ComboFix 12-07-14.01 - Tata 2012-07-16 20:09:16.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.471 [GMT 1:00] Uruchomiony z: F:\ComboFix.exe AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Tata\USTAWI~1\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll C:\Documents and Settings\Tata\Ustawienia lokalne\Dane aplikacji\unins000.exe C:\Documents and Settings\Tata\Ustawienia lokalne\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll C:\Program Files\Complitly C:\Program Files\Complitly\chrome\ComplitlyChrome.crx C:\Program Files\Complitly\FireFoxExtension.exe C:\Program Files\Complitly\InstTracker.exe C:\Program Files\Complitly\support@Complitly.com\chrome.manifest C:\Program Files\Complitly\support@Complitly.com\chrome\content\appIcon.png C:\Program Files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.js C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.xul C:\Program Files\Complitly\support@Complitly.com\chrome\content\utils.js C:\Program Files\Complitly\support@Complitly.com\defaults\preferences\predictad.js C:\Program Files\Complitly\support@Complitly.com\install.rdf C:\Program Files\Complitly\unins000.dat C:\Program Files\Complitly\unins000.exe C:\WINDOWS\system32\muzapp.exe C:\WINDOWS\system32\SET292.tmp C:\WINDOWS\system32\SET293.tmp C:\WINDOWS\system32\SET294.tmp C:\WINDOWS\system32\SET4E8.tmp C:\WINDOWS\system32\SET4EC.tmp C:\WINDOWS\system32\SET4F4.tmp ((((((((((((((((((((((((( Pliki utworzone od 2012-06-16 do 2012-07-16 ))))))))))))))))))))))))))))))) 2012-07-15 12:13:16 . 2012-07-15 12:13:16 -------- d-----w- C:\Program Files\CPUID 2012-07-15 11:30:24 . 2004-08-03 22:44:00 21504 -c--a-w- C:\WINDOWS\system32\dllcache\hidserv.dll 2012-07-15 11:30:24 . 2004-08-03 22:44:00 21504 ----a-w- C:\WINDOWS\system32\hidserv.dll 2012-07-15 11:30:23 . 2001-10-26 14:57:56 12160 -c--a-w- C:\WINDOWS\system32\dllcache\mouhid.sys 2012-07-15 11:30:23 . 2001-10-26 14:57:56 12160 ----a-w- C:\WINDOWS\system32\drivers\mouhid.sys 2012-07-15 11:30:21 . 2004-08-03 22:38:02 14848 -c--a-w- C:\WINDOWS\system32\dllcache\kbdhid.sys 2012-07-15 11:30:21 . 2004-08-03 22:38:02 14848 ----a-w- C:\WINDOWS\system32\drivers\kbdhid.sys 2012-07-15 11:01:06 . 2012-07-15 11:01:06 -------- d-----w- C:\WINDOWS\system32\wbem\Repository 2012-06-28 20:10:16 . 2012-06-28 20:10:16 -------- d-----w- C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2012-06-27 19:38:33 . 2012-06-27 19:40:34 -------- d-----w- C:\Program Files\Google 2012-06-27 19:38:33 . 2012-06-27 19:38:33 -------- d-----w- C:\Documents and Settings\Tata\Ustawienia lokalne\Dane aplikacji\Google 2012-06-20 17:24:34 . 2012-06-20 17:24:34 -------- d-----w- C:\Program Files\iPod 2012-06-20 17:24:28 . 2012-06-20 17:25:02 -------- d-----w- C:\Program Files\iTunes 2012-06-20 17:24:28 . 2012-06-20 17:25:02 -------- d-----w- C:\Documents and Settings\All Users\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2012-06-20 17:23:08 . 2012-06-20 17:23:08 -------- d-----w- C:\Program Files\Bonjour 2012-06-20 17:22:39 . 2012-06-20 17:22:38 143360 ----a-w- C:\Program Files\Internet Explorer\Wtyczki\npqtplugin7.dll 2012-06-20 17:22:39 . 2012-06-20 17:22:38 143360 ----a-w- C:\Program Files\Internet Explorer\Wtyczki\npqtplugin6.dll 2012-06-20 17:22:39 . 2012-06-20 17:22:38 143360 ----a-w- C:\Program Files\Internet Explorer\Wtyczki\npqtplugin5.dll 2012-06-20 17:22:39 . 2012-06-20 17:22:38 143360 ----a-w- C:\Program Files\Internet Explorer\Wtyczki\npqtplugin4.dll 2012-06-20 17:22:39 . 2012-06-20 17:22:38 143360 ----a-w- C:\Program Files\Internet Explorer\Wtyczki\npqtplugin3.dll 2012-06-20 17:22:39 . 2012-06-20 17:22:38 143360 ----a-w- C:\Program Files\Internet Explorer\Wtyczki\npqtplugin2.dll 2012-06-20 17:22:39 . 2012-06-20 17:22:38 143360 ----a-w- C:\Program Files\Internet Explorer\Wtyczki\npqtplugin.dll 2012-06-20 17:22:06 . 2012-06-20 17:22:38 -------- d-----w- C:\Program Files\QuickTime 2012-06-20 17:20:04 . 2012-06-20 17:20:05 -------- d-----w- C:\Program Files\Apple Software Update 2012-06-20 17:18:51 . 2009-05-29 11:36:16 2060288 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll 2012-06-20 16:48:12 . 2012-06-20 17:35:02 -------- d-----w- C:\Documents and Settings\Tata\Dane aplikacji\Apple Computer 2012-06-20 16:48:10 . 2012-06-20 16:48:22 1409 ----a-w- C:\WINDOWS\QTFont.for 2012-06-20 16:46:26 . 2012-06-20 17:24:19 -------- d-----w- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2012-06-20 16:46:09 . 2012-06-20 16:46:09 -------- d-----w- C:\Documents and Settings\Tata\Ustawienia lokalne\Dane aplikacji\Apple 2012-06-20 16:45:51 . 2009-05-29 11:36:16 39424 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys 2012-06-20 16:44:39 . 2012-06-20 17:19:01 -------- d-----w- C:\Documents and Settings\All Users\Dane aplikacji\Apple 2012-06-20 16:44:39 . 2012-06-20 16:44:39 -------- d-----w- C:\Program Files\Common Files\Apple 2012-06-20 16:43:50 . 2012-06-20 16:48:12 -------- d-----w- C:\Documents and Settings\Tata\Ustawienia lokalne\Dane aplikacji\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-11-05 07:31:56 . 2012-01-25 15:57:38 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. [-] 2012-01-14 12:54:56 . 64FF4E77CF31132734C42C90B4839FBA . 1548288 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\sfcfiles.dll ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\prxtbFree.dll" [2011-05-09 08:49:38 176936] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2011-05-09 08:49:38 176936 ----a-w- C:\Program Files\Freecorder\prxtbFree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\prxtbFree.dll" [2011-05-09 08:49:38 176936] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe" [2012-04-04 05:05:14 954256] "KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 05:05:28 21392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2012-01-14 12:54:53 577536] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 22:32:54 61440] "TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe" [2012-01-25 16:01:49 296056] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 11:03:02 3080264] "Freecorder FLV Service"="C:\Program Files\Freecorder\FLVSrvc.exe" [2011-03-24 06:11:25 167936] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648] "Adobe Reader Speed Launcher"="H:\reader\Reader\Reader_sl.exe" [2012-01-03 21:51:18 37296] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 09:07:56 843712] "AllShareAgent"="C:\Program Files\Samsung\AllShare\AllShareAgent.exe" [2012-01-19 10:39:48 285072] "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 05:05:16 3521424] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 15:18:30 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-05-30 10:30:26 292136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:44:20 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitTorrent\\BitTorrent.exe"= "C:\\Documents and Settings\\Tata\\Pulpit\\BitTorrent1.exe"= "C:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"= "C:\\Program Files\\Samsung\\AllShare\\AllShare.exe"= "C:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [2011-08-04 10:20:36 118104] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [2011-08-04 10:20:38 103112] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 13:03:30 974944] R2 gupdate;Usługa Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27 21:38:34 116648] S2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-01-19 12:41:52 25504] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\system32\drivers\ssudbus.sys [2012-04-29 15:34:12 80824] S3 gupdatem;Usługa Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27 21:38:34 116648] S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [2012-01-19 12:41:48 27584] S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\WINDOWS\system32\drivers\sscebus.sys [2012-03-11 18:03:13 98560] S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\WINDOWS\system32\drivers\sscemdfl.sys [2012-03-11 18:03:14 14848] S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\WINDOWS\system32\drivers\sscemdm.sys [2012-03-11 18:03:14 123648] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\system32\drivers\ssudmdm.sys [2012-04-29 15:34:11 181432] S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\WINDOWS\system32\drivers\ssudserd.sys [2012-04-29 15:34:11 181432] Zawartość folderu 'Zaplanowane zadania' 2012-07-16 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27 19:38:34 . 2012-06-27 19:38:32] 2012-07-15 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-27 19:38:34 . 2012-06-27 19:38:32] 2012-07-16 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-562591055-682003330-1003.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02:52 . 2011-11-29 15:02:52] 2012-06-19 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-562591055-682003330-1003.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02:52 . 2011-11-29 15:02:52] ------- Skan uzupełniający ------- uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1060933 uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 194.204.152.34 194.204.159.1 FF - ProfilePath - C:\Documents and Settings\Tata\Dane aplikacji\Mozilla\Firefox\Profiles\mpghp3l7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig?hl=pl FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q= - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-NWEReboot - (no file) AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - C:\Program Files\Complitly\unins000.exe AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - C:\Documents and Settings\Tata\Ustawienia lokalne\Dane aplikacji\unins000.exe AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - C:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - C:\Program Files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - C:\Program Files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - C:\Program Files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - C:\Program Files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - C:\Program Files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - C:\Program Files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - C:\Program Files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - C:\Program Files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - C:\Program Files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - C:\Program Files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - C:\Program Files\Samsung\USB Drivers\25_escape\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-16 14:24:05 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(692) C:\WINDOWS\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(4036) C:\Documents and Settings\Tata\Ustawienia lokalne\Dane aplikacji\FLVService\lib\FLVSrvLib.dll C:\WINDOWS\system32\msi.dll C:\WINDOWS\system32\WPDShServiceObj.dll C:\WINDOWS\system32\PortableDeviceTypes.dll C:\WINDOWS\system32\PortableDeviceApi.dll ------------------------ Pozostałe uruchomione procesy ------------------------ C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ************************************************************************** Czas ukończenia: 2012-07-16 14:26:56 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-07-16 12:26:52 Przed: 3 796 672 512 bajtów wolnych Po: 4 265 664 512 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 2727CE8E01F84635302FE94F1721EA00