ComboFix 12-07-16.01 - dom 2012-07-18 13:01:34.1.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2045.1558 [GMT 2:00] Uruchomiony z: c:\users\dom\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Amazon.ico c:\programdata\MercadoLivre.ico c:\programdata\SPLDC4A.tmp c:\windows\pkunzip.pif c:\windows\pkzip.pif . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-18 do 2012-07-18 ))))))))))))))))))))))))))))))) . . 2012-07-18 11:07 . 2012-07-18 11:07 -------- d-----w- c:\users\dom\AppData\Local\temp 2012-07-18 11:07 . 2012-07-18 11:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-17 20:25 . 2012-07-17 20:25 -------- d-----w- c:\users\dom\AppData\Roaming\hellomoto 2012-07-17 08:31 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1093CC6-1177-452C-9A8A-36222A4D2A7A}\mpengine.dll 2012-07-12 01:03 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 15:30 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-07-11 15:30 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-07-11 15:30 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-07-11 15:30 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 15:30 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 15:30 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 15:30 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 15:30 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 15:30 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-09 22:35 . 2012-07-09 22:35 -------- d-----w- c:\users\dom\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-07-09 22:35 . 2012-07-09 22:35 -------- d-----w- c:\users\dom\AppData\Roaming\Adobe Mini Bridge CS5 2012-07-09 18:33 . 2012-07-09 22:31 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-07-09 18:30 . 2012-07-09 18:30 -------- d-----w- c:\program files\Adobe Media Player 2012-07-09 18:28 . 2012-07-09 18:28 -------- d-----w- c:\program files\Common Files\Adobe AIR 2012-07-07 14:29 . 2012-07-07 14:29 -------- d-----w- C:\tp 2012-07-02 00:26 . 2012-07-02 00:26 -------- d-----w- c:\program files\Rockstar Games 2012-07-01 23:54 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2012-06-30 23:29 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2012-06-30 23:29 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2012-06-30 23:29 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2012-06-30 23:29 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2012-06-30 23:29 . 2012-06-30 23:29 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2012-06-30 23:29 . 2012-06-30 23:29 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2012-06-30 12:03 . 2012-06-30 12:03 -------- d-----w- c:\program files\Alcohol Soft 2012-06-26 19:23 . 2012-06-26 19:23 -------- d-----w- c:\users\dom\AppData\Local\Macromedia 2012-06-25 14:00 . 2012-06-25 14:00 -------- d-----w- c:\program files\Dropbox 2012-06-25 13:58 . 2012-07-18 10:29 -------- d-----w- c:\users\dom\AppData\Roaming\Dropbox 2012-06-21 06:42 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 06:42 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 06:42 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 06:42 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 06:42 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 06:42 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 06:42 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 06:42 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 06:42 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 23:19 . 2012-04-06 08:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-11 23:19 . 2011-10-27 07:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 10:25 . 2011-10-27 15:54 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-15 22:04 . 2012-06-13 13:48 834048 ----a-w- c:\windows\system32\wininet.dll 2012-05-08 21:55 . 2011-12-07 19:11 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-08 21:55 . 2011-12-07 19:11 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-01 14:03 . 2012-06-13 13:48 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-19 14:18 . 2012-06-13 13:48 389632 ----a-w- c:\windows\system32\html.iec 2012-04-19 13:53 . 2012-06-13 13:48 1383424 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-16 14:12 . 2011-11-02 15:21 3623592 ----a-w- c:\program files\Common Files\ApnToolbarInstaller.exe 2011-09-16 14:12 . 2011-11-02 15:21 143240 ----a-w- c:\program files\Common Files\ApnStub.exe 2010-01-26 09:11 . 2011-10-28 11:37 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\dom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\dom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\dom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176] "Odkurzacz-MCD"="d:\programy\Odkurzacz\odk_mcd.exe" [2011-02-20 370688] "TSTheme"="c:\users\dom\AppData\Local\Microsoft\Windows\3952\TSTheme.exe" [2012-07-17 51712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "lxdemon.exe"="d:\programy\Lexmark\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600] "lxdeamon"="d:\programy\Lexmark\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480] "BCSSync"="d:\programy\Office 2010\Office14\BCSSync.exe" [2010-03-13 91520] "avgnt"="d:\programy\Avira\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="d:\programy\QTTask.exe" [2011-10-24 421888] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] . c:\users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\dom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "NoHotStart"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-07-18 08:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 03:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-07-18 08:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:19] . 2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1710393817-1163594516-1520260726-1003Core.job - c:\users\dom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 15:46] . 2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1710393817-1163594516-1520260726-1003UA.job - c:\users\dom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 15:46] . . ------- Skan uzupełniający ------- . uStart Page = www.v9.com/idg/idg_1327446450_178719 mStart Page = www.v9.com/idg/idg_1327446450_178719 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - d:\programy\OFFICE~2\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - d:\programy\OFFICE~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . - - - - USUNIĘTO PUSTE WPISY - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-18 13:07 Windows 6.0.6002 Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'Explorer.exe'(172) c:\users\dom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Czas ukończenia: 2012-07-18 13:10:50 ComboFix-quarantined-files.txt 2012-07-18 11:10 . Przed: 498 372 608 bajtów wolnych Po: 758 112 256 bajtów wolnych . - - End Of File - - 7F7A3DDCF354AE926D1075D2EA655269