ComboFix 12-07-08.01 - R2D2 2012-07-09 14:40:46.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.958.641 [GMT 2:00] Uruchomiony z: c:\documents and settings\R2D2\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\R2D2\Dane aplikacji\chrtmp c:\documents and settings\R2D2\Moje dokumenty\~WRL0020.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL0069.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL0486.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL0677.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL0878.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL0927.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL1254.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL1349.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL1809.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL1936.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL1966.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL1978.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL2015.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL2446.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL2475.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL2570.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL2728.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL2738.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL2769.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL2902.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL2908.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL3286.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL3378.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL3568.tmp c:\documents and settings\R2D2\Moje dokumenty\~WRL3728.tmp C:\Internet Explorer.lnk c:\windows\~GLC0000.TMP c:\windows\~GLC0001.TMP c:\windows\~GLC0002.TMP c:\windows\iun6002.exe c:\windows\system32\setup.ini . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-09 do 2012-07-09 ))))))))))))))))))))))))))))))) . . 2012-07-09 12:04 . 2004-08-03 22:44 21504 ----a-w- c:\windows\system32\hidserv.dll 2012-07-09 12:04 . 2004-08-03 22:38 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2012-07-09 12:04 . 2004-08-03 22:38 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2012-07-09 12:03 . 2001-10-26 14:57 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2012-07-09 12:03 . 2001-10-26 14:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2012-07-09 12:03 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2012-07-09 12:03 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2012-07-09 10:49 . 2012-07-09 10:49 -------- d-----w- c:\documents and settings\R2D2\Dane aplikacji\hellomoto 2012-06-14 16:05 . 2012-06-14 16:05 -------- d-----w- c:\documents and settings\R2D2\Ustawienia lokalne\Dane aplikacji\Sun . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-06-17 13:33 . 2012-06-17 13:33 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Philips Intelligent Agent"="NOT_IN_USE_DUMMY_PATH" [X] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "ABBYY Screenshot Reader Bonus"="c:\program files\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe" [2010-01-25 939272] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdslTaskBar"="stmctrl.dll" [2006-06-02 151552] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952] "AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-29 363008] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "nwiz"="nwiz.exe" [2007-06-28 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-09-03 536576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264] "Onet.pl AutoUpdate"="c:\program files\Common Files\Onet.pl\AutoUpdate.exe" [2006-02-08 260096] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "WSManMigrationPlugin"="c:\documents and settings\R2D2\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\511\WSManMigrationPlugin.exe" [2012-07-09 48640] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-03-03 691696] R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Usługa licencjonowania programu ABBYY PDF Transformer 3.0;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048] R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-01-05 99896] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2008-02-27 60255] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 136176] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-19 113120] S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-01-05 17408] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys --> c:\windows\system32\DRIVERS\netaapl.sys [?] S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2008-02-27 684265] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 10:05] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 10:05] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1993962763-839522115-1004Core.job - c:\documents and settings\R2D2\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-12-17 10:21] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1993962763-839522115-1004UA.job - c:\documents and settings\R2D2\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-12-17 10:21] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Konwertuj do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj miejsce docelowe łącza do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konwertuj wybrane łącza do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Konwertuj zaznaczenie do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konwertuj zaznaczenie do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html TCP: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 FF - ProfilePath - c:\documents and settings\R2D2\Dane aplikacji\Mozilla\Firefox\Profiles\1atvgjr8.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: network.proxy.ftp - 212.191.7.144 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - 212.191.7.144 FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - 212.191.7.144 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 212.191.7.144 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 212.191.7.144 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Notify-avldr - avldr.dll AddRemove-SmartPhotoRefresh - c:\program files\BearPaw 1200CU Plus\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-09 14:47 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-07-09 14:49:16 ComboFix-quarantined-files.txt 2012-07-09 12:49 . Przed: 5 981 503 488 bajtów wolnych Po: 7 956 697 088 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /fastdetect . - - End Of File - - CF9375240633BC0037F6D7FA612F864B