ComboFix 12-07-12.02 - Admin 2012-07-12 15:51:51.3.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.3046.2686 [GMT 2:00] Uruchomiony z: E:\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-12 do 2012-07-12 ))))))))))))))))))))))))))))))) . . 2012-07-12 13:41 . 2012-07-12 13:41 -------- d-s---w- c:\documents and settings\Admin\UserData 2012-07-11 16:39 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-11 16:39 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-11 16:39 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-11 16:39 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-11 16:39 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-11 16:39 . 2012-03-06 23:02 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-07-11 16:39 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-07-11 16:39 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-07-11 16:39 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-07-11 16:38 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr 2012-07-11 16:38 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-11 16:38 . 2012-07-11 16:38 -------- d-----w- c:\program files\AVAST Software 2012-07-11 16:38 . 2012-07-11 16:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVAST Software 2012-07-11 15:21 . 2012-07-11 15:21 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\hellomoto 2012-07-11 14:23 . 2012-07-11 14:23 -------- d-----w- c:\documents and settings\Właściciel.W-B8180B600EEC4\Dane aplikacji\hellomoto 2012-07-11 14:21 . 2012-07-11 14:21 1759232 ----a-w- c:\program files\Mozilla Firefox\extensions\{d0cb627f-6c96-63f5-52d0-98a0409875a1}\components\61a86e4c.dll 2012-07-11 14:20 . 2012-07-09 23:50 61 ----a-w- c:\program files\Common Files\cc.bat 2012-07-01 21:12 . 2012-07-01 21:12 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-06-19 19:26 . 2012-07-11 20:22 -------- d-----w- c:\program files\Grupa IMAGE 2012-06-12 15:44 . 2004-08-03 22:44 159232 ----a-w- c:\windows\system32\ptpusd.dll 2012-06-12 15:44 . 2001-10-26 15:29 5632 ----a-w- c:\windows\system32\ptpusb.dll 2012-06-12 15:44 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2012-06-12 15:44 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-01 21:12 . 2012-06-04 19:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-01 21:12 . 2012-06-04 19:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-27 16:23 . 2012-05-27 15:48 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\system32\GPhotos.scr . . ((((((((((((((((((((((((((((( SnapShot@2012-07-11_15.40.09 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2007-08-02 12:00 . 2012-07-12 13:15 84916 c:\windows\system32\perfc015.dat + 2007-08-02 12:00 . 2012-07-12 13:15 68156 c:\windows\system32\perfc009.dat + 2007-08-02 12:00 . 2012-07-12 13:15 493632 c:\windows\system32\perfh015.dat + 2007-08-02 12:00 . 2012-07-12 13:15 435260 c:\windows\system32\perfh009.dat + 2012-07-11 16:39 . 2012-07-11 16:39 219648 c:\windows\Installer\2e003c.msi . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7f8405af-aa68-2f9f-c4f9-5a25a24bfaff}] c:\windows\system32\dc1dc8c5.dll [BU] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{940da272-bee4-bf83-62fb-1d5a26cc5d17}] c:\windows\system32\a92b4adb.dll [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-05-19 2270504] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-07-03 800104] "LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960] "TpShocks"="TpShocks.exe" [2011-03-29 337256] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688] "LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2011-04-14 431464] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-04-14 189800] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-30 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-30 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-30 150040] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "WSManHTTPConfig"="c:\documents and settings\Właściciel.W-B8180B600EEC4\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\812\WSManHTTPConfig.exe" [BU] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "TabbtnEx"="c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\3565\TabbtnEx.exe" [2012-07-11 48640] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-08-02 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-9-22 607584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2010-12-07 14:27 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-09-06 25968] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2012-05-27 691696] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-03-29 20592] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-07-11 24408] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-07-11 612184] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-07-11 337880] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-09-06 13680] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-07-11 20696] S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-09-06 292200] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2011-09-06 45496] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2011-09-06 69632] S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [2011-09-06 148840] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [2011-09-06 130920] S2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2011-09-06 64952] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 250056] S3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2012-03-21 81280] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - MDMXSDK . Zawartość folderu 'Zaplanowane zadania' . 2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 21:12] . 2012-07-12 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-09-06 23:39] . . ------- Skan uzupełniający ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Wyślij do interfejsu Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: Wyślij do urządzenia &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-12 15:56 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(888) c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\qlbase.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll . - - - - - - - > 'lsass.exe'(944) c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll . - - - - - - - > 'explorer.exe'(832) c:\windows\system32\msi.dll c:\windows\system32\browselc.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL . Czas ukończenia: 2012-07-12 15:58:29 ComboFix-quarantined-files.txt 2012-07-12 13:58 ComboFix2.txt 2012-07-11 15:57 ComboFix3.txt 2012-07-11 15:42 . Przed: 136 218 542 080 bajtów wolnych Po: 136 218 595 328 bajtów wolnych . - - End Of File - - 92287FE4F16B6504613F175E0B1CA817