ComboFix 12-07-12.02 - Administrator 2012-07-12 14:33:07.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1919.1523 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-12 do 2012-07-12 ))))))))))))))))))))))))))))))) . . 2012-07-12 12:27 . 2003-07-29 09:18 3839 ----a-w- c:\windows\system32\drivers\GETPADD.sys 2012-07-12 11:43 . 2012-07-12 11:43 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\hellomoto 2012-06-15 10:47 . 2012-06-15 10:47 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Sun 2012-06-13 18:24 . 2012-06-13 18:24 -------- d-----w- c:\program files\Common Files\Java 2012-06-13 18:24 . 2012-06-13 18:24 -------- d-----w- c:\program files\Oracle 2012-06-13 18:24 . 2012-06-13 18:24 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Oracle 2012-06-13 18:24 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-13 07:14 . 2012-06-23 11:34 -------- d-----w- c:\program files\Mozilla Maintenance Service . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-10 13:12 . 2012-06-10 13:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-04 17:29 . 2009-06-28 17:44 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-05-04 17:29 . 2011-09-25 12:54 687504 ----a-w- c:\windows\system32\deployJava1.dll 2008-11-13 19:14 . 2008-11-13 19:14 2955128 ----a-w- c:\program files\ccsetup213.exe 2012-06-23 08:28 . 2012-06-23 08:28 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-12_12.18.07 ))))))))))))))))))))))))))))))))))))))))) . + 2006-08-27 12:38 . 2012-07-12 12:33 89874 c:\windows\system32\perfc015.dat - 2006-08-27 12:38 . 2012-07-12 11:57 89874 c:\windows\system32\perfc015.dat + 2006-08-27 12:38 . 2012-07-12 12:33 71904 c:\windows\system32\perfc009.dat - 2006-08-27 12:38 . 2012-07-12 11:57 71904 c:\windows\system32\perfc009.dat + 2006-08-27 12:38 . 2012-07-12 12:33 503306 c:\windows\system32\perfh015.dat - 2006-08-27 12:38 . 2012-07-12 11:57 503306 c:\windows\system32\perfh015.dat + 2006-08-27 12:38 . 2012-07-12 12:33 444028 c:\windows\system32\perfh009.dat - 2006-08-27 12:38 . 2012-07-12 11:57 444028 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MultiFrame"="c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 999792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-07-12 225280] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-07-19 49520] "ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-07-10 851968] "ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-03 61440] "ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-01-16 106496] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-04-28 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-04-28 33136] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "WSManHTTPConfig"="c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\912\WSManHTTPConfig.exe" [2012-07-12 58368] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] . c:\documents and settings\Administrator\Menu Start\Programy\Autostart\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608] GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-9-8 4569600] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . c:\documents and settings\Default User\Menu Start\Programy\Autostart\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-04-29 691696] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-09 108289] S2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2008-04-30 200704] S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2008-04-28 24576] S3 GETPADD;GETPADD;c:\windows\system32\drivers\GETPADD.sys [2012-07-12 3839] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-02-18 106624] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-02-08 59648] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-13 113120] S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2008-04-28 1260672] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\xsv8czr7.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.pl . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-12 14:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(976) c:\windows\system32\Ati2evxx.dll c:\windows\system32\l3codeca.acm c:\windows\system32\ac3acm.acm c:\windows\system32\lameACM.acm . Czas ukończenia: 2012-07-12 14:37:40 ComboFix-quarantined-files.txt 2012-07-12 12:37 ComboFix2.txt 2012-07-12 12:21 . Przed: 67 110 309 888 bajtów wolnych Po: 67 108 478 976 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - E1834DCB68BE49851BA04155AC7F2D0B