 06:03:00 . 2011-12-25 23:11:18 6552120 ----a-w- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-03 09:57:34 . 2003-04-16 12:00:00 1860352 ----a-w- C:\WINDOWS\system32\win32k.sys 2012-01-31 12:44:05 . 2011-12-25 21:34:53 237072 ------w- C:\WINDOWS\system32\MpSigStub.exe 2012-01-11 19:07:12 . 2012-02-15 15:51:50 3072 ------w- C:\WINDOWS\system32\iacenc.dll 2012-01-09 16:20:19 . 2011-12-25 17:00:06 139784 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys 2012-01-02 14:48:53 . 2011-12-25 19:16:39 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2011-12-26 00:21:16 . 2011-12-26 00:21:28 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl 2011-12-26 00:21:16 . 2011-12-26 00:21:28 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll 2011-12-25 19:53:21 . 2007-03-19 15:18:12 104064 ----a-w- C:\WINDOWS\system32\drivers\viamraid.sys 2011-12-25 19:53:18 . 2011-12-25 19:53:37 331184 ------w- C:\WINDOWS\system32\difxapi.dll 2011-12-21 08:05:33 . 2011-12-25 20:34:43 121816 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 17:21:08 130864] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2011-08-24 17:21:08 1299248 ----a-r- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 17:21:08 1299248] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 17:21:08 1299248] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files\Steam\Steam.exe" [2012-03-13 18:59:35 1242448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2009-03-12 11:53:46 483422] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 14:16:48 997920] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696] "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 13:35:42 114992] "LogMeIn Hamachi Ui"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 16:38:56 1987976] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2012-02-29 20:30:24 15494464] "NvMediaCenter"="NvMCTray.dll" [2012-02-29 20:30:23 108352] "nwiz"="C:\Program Files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 23:58:00 1634112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 17:21:10 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 21:41:34 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "E:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "K:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "D:\\Casino\\ParadiseCasino\\casino.exe"= "D:\\Nowe Gadu-Gadu\\gg.exe"= "D:\\UrbanTerror\\ioUrbanTerror.exe"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"= "C:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 MpKsl852775de;MpKsl852775de;C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{6E22B14F-17A0-4730-8B59-10C4EACCCD29}\MpKsl852775de.sys [2012-03-20 22:05:38 29904] R2 BBSvc;Bing Bar Update Service;C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 15:23:42 196176] R2 BBUpdate;BBUpdate;C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 17:21:52 249648] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 17:38:52 1373576] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-20 06:33:36 2348352] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\WINDOWS\system32\drivers\nvhda32.sys [2012-03-19 19:24:40 123712] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 13:16:28 130384] S2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [2012-02-15 13:30:18 158856] S3 WinRM;Windows Remote Management (WS-Management);C:\WINDOWS\system32\svchost.exe -k WINRM [2003-04-16 13:00:00 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 13:16:28 753504] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - MPKSL852775DE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs lkclassads ROCKEYNT tomcatcws3 vetfddnt btwrchid Cinemsup elosystemservice Memctl procexp100 jconfigd mysql Usb20Scan bmuservice GT680x btnetfilter tiwlnsvc elbycdfl rksample caisafe windrvNT ccproxy CXTUNE nmwcdc soma MS1000 Zawartość folderu 'Zaplanowane zadania' 2012-03-18 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1715567821-725345543-1004Core.job - C:\Documents and Settings\Janusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-12-25 20:33:42 . 2011-12-25 20:33:41] 2012-03-20 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1715567821-725345543-1004UA.job - C:\Documents and Settings\Janusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-12-25 20:33:42 . 2011-12-25 20:33:41] 2012-03-19 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1715567821-725345543-1005Core.job - C:\Documents and Settings\Justyna\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-12-26 09:49:55 . 2011-12-26 09:49:52] 2012-03-20 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1715567821-725345543-1005UA.job - C:\Documents and Settings\Justyna\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-12-26 09:49:55 . 2011-12-26 09:49:52] 2012-03-20 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39:26 . 2011-04-27 14:39:26] 2012-03-20 C:\WINDOWS\Tasks\Norton Security Scan for Janusz.job - C:\PROGRA~1\NORTON~2\Engine\370~1.18\Nss.exe [2012-01-29 00:56:26 . 2012-01-20 10:01:25] ------- Skan uzupełniający ------- uStart Page = hxxp://www.google.pl/ mStart Page = hxxp://home.sweetim.com IE: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html TCP: DhcpNameServer = 192.168.2.254 8.8.8.8 FF - ProfilePath - C:\Documents and Settings\Janusz\Dane aplikacji\Mozilla\Firefox\Profiles\ov2ze3b6.default\ FF - prefs.js: browser.startup.homepage - www.google.pl