ComboFix 12-06-05.03 - dom 2012-06-05 21:17:10.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1513 [GMT 2:00] Uruchomiony z: c:\documents and settings\dom\Pulpit\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\dom\Menu Start\Programy\Autostart\Empty.pif c:\documents and settings\dom\Szablony\bararontok.com c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-1 c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-2 c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-26 c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-27 c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-28 c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-29 c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-3 c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-30 c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-31 c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-4 c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-5 c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\csrss.exe c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\inetinfo.exe c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Kosong.Bron.Tok.txt c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\ListHost4.txt c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\lsass.exe c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\services.exe c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\smss.exe c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\winlogon.exe c:\windows\ShellNew\ElnorB.exe c:\windows\system32\dom's Setting.scr c:\windows\system32\olemdb32.dll . . ((((((((((((((((((((((((( Pliki utworzone od 2012-05-05 do 2012-06-05 ))))))))))))))))))))))))))))))) . . 2012-05-26 10:22 . 2012-05-26 10:38 -------- d-----w- c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok 2012-05-26 10:12 . 2012-05-26 10:12 -------- d-----w- c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok 2012-05-23 16:04 . 2012-05-23 16:59 -------- d-----w- c:\program files\AP Tuner 2012-05-23 15:58 . 2012-05-23 15:58 -------- d-----w- c:\documents and settings\dom\Dane aplikacji\NCH Software 2012-05-23 15:58 . 2012-05-23 15:58 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NCH Software 2012-05-23 15:56 . 2012-05-23 15:56 -------- d-----w- c:\program files\NCH Software 2012-05-23 15:56 . 2012-05-23 15:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NCH Swift Sound 2012-05-23 15:56 . 2012-05-23 15:56 -------- d-----w- c:\program files\NCH Swift Sound 2012-05-21 11:04 . 2012-05-21 11:04 -------- d-----w- c:\documents and settings\dom\Dane aplikacji\Atari 2012-05-21 10:49 . 2012-05-21 10:49 -------- d-----w- c:\program files\Atari 2012-05-21 10:42 . 2012-05-21 10:51 -------- d-----w- c:\documents and settings\dom\Dane aplikacji\DAEMON Tools Lite 2012-05-21 10:42 . 2012-05-21 10:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2012-05-18 16:39 . 2012-06-05 13:05 -------- d-----w- c:\program files\Safari 2012-05-18 16:31 . 2012-05-18 16:31 -------- d-----w- c:\program files\iPod 2012-05-18 16:30 . 2012-05-18 16:32 -------- d-----w- c:\program files\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-17 15:45 . 2012-03-17 15:45 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-03-17 15:45 . 2012-03-17 15:45 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2012-03-17 15:45 . 2012-03-17 15:45 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-03-15 13:04 . 2012-03-15 13:04 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-15 13:04 . 2012-03-15 13:04 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-13 11:02 . 2012-03-13 11:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-12 17:39 . 2012-03-12 17:39 4096 ----a-w- c:\windows\system32\01.tmp 2012-03-12 12:36 . 2006-12-17 22:11 7680 ----a-w- c:\windows\system32\drivers\ATKACPI.sys 2012-04-26 21:11 . 2012-03-12 12:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-25 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-08-16 1400320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] . c:\documents and settings\dom\Menu Start\Programy\Autostart\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5875:TCP"= 5875:TCP:tyiqe "57253:TCP"= 57253:TCP:Pando Media Booster "57253:UDP"= 57253:UDP:Pando Media Booster . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-05-02 116648] S2 xlvjklc;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [2008-04-15 14336] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-05-02 116648] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs xlvjklc . Zawartość folderu 'Zaplanowane zadania' . 2012-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-02 19:55] . 2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-02 19:55] . 2012-05-26 c:\windows\Tasks\WavePadReminder.job - c:\program files\NCH Software\WavePad\wavepad.exe [2012-05-23 15:56] . . ------- Skan uzupełniający ------- . uStart Page = about:blank mStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 193.105.180.250 FF - ProfilePath - c:\documents and settings\dom\Dane aplikacji\Mozilla\Firefox\Profiles\iki5zm4l.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 780174a70000000000000022431c8553 FF - user.js: extensions.BabylonToolbar_i.hardId - 780174a70000000000000022431c8553 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15416 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:23 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic_i.hmpg - true FF - user.js: extensions.Softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00084/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.hpOld - about:blank FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/MON00084/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic_i.dfltSrch - true FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/MON00084/tb_v1?SearchSource=2&cc=&q= FF - user.js: extensions.Softonic.dspOld - FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic) FF - user.js: extensions.Softonic_i.dnsErr - true FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MON00084/tb_v1?SearchSource=15&cc= FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.newTab - false FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - 780174a70000000000000022431c8553 FF - user.js: extensions.Softonic.instlDay - 15479 FF - user.js: extensions.Softonic.vrsn - 1.5.21.0 FF - user.js: extensions.Softonic.vrsni - 1.5.21.0 FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.018:20 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - orgnl FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - base FF - user.js: extensions.Softonic.instlRef - MON00001 FF - user.js: extensions.Softonic.dfltLng - FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-05 21:21 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2516) c:\windows\system32\ieframe.dll c:\windows\system32\olemdb32.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2012-06-05 21:23:30 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-06-05 19:23 . Przed: 5 858 852 864 bajtów wolnych Po: 5 854 769 152 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 3AB8ABC2E405D5EF4B5185D630BA309F