ComboFix 12-07-11.03 - Administrator 2012-07-12 13:08:33.1.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.779 [GMT 2:00] Uruchomiony z: F:\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\documents and settings\All Users\Dane aplikacji\TEMP c:\windows\IsUn0415.exe c:\windows\system32\AutoRun.inf c:\windows\system32\SET219.tmp c:\windows\system32\SET21D.tmp c:\windows\system32\SET225.tmp . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-12 do 2012-07-12 ))))))))))))))))))))))))))))))) . . 2012-07-10 20:32 . 2012-07-10 20:32 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\hellomoto 2012-07-10 20:11 . 2012-07-10 20:11 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-07-10 20:11 . 2012-07-10 20:11 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-07 17:50 . 2012-05-07 17:50 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2012-07-10 20:12 . 2012-02-16 11:39 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 39408] "IPLA!"="c:\program files\ipla\ipla.exe" [2012-04-26 19860936] "AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2011-12-22 10234880] "Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2011-02-20 370688] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432] "nwiz"="nwiz.exe" [2007-07-23 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752] "WSManHTTPConfig"="c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\912\WSManHTTPConfig.exe" [2012-07-10 50176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . c:\documents and settings\Administrator\Menu Start\Programy\Autostart\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\PictoColor\\CorrectPhoto 2.0\\CorrectPhoto 2.0.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2011 11.0.0.232\\Polish\\setup.exe"= "c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= . S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-02-16 435032] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-02-16 314456] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-02-16 20568] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 135664] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 135664] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-12-07 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2007-12-07 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2007-12-07 94064] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 113120] S3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;c:\windows\system32\drivers\psxpad.sys [2008-12-11 12160] S3 PsxPortEnumerator;Psx Port Enumerator;c:\windows\system32\drivers\psxenum.sys [2008-12-11 16896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . Zawartość folderu 'Zaplanowane zadania' . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 14:31] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 14:31] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-764733703-839522115-500Core.job - c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-06-06 18:05] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-764733703-839522115-500UA.job - c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-06-06 18:05] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.zabrzeg.eu/ uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\lumnrck7.default\ FF - prefs.js: browser.startup.homepage - www.google.pl . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-12 13:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-07-12 13:18:48 ComboFix-quarantined-files.txt 2012-07-12 11:18 . Przed: 19 367 800 832 bajtów wolnych Po: 20 331 298 816 bajtów wolnych . - - End Of File - - 69A4662A0B00E2FCE0BD3437F31307FA