ComboFix 12-07-13.01 - Ja 2012-07-13 8:54.1.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1536 [GMT 2:00] Uruchomiony z: c:\documents and settings\Ja\Moje dokumenty\Pobieranie\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Ja\Moje dokumenty\~WRL0003.tmp c:\documents and settings\Ja\Moje dokumenty\~WRL0004.tmp c:\documents and settings\Ja\Moje dokumenty\~WRL0527.tmp c:\documents and settings\Ja\Moje dokumenty\~WRL0735.tmp c:\documents and settings\Ja\Moje dokumenty\~WRL0753.tmp c:\documents and settings\Ja\Moje dokumenty\~WRL0836.tmp c:\documents and settings\Ja\Moje dokumenty\~WRL1418.tmp c:\documents and settings\Ja\Moje dokumenty\~WRL1432.tmp c:\documents and settings\Ja\Moje dokumenty\~WRL3570.tmp c:\documents and settings\Ja\Moje dokumenty\~WRL3699.tmp c:\documents and settings\Ja\WINDOWS c:\windows\system32\dllcache\dlimport.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-13 do 2012-07-13 ))))))))))))))))))))))))))))))) . . 2012-07-12 19:22 . 2012-07-12 19:22 -------- d-----w- c:\windows\LastGood.Tmp 2012-07-11 09:28 . 2012-07-11 09:28 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\hellomoto 2012-07-05 14:50 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2012-07-05 14:50 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2012-07-05 14:50 . 2012-07-05 14:50 -------- d-----w- c:\program files\Microsoft Works 2012-07-05 14:46 . 2012-07-05 14:46 -------- d-----w- c:\windows\SHELLNEW 2012-07-05 14:46 . 2012-07-05 14:46 -------- d-----w- c:\documents and settings\Ja\Ustawienia lokalne\Dane aplikacji\Microsoft Help 2012-07-05 14:46 . 2012-07-05 14:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2012-07-05 14:45 . 2012-07-05 14:45 -------- d-----r- C:\MSOCache 2012-06-17 11:46 . 2012-06-17 11:46 -------- d-----w- c:\windows\Hewlett-Packard 2012-06-15 09:00 . 2012-06-15 09:00 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\HPAppData 2012-06-13 17:42 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-02 13:19 . 2012-05-17 12:38 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2012-05-17 12:38 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2012-05-17 12:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-08-06 17:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-08-06 17:24 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2012-05-17 12:38 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2012-05-17 12:38 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-08-06 17:24 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2012-05-17 12:38 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2012-05-17 12:38 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2009-08-06 17:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-18 08:19 . 2012-05-18 08:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-18 08:19 . 2012-05-18 08:19 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-16 15:09 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55 . 2006-03-02 12:00 1863424 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:44 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2012-05-05 03:14 . 2006-03-02 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2004-08-04 00:39 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2012-05-17 12:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-17 16:29 . 2012-05-23 19:37 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464] "NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112] "RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "SNTSearch"="c:\documents and settings\Ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1179\SNTSearch.exe" [2012-07-11 50176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-17 2348352] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 257696] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-05-17 1691480] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-23 113120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' . 2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 08:19] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.1.62 192.168.0.1 FF - ProfilePath - c:\documents and settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\61tgf3w5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-13 08:58 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-07-13 08:59:04 ComboFix-quarantined-files.txt 2012-07-13 06:59 . Przed: 20 382 076 928 bajtów wolnych Po: 20 683 997 184 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 1775BE067EE724B3E66401CB9A79CCAE