ComboFix 12-03-30.06 - Radzio 2012-03-30 16:14:21.1.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.48.1045.18.3036.2530 [GMT 2:00] Uruchomiony z: c:\users\Radzio\Desktop\Pulpit\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\StartSearch plugin c:\program files\StartSearch plugin\IEhelperActiveX.dll c:\program files\StartSearch plugin\ssBarLcher.dll c:\program files\StartSearch plugin\StartBar.dll c:\program files\StartSearch plugin\uninst.exe c:\program files\StartSearch plugin\vshareplg.crx c:\users\Radzio\AppData\Local\d0d23472\U c:\users\Radzio\AppData\Local\d0d23472\U\00000001.@ c:\users\Radzio\AppData\Local\d0d23472\U\000000c0.@ c:\users\Radzio\AppData\Local\d0d23472\U\000000cb.@ c:\users\Radzio\AppData\Local\d0d23472\U\000000cf.@ c:\users\Radzio\AppData\Local\d0d23472\U\80000000.@ c:\users\Radzio\AppData\Local\d0d23472\U\800000c0.@ c:\users\Radzio\AppData\Local\d0d23472\U\800000cb.@ c:\users\Radzio\AppData\Local\d0d23472\U\800000cf.@ c:\users\Radzio\AppData\Local\d0d23472\X c:\users\Radzio\AppData\Local\unins000.exe c:\windows\assembly\GAC_MSIL\desktop.ini c:\windows\DPINST.LOG c:\windows\system32\dds_log_ad13.cmd c:\windows\system32\openvpnservice.dll . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_atmeltpm . . ((((((((((((((((((((((((( Pliki utworzone od 2012-02-28 do 2012-03-30 ))))))))))))))))))))))))))))))) . . 2012-03-30 09:02 . 2012-03-30 09:02 -------- d-----w- c:\programdata\boost_interprocess 2012-03-30 01:27 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDD4317E-16F5-4BF9-ADB4-7F4F2B2B2465}\mpengine.dll 2012-03-30 01:25 . 2012-03-30 01:25 -------- d-----w- c:\users\Radzio\AppData\Local\Ilivid Player 2012-03-30 01:24 . 2012-03-30 01:25 -------- d-----w- c:\program files\iLivid 2012-03-30 01:22 . 2012-03-30 01:23 -------- d-----w- c:\program files\Searchqu Toolbar 2012-03-28 09:53 . 2012-03-28 09:53 -------- d-----w- c:\program files\ALLPlayer 2012-03-27 16:24 . 2012-03-27 16:24 -------- d-----w- c:\programdata\WindowsSearch 2012-03-26 12:42 . 2012-03-30 14:18 -------- d-sh--w- c:\users\Radzio\AppData\Local\d0d23472 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-18 09:40 . 2012-03-18 09:40 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-18 09:40 . 2012-03-18 09:40 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-03-14 10:15 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 10:15 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-14 10:15 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-14 10:15 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-14 10:15 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-14 10:15 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 10:15 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-03-14 10:14 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-14 10:14 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 11:48 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-03-13 11:48 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2012-03-08 13:41 . 2012-03-08 13:41 -------- d-----w- c:\programdata\Sony 2012-03-08 13:41 . 2012-03-08 13:41 -------- d-----w- c:\program files\Sony . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-07 03:37 . 2011-11-22 08:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2011-11-23 00:53 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-13 17:45 . 2012-01-13 17:46 8192 ----a-w- c:\windows\system32\srvany.exe 2012-01-13 17:45 . 2012-01-13 17:46 151552 ----a-w- c:\windows\KMService.exe 2012-03-18 09:40 . 2011-11-22 08:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-22 39408] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "ALLUpdate"="f:\programy\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840] "Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-01-27 441016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-02 12288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "HP Software Update"="f:\programy\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - f:\programy\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs atmeltpm . Zawartość folderu 'Zaplanowane zadania' . 2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 08:08] . 2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 08:08] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.searchnu.com/406 uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://startsear.ch/?aff=1&cf=f42359f0-2b49-11e1-b45a-0030914011e4 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 95.160.170.92 192.168.0.1 FF - ProfilePath - c:\users\Radzio\AppData\Roaming\Mozilla\Firefox\Profiles\zlsmz6yf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=282&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-10 - (no file) AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Radzio\AppData\Local\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-30 16:21 Windows 6.0.6002 Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r??????????????????????????????????????????????? . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\AUDIODG.EXE c:\windows\system32\WLANExt.exe c:\windows\system32\srvany.exe c:\windows\KMService.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conime.exe c:\windows\system32\igfxsrvc.exe c:\program files\Searchqu Toolbar\Datamngr\datamngrUI.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Sony\Sony PC Companion\PCCompanionInfo.exe c:\windows\system32\wbem\unsecapp.exe f:\programy\HP\Digital Imaging\bin\hpqSTE08.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Czas ukończenia: 2012-03-30 16:25:59 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-03-30 14:25 . Przed: 7 606 034 432 bajtów wolnych Po: 9 999 548 416 bajtów wolnych . - - End Of File - - BA1ADFD4589D39F8F5F61FB455ACCD4E