ComboFix 12-07-10.01 - Administrator 2012-07-10 18:54:04.1.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1014.618 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: ESET Smart Security 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Zapora osobista *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Dane aplikacji\inst.exe c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Dane aplikacji\TEMP c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-10 do 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-10 16:29 . 2012-07-10 16:30 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\hellomoto 2012-06-23 11:57 . 2012-06-23 11:57 -------- d-----w- c:\program files\GraphiCode 2012-06-18 07:06 . 2012-06-18 07:06 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-18 07:06 . 2012-06-18 07:06 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-17 14:21 . 2012-06-17 14:21 -------- d-----w- c:\program files\Eagle 2012-06-17 13:42 . 2012-06-17 13:42 159744 ----a-r- c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\PVEngine.ProgramMe_D0CE053E0E5E4C129BAED0F36021E911.exe 2012-06-17 13:42 . 2012-06-17 13:42 159744 ----a-r- c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\NewShortcut2_D0CE053E0E5E4C129BAED0F36021E911.exe 2012-06-17 13:42 . 2012-06-17 14:53 -------- d-----w- c:\program files\POV-Ray for Windows v3.62 2012-06-17 13:29 . 2012-06-23 12:20 -------- d-----w- c:\program files\eagle3d . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-15 08:08 . 2012-06-15 08:08 148534 ----a-w- C:\mikrokontrolery dla początkujących.zip 2012-04-30 09:10 . 2012-04-30 09:10 438976 ----a-r- c:\windows\system32\MSHFLXGD.OCX 2012-04-30 09:10 . 2012-04-30 09:10 431888 ----a-r- c:\program files\Common Files\riched20.dll 2012-04-16 07:50 . 2012-04-16 07:50 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-16 07:50 . 2011-02-12 20:48 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-18 07:06 . 2011-05-03 10:23 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-02-16 . 44A87287F63395AE9E7950D266A73160 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 14:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PKTray"="c:\program files\Przyspiesz Komputer\PKTray.exe" [2010-12-06 242448] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-02-07 1362944] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-06 943504] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-06 21392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248] "RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-09-08 249856] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 3508624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "WSManHTTPConfig"="c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\912\WSManHTTPConfig.exe" [2012-07-10 49664] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2011-3-24 45056] VideoCam Suite.lnk - c:\program files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-3-16 349600] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . S0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 136176] S2 IOPort;IOPort;\??\c:\windows\system32\DRIVERS\IOPORT.SYS --> c:\windows\system32\DRIVERS\IOPORT.SYS [?] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-07 79872] S2 WorkshopDBService;WorkshopDBService;c:\progra~1\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService --> c:\progra~1\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService [?] S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2011-02-13 3584] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 136176] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-01-04 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-06-22 21248] S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-02-19 35776] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-01 113120] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2011-02-14 47360] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2012-03-11 98560] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2012-03-11 14848] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2012-03-11 123648] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - MDMXSDK *NewlyCreated* - PARPORT . Zawartość folderu 'Zaplanowane zadania' . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 14:50] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 14:50] . 2012-07-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-01-03 14:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.hbogo.pl/ TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\sll3hr3r.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=pl&q= . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-DriverMax - (no file) HKCU-Run-DriverMax_RESTART - (no file) AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-10 18:57 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-07-10 18:58:26 ComboFix-quarantined-files.txt 2012-07-10 16:58 . Przed: 7 478 153 216 bajtów wolnych Po: 9 019 367 424 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - FBE73F6D783A0FF92540719CA33998EE