ComboFix 12-07-10.01 - Właściciel 2012-07-10 13:36:32.6.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1023.579 [GMT 2:00] Uruchomiony z: c:\documents and settings\Właściciel\Pulpit\dupa.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: mks_vir 2005 *Disabled/Updated* {163C25B5-5987-428D-9426-9C29A96444AB} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-10 do 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-10 09:08 . 2012-07-10 09:15 -------- d-----w- c:\documents and settings\Administrator 2012-07-10 08:32 . 2012-07-10 08:32 -------- d-----w- c:\documents and settings\Właściciel\Dane aplikacji\hellomoto 2012-06-21 06:56 . 2012-06-21 07:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 09:47 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 07:09 . 2011-09-23 11:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 13:19 . 2007-06-19 18:39 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2007-06-19 18:39 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2005-08-09 10:52 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2005-08-09 10:52 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2005-05-26 02:19 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2005-08-09 10:52 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2005-08-09 10:52 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2005-08-09 08:27 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2003-04-16 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2007-06-19 18:39 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2005-08-09 10:52 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2007-06-19 18:39 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2005-08-09 08:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:18 . 2009-02-17 08:06 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2009-02-17 08:06 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2008-10-16 13:07 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2003-04-16 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2005-04-27 14:44 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55 . 2003-04-16 12:00 1863424 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:44 . 2003-04-16 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2003-04-16 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2005-08-12 08:06 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:15 . 2002-09-20 17:12 2070400 ------w- c:\windows\system32\ntkrnlpa.exe 2012-05-05 03:15 . 2003-04-16 12:00 2193920 ------w- c:\windows\system32\ntoskrnl.exe 2012-05-02 13:47 . 2005-08-09 08:27 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-10 07:49 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="d:\program files\Phone\Skype.exe" [2006-12-11 25343016] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Gadu-Gadu"="d:\program files\Gadu-Gadu\Gadu-Gadu\gg.exe" [2006-11-14 1849032] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064] "WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 147456] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552] "WSManHTTPConfig"="c:\documents and settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\812\WSManHTTPConfig.exe" [2012-07-06 49152] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Właściciel\Menu Start\Programy\Autostart\ Skrót do radiozet.lnk - c:\documents and settings\Właściciel\Pulpit\radiozet.pls [2007-5-9 931] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2006-03-17 08:30 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:21 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-11-19 08:56 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Corel\\Graphics9\\Register\\Itp32.exe"= "d:\\Program Files\\Winamp\\winamp.exe"= "d:\\Program Files\\Gadu-Gadu\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "d:\\Program Files\\opera\\opera.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "d:\\Program Files\\opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "d:\\Program Files\\Phone\\Skype.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-04-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-09-07 31952] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-09 301248] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-09-07 235216] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 CX88XBAR;Conexant 2388x Crossbar;c:\windows\system32\drivers\CX88XBAR.sys --> c:\windows\system32\drivers\CX88XBAR.sys [?] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664] S2 inpout32;inpout32;c:\windows\system32\drivers\inpout32.sys [2012-03-27 11936] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 257696] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-08-27 10368] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-09 167264] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664] S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-03-30 35776] S3 SER120;OTI Serial port driver;c:\windows\system32\drivers\ser120.sys [2005-09-08 32782] . Zawartość folderu 'Zaplanowane zadania' . 2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 07:09] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 10:34] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 10:34] . 2012-07-10 c:\windows\Tasks\User_Feed_Synchronization-{37DEB4BC-5B61-4F77-B8FF-C4EECD71F1D0}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uInternet Connection Wizard,ShellNext = iexplore TCP: Interfaces\{B95DC5B9-DF03-48B3-98ED-93C27E335FB4}: NameServer = 10.20.16.5,193.33.174.3 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\0gbwujqo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9f089413-a63c-4be3-8219-989a690ab3fb%7D&mid=33d746d88d01f739491834a395c3ffb2-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=9.0.0.18.1&lang=pl&pr=pa&d=2011-12-06%2009%3A03%3A18&sap=ku&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-10 13:42 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(604) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1428) c:\windows\system32\WININET.dll c:\windows\system32\wpdshext.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\windows\system32\msi.dll . Czas ukończenia: 2012-07-10 13:45:04 ComboFix-quarantined-files.txt 2012-07-10 11:44 ComboFix2.txt 2012-07-10 10:27 ComboFix3.txt 2012-07-10 10:01 ComboFix4.txt 2009-12-23 10:17 . Przed: 7 755 005 952 bajtów wolnych Po: 7 726 714 880 bajtów wolnych . - - End Of File - - BA66C9FA6980BF770A3C0CB784C8B9A6