ComboFix 12-07-08.01 - admin 2012-07-09 11:50:41.5.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1637 [GMT 2:00] Uruchomiony z: c:\profile\admin\Pulpit\ComboFix.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-09 do 2012-07-09 ))))))))))))))))))))))))))))))) . . 2012-07-06 10:05 . 2012-07-06 10:05 60872 ----a-w- c:\winxp\system32\S32EVNT1.DLL 2012-07-06 10:05 . 2012-07-06 10:05 141944 ----a-w- c:\winxp\system32\drivers\SYMEVENT.SYS 2012-07-06 10:05 . 2012-07-06 10:05 -------- d-----w- c:\programy\Symantec 2012-07-06 10:05 . 2012-07-06 10:05 -------- d-----w- c:\programy\!Wspolne\Symantec Shared 2012-07-06 10:04 . 2012-07-06 10:04 -------- d-----w- c:\winxp\system32\drivers\N360 2012-07-06 10:04 . 2012-07-06 10:04 -------- d-----w- c:\programy\Norton 360 2012-07-06 09:58 . 2012-07-06 09:58 -------- d-----w- c:\programy\NortonInstaller 2012-07-06 06:33 . 2012-07-06 06:33 -------- d-sh--w- c:\winxp\system32\config\systemprofile\IETldCache 2012-07-06 06:33 . 2008-04-14 21:51 221184 ----a-w- c:\winxp\system32\wmpns.dll 2012-07-05 20:45 . 2012-07-05 20:45 -------- d-----w- c:\profile\admin\Dane aplikacji\hellomoto 2012-06-11 08:05 . 2012-06-11 08:05 -------- d-----w- c:\winxp\system32\config\systemprofile\Dane aplikacjiPDFcreator . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-11 13:06 . 2012-02-11 13:06 3834832 ----a-w- c:\programy\sdsetup.exe 2003-03-21 12:45 . 2011-11-08 09:27 250544 ----a-w- c:\programy\!Wspolne\keyhelp.ocx 2011-10-11 07:46 . 2011-05-14 16:04 134104 ----a-w- c:\programy\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-12-02 . 92C6807944899AC53C517D1DB9BCBBD5 . 1571840 . . [5.1.2600.5512] . . c:\winxp\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot_2012-07-06_11.25.42 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-02 02:24 . 2012-07-09 07:34 32768 c:\winxp\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2010-12-02 02:24 . 2012-07-06 10:59 32768 c:\winxp\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2012-07-06 21:30 . 2012-07-09 07:34 16384 c:\winxp\system32\config\systemprofile\Cookies\index.dat - 2011-09-12 19:05 . 2012-07-06 10:59 16384 c:\winxp\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\programy\!Wspolne\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "Gadu-Gadu"="c:\programy\Gadu-Gadu\gg.exe" [2008-03-20 2127296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2010-12-02 19573352] "AdobeAAMUpdater-1.0"="c:\programy\!Wspolne\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\programy\!Wspolne\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\programy\!Wspolne\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Adobe Reader Speed Launcher"="c:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\programy\!Wspolne\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "GrooveMonitor"="c:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "AVG_TRAY"="c:\programy\AVG\AVG10\avgtray.exe" [2012-01-17 2339168] "SunJavaUpdateSched"="c:\programy\!Wspolne\Java\Java Update\jusched.exe" [2012-01-17 252296] "WSDPrintProxy"="c:\profile\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\813\WSDPrintProxy.exe" [2012-07-05 65536] . c:\profile\admin\Menu Start\Programy\Autostart\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\programy\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . c:\profile\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\programy\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\programy\AVG\AVG10\avgchsvx.exe /sync\0c:\programy\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programy\\uTorrent\\uTorrent.exe"= "c:\\Profile\\admin\\Pulpit\\Odtwarzacze\\utorrent.exe"= "c:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programy\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programy\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programy\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Programy\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Programy\\AVG\\AVG10\\avgnsx.exe"= "c:\\Programy\\AVG\\AVG10\\avgemcx.exe"= "%windir%\explorer.exe"= %windir%\explorer.exe "c:\\Programy\\Skype\\Phone\\Skype.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\winxp\system32\drivers\AVGIDSEH.sys [2011-02-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\winxp\system32\drivers\avgrkx86.sys [2011-03-16 32592] R0 SymDS;Symantec Data Store;c:\winxp\system32\drivers\N360\0600000.091\SymDS.sys [2012-07-06 340088] R0 SymEFA;Symantec Extended File Attributes;c:\winxp\system32\drivers\N360\0600000.091\SymEFA.sys [2012-07-06 905336] R1 Avgtdix;AVG TDI Driver;c:\winxp\system32\drivers\avgtdix.sys [2011-04-05 297168] S1 Avgldx86;AVG AVI Loader Driver;c:\winxp\system32\drivers\avgldx86.sys [2011-01-07 248656] S1 BHDrvx86;BHDrvx86;c:\profile\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20111201.001\BHDrvx86.sys [2012-07-06 820344] S1 ccSet_N360;Norton 360 Settings Manager;c:\winxp\system32\drivers\N360\0600000.091\ccSetx86.sys [2012-07-06 132744] S1 SymIRON;Symantec Iron Driver;c:\winxp\system32\drivers\N360\0600000.091\Ironx86.sys [2012-07-06 149624] S2 AVGIDSAgent;AVGIDSAgent;c:\programy\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072] S2 avgwd;AVG WatchDog;c:\programy\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 gupdate;Usługa Google Update (gupdate);c:\programy\Google\Update\GoogleUpdate.exe [2010-12-10 136176] S2 N360;Norton 360;c:\programy\Norton 360\Engine\6.0.0.145\ccSvcHst.exe [2012-07-06 138248] S2 SkypeUpdate;Skype Updater;c:\programy\Skype\Updater\Updater.exe [2012-02-29 158856] S2 vnccom;vnccom;c:\winxp\system32\drivers\vnccom.SYS [2011-12-15 13384] S3 Ambfilt;Ambfilt;c:\winxp\system32\drivers\Ambfilt.sys [2010-12-02 1691480] S3 AVGIDSDriver;AVGIDSDriver;c:\winxp\system32\drivers\AVGIDSDriver.sys [2011-04-14 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\winxp\system32\drivers\AVGIDSFilter.sys [2011-02-10 24144] S3 AVGIDSShim;AVGIDSShim;c:\winxp\system32\drivers\AVGIDSShim.sys [2011-02-10 27216] S3 gupdatem;Usługa Google Update (gupdatem);c:\programy\Google\Update\GoogleUpdate.exe [2010-12-10 136176] S3 IDSxpx86;IDSxpx86;c:\profile\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20111130.012\IDSXpx86.sys [2012-07-06 356280] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programy\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 SwitchBoard;SwitchBoard;c:\programy\!Wspolne\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 16:34 451872 ----a-w- c:\programy\!Wspolne\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-06-10 c:\winxp\Tasks\AdobeAAMUpdater-1.0-PC-admin.job - c:\programy\!Wspolne\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-02 02:44] . 2012-07-08 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job - c:\programy\Google\Update\GoogleUpdate.exe [2010-12-10 21:07] . 2012-07-07 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job - c:\programy\Google\Update\GoogleUpdate.exe [2010-12-10 21:07] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\programy\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\profile\admin\Dane aplikacji\Mozilla\Firefox\Profiles\tccrrlpd.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-09 11:53 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\programy\Norton 360\Engine\6.0.0.145\ccSvcHst.exe\" /s \"N360\" /m \"c:\programy\Norton 360\Engine\6.0.0.145\diMaster.dll\" /prefetch:1" . Czas ukończenia: 2012-07-09 11:53:54 ComboFix-quarantined-files.txt 2012-07-09 09:53 ComboFix2.txt 2012-07-06 20:43 ComboFix3.txt 2012-07-06 11:26 ComboFix4.txt 2011-07-07 08:56 ComboFix5.txt 2012-07-09 09:50 . Przed: 41 643 167 744 bajtów wolnych Po: 41 634 840 576 bajtów wolnych . - - End Of File - - 5EEBD39500E5FB3F3E31CD89DC801777