ComboFix 12-04-06.03 - Karol1 2012-04-06 23:50:18.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1534.1149 [GMT 2:00] Uruchomiony z: c:\documents and settings\Karol1\Moje dokumenty\Pobieranie\ComboFix.exe * Rezydentny antywirus jest aktywny . . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\xmlUpdater.exe c:\documents and settings\Alicja\xmlUpdater.exe c:\documents and settings\Default User\xmlUpdater.exe c:\documents and settings\Kamil\xmlUpdater.exe c:\documents and settings\Karol1\xmlUpdater.exe c:\program files\QuestBasic c:\program files\QuestBasic\uninstall.exe c:\windows\$NtUninstallKB61612$ c:\windows\$NtUninstallKB61612$\2112123575\@ c:\windows\$NtUninstallKB61612$\2112123575\L\ydgvzunm c:\windows\$NtUninstallKB61612$\2112123575\loader.tlb c:\windows\$NtUninstallKB61612$\2112123575\U\@00000001 c:\windows\$NtUninstallKB61612$\2112123575\U\@000000c0 c:\windows\$NtUninstallKB61612$\2112123575\U\@000000cb c:\windows\$NtUninstallKB61612$\2112123575\U\@000000cf c:\windows\$NtUninstallKB61612$\2112123575\U\@80000000 c:\windows\$NtUninstallKB61612$\2112123575\U\@800000c0 c:\windows\$NtUninstallKB61612$\2112123575\U\@800000cb c:\windows\$NtUninstallKB61612$\2112123575\U\@800000cf c:\windows\$NtUninstallKB61612$\647796931 c:\windows\ie8.log c:\windows\KB2079403.log c:\windows\KB2115168.log c:\windows\KB2296011.log c:\windows\KB2347290.log c:\windows\KB2360937.log c:\windows\KB2378111.log c:\windows\KB2387149.log c:\windows\KB2393802.log c:\windows\KB2412687.log c:\windows\KB2419632.log c:\windows\KB2423089.log c:\windows\KB2440591.log c:\windows\KB2443105.log c:\windows\KB2476490.log c:\windows\KB2478960.log c:\windows\KB2478971.log c:\windows\KB2479943.log c:\windows\KB2481109.log c:\windows\KB2483185.log c:\windows\KB2506212.log c:\windows\KB2507618.log c:\windows\KB2507938.log c:\windows\KB2508429.log c:\windows\KB2509553.log c:\windows\KB2510581.log c:\windows\KB2535512.log c:\windows\KB2536276-v2.log c:\windows\KB2544893-v2.log c:\windows\KB2564958.log c:\windows\KB2566454.log c:\windows\KB2570947.log c:\windows\KB2585542.log c:\windows\KB2592799.log c:\windows\KB2598479.log c:\windows\KB2603381.log c:\windows\KB2618451.log c:\windows\KB2619339.log c:\windows\KB2620712.log c:\windows\KB2621440.log c:\windows\KB2624667.log c:\windows\KB2631813.log c:\windows\KB2633171.log c:\windows\KB2633952.log c:\windows\KB2641653.log c:\windows\KB2641690.log c:\windows\KB2646524.log c:\windows\KB2647516-IE7.log c:\windows\KB2647518.log c:\windows\KB2661637.log c:\windows\KB929399.log c:\windows\KB950974.log c:\windows\KB952004.log c:\windows\KB952069.log c:\windows\KB952287.log c:\windows\KB952954.log c:\windows\KB954154.log c:\windows\KB954155.log c:\windows\KB954459.log c:\windows\KB955759.log c:\windows\KB956572.log c:\windows\KB956744.log c:\windows\KB956802.log c:\windows\KB956844.log c:\windows\KB958644.log c:\windows\KB959426.log c:\windows\KB960803.log c:\windows\KB960859.log c:\windows\KB961501.log c:\windows\KB968389.log c:\windows\KB969059.log c:\windows\KB971029.log c:\windows\KB971657.log c:\windows\KB972270.log c:\windows\KB973507.log c:\windows\KB973540.log c:\windows\KB973687.log c:\windows\KB973815.log c:\windows\KB973869.log c:\windows\KB973904.log c:\windows\KB974112.log c:\windows\KB974318.log c:\windows\KB974392.log c:\windows\KB974571.log c:\windows\KB975025.log c:\windows\KB975467.log c:\windows\KB975558.log c:\windows\KB975560.log c:\windows\KB975713.log c:\windows\KB976002-v5.log c:\windows\KB977816.log c:\windows\KB977914.log c:\windows\KB978338.log c:\windows\KB978542.log c:\windows\KB978601.log c:\windows\KB978695.log c:\windows\KB978706.log c:\windows\KB979482.log c:\windows\KB979687.log c:\windows\KB982132.log c:\windows\KB982665.log c:\windows\msmqinst.log c:\windows\regopt.log c:\windows\system32\config\systemprofile\xmlUpdater.exe c:\windows\system32\dds_log_ad13.cmd c:\windows\system32\msconfig.exe c:\windows\system32\setup.ini c:\windows\system32\TZLog.log F:\RealPlayer.exe F:\Setup.exe . c:\windows\system32\drivers\psched.sys . . . brak pliku!! . . ((((((((((((((((((((((((( Pliki utworzone od 2012-03-06 do 2012-04-06 ))))))))))))))))))))))))))))))) . . 2012-04-06 13:26 . 2012-04-06 13:47 -------- d-----w- C:\sh4ldr 2012-04-05 14:36 . 2012-04-05 14:36 -------- d-----w- C:\Python24 2012-04-02 12:23 . 2012-04-02 12:23 -------- d-----w- C:\Infonetax 2012-03-30 12:55 . 2012-03-30 12:55 -------- d-----r- C:\MSOCache 2012-03-24 22:41 . 2012-04-03 12:37 -------- d-----w- C:\Downloads 2012-03-24 09:10 . 2012-03-24 09:10 -------- d-----w- C:\970b8e651b6088c16731c3e2631f6fd0 2012-03-23 20:39 . 2012-03-23 20:39 -------- d-----w- C:\ATI 2012-03-23 20:19 . 2012-04-06 21:58 -------- d-----w- C:\Program Files 2012-03-23 20:03 . 2012-04-06 12:40 -------- d-----w- C:\Documents and Settings 2012-03-23 20:02 . 2012-03-23 20:02 -------- d-----w- C:\install . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-03 09:57 . 2008-04-14 19:35 1860352 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 04:38 . 2012-04-05 16:21 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-07-22 13:23 . 9994E5A07D951FC1B0F5FB18501090FC . 1526784 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll . [-] 2008-07-22 . 5F1CCDF37F28A88D0473B0C9EA1E0D58 . 487424 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll . [-] 2008-07-22 . B49A80A502FD86B2F05BC7BBD723DDAB . 1528832 . . [6.00.2900.5512] . . c:\windows\explorer.exe . [-] 2008-07-22 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\system32\usp10.dll . [-] 2008-07-22 . 0277E1A3E8B337555A45943808451981 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe . . . c:\windows\System32\wscntfy.exe ... - brak elementu !! c:\windows\System32\regsvc.dll ... - brak elementu !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "WinampAgent"="c:\program files\winamp\winampa.exe" [2008-07-10 36352] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2008-02-20 28672] "nltide_3"="advpack.dll" [2009-03-08 128512] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar] 2006-06-02 13:01 151552 ----a-r- c:\windows\system32\stmctrl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg] 2002-03-22 11:16 98304 ----a-w- c:\windows\system32\ctasio.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2006-09-25 08:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] 2012-03-14 04:07 12761392 ----a-w- c:\program files\BitComet\BitComet.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-07-22 13:23 40448 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] 2002-02-07 17:01 40960 ----a-w- c:\windows\system32\CtHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] 2008-02-20 20:58 19968 ----a-w- c:\windows\system32\Ctxfihlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] 2001-11-29 00:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP] 2006-05-24 18:31 1372160 ----a-w- c:\program files\TGTSoft\StyleXP\StyleXP.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips] 2007-09-05 10:20 36352 ----a-w- c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2008-07-10 02:03 36352 ----a-w- c:\program files\winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] 2002-02-07 17:01 40960 ----a-w- c:\windows\system32\CtHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] 2004-10-14 14:55 32768 ------w- c:\progra~1\NEOSTR~1\GestMAJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] 2004-08-23 12:49 20480 ------w- c:\progra~1\NEOSTR~1\Watch.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16613:TCP"= 16613:TCP:BitComet 16613 TCP "16613:UDP"= 16613:UDP:BitComet 16613 UDP . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-03-25 242240] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2011-07-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [2011-08-12 116608] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144] R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2012-03-23 60255] R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2012-03-23 684265] S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\program files\System\CPL Bonus\Vcdrom.sys --> c:\program files\System\CPL Bonus\Vcdrom.sys [?] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 TrufosAlt;TrufosAlt;c:\windows\system32\drivers\TrufosAlt.sys [2012-04-06 335504] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000 Trusted Zone: google.com\mail FF - ProfilePath - c:\documents and settings\Karol1\Dane aplikacji\Mozilla\Firefox\Profiles\w0o2go53.Karol1\ . - - - - USUNIĘTO PUSTE WPISY - - - - . HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe AddRemove-QuestBasic - c:\program files\QuestBasic\uninstall.exe AddRemove-Tibia_is1 - e:\program files\Tibia\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-06 23:59 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="C1D2A03E63739D511DCDF82237BD9A2E51F80E24BAAB2B23D5B964B1B72D169B210714133508EEB4E6A41A6684B8701C71AD43F2D825EDCBFEE9A1BC711D5208397B10F657A7A93AAFCE513E23A3C70DF46DAA265B3E6E6BB60DA315DD2D13BB797DC870DABEA578D1E0039A5BC278963FB27ABCE42E2634899F95E6182893A4B631F578F351003D88C116611EE921FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14079DB7CE019D40AA5C5D575E7D6A3B9808FB05391B6D711B5628F33771FE81A3865D82E701C0F75D81EBED21B2351FF9859B531D94F844319004B771F57C82DF002C9CD608159DF741049BC09755EA448AA49F4B533CD174B1EA216DA3AF4E00FE527F038B4B8E59A832DD29A5FA9FE6C73F9760A868A7DB6C5FC48B7BB52A53B7CEC9B25E0E6B438D9479A1217E56BB53C44C49E7A17476BA9A1CFD0320803CA4D8FC7E567C778E8C7B9B494EAAC82E884430C9E7021065D70704CE4276DEB001D58051CC2997A600ECD1907A40573E06FE9DF70495F0DDC345BED7C5B1F73A50641EED9F9CD80A0EA3123FF1740702AFEC50BF1DDDB529C326F1C99D40A0F8555405E730CF69CB1A0A326D086D001F2BB7675E96509EA3DE35A5276003D31D1CA9C728E4B21B14CE466D8914C70C54663F69E7D7558FBFE12A474A2551AD6E6E9EDA6C2629669D9A296255F0949D700E14BDC2CCC99302DBF6A9DC887572C6DF1E1A44E109E5B7AFBF9667FBD6465816FDB0A9647ED584223E025FABAB061445C8C4950A1DD746854570289886BF8336F6722B133A2874CBD668A5B2A7F359B674FA1815251FBE532DBBD52D1065FE69AE18AACF347E92364EDB57488E69AB12A8C5D97BD4432F999B270225D3376BED06195E171BF2348162BC70167B38B679210EBA3BD1EE341A6A47136DA4577CC695D2D0680E41429007CF404EFAD4384FD021EE5638F003DAA691C2FACA107ABDA506E1C6234BBA0C63C06B2610DB01BFD9B380D196BBE1A513E29E4304CC425A36D5C23A62962F60541B68D5310A7A36955B4BB8EF67AB08A4F908C07E1DC2EE78CA7C4ECAC9433E69D0039846411CE411910117BAAED155047BB4F2DFB5018CD4526713CBB2B21AE3B6DCB1AF0875BF8B36267E63EE552410ECB0DABE6C160BE3BBB39BCAC3C8293D07E863BE86A801FB8A9286C7AC4E4DD93BD501273E2D8575BCE300A18FE76BA0DEED77B90C6CA487357346BA8DE76FA6B4596E194B87DB0CEBCD5C1C51849EEDBF083B590A09EC0EC04BDD845EE16C700EBF330AD8F7AFDDC79E4F7BE3A7C6B68E287D4C97DF5E9D9B6B6CDF8B8E6B64DDE161E0CBE769D42FD2FB754970AEC4951115B56CE0C27B18009A7A2AD6D4639F6E8F79B153B38F" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(476) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\COMRes.dll . - - - - - - - > 'lsass.exe'(532) c:\windows\system32\SETUPAPI.dll . - - - - - - - > 'explorer.exe'(2372) c:\windows\system32\SHDOCVW.dll c:\windows\system32\WININET.dll c:\windows\system32\COMRes.dll c:\windows\system32\LINKINFO.dll c:\windows\system32\ntshrui.dll c:\windows\system32\webcheck.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\MSVCP60.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\TGTSoft\StyleXP\StyleXPService.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\FTRTSVC.exe c:\windows\system32\WgaTray.exe c:\windows\SOUNDMAN.EXE . ************************************************************************** . Czas ukończenia: 2012-04-07 00:02:30 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-04-06 22:02 . Przed: 31 010 713 600 bajtów wolnych Po: 31 235 014 656 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff . - - End Of File - - 7B9B4D7CA44729D7A52F8CE038253336