ComboFix 12-07-16.01 - Mateusz 2012-07-18 10:47:03.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.3061.2374 [GMT 2:00] Uruchomiony z: c:\documents and settings\Mateusz\Moje dokumenty\Pobieranie\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-18 do 2012-07-18 ))))))))))))))))))))))))))))))) . . 2012-07-18 08:05 . 2012-07-18 08:18 -------- d-----w- c:\documents and settings\Mateusz\Ustawienia lokalne\Dane aplikacji\ChomikBox 2012-07-18 07:31 . 2012-07-18 07:31 -------- d-----w- c:\documents and settings\Administrator 2012-07-18 07:25 . 2012-07-18 07:25 -------- d-----w- c:\documents and settings\Mateusz\Dane aplikacji\OpenOffice.org 2012-07-17 13:41 . 2012-07-17 13:41 -------- d-----w- C:\_OTL 2012-07-17 10:40 . 2012-07-17 10:40 -------- d-----w- c:\documents and settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Mozilla 2012-07-17 10:34 . 2012-07-17 10:34 -------- d-----w- C:\BOS 2012-07-06 09:39 . 2012-07-06 09:39 97961 ----a-w- c:\windows\system32\drivers\klick.dat 2012-07-06 09:39 . 2012-07-06 09:39 115369 ----a-w- c:\windows\system32\drivers\klin.dat 2012-07-06 09:37 . 2012-07-06 09:37 -------- d-----w- c:\program files\Kaspersky Lab 2012-07-06 09:37 . 2012-07-18 08:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2012-06-21 16:00 . 2012-06-14 22:16 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-21 16:00 . 2012-06-14 22:16 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2004-03-11 11:27 . 2011-05-14 09:46 40960 ----a-w- c:\program files\Uninstall_CDS.exe 2012-06-14 22:19 . 2012-06-22 08:36 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D}] 2011-11-03 12:41 121856 ----a-w- c:\program files\4shared Toolbar\4sharedExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95080B13-AA71-4EE8-B951-7E98221E1ED5}"= "c:\program files\4shared Toolbar\4sharedbar.dll" [2011-11-03 204800] . [HKEY_CLASSES_ROOT\clsid\{95080b13-aa71-4ee8-b951-7e98221e1ed5}] [HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj.1] [HKEY_CLASSES_ROOT\TypeLib\{50F22041-08AC-484B-BB6F-4DDB2CF8B693}] [HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="m‘|ü" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752] "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "CardDetectorZTEMF636"="c:\program files\CardDetector\ZTEMF636\CardDetector.exe" [2008-10-14 274432] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-07 1400944] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] . c:\documents and settings\Marcin\Menu Start\Programy\Autostart\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\documents and settings\Mateusz\Menu Start\Programy\Autostart\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2011-2-2 962661] Oce Scanner Agent.lnk - c:\program files\Oce\Oce Scanner Agent\WS.exe [2011-2-3 380928] Start Delivery Services.lnk - c:\program files\RDS\DdsLaunch.exe [2011-2-3 32768] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Lantronix\\DeviceInstaller4.2\\DeviceInstaller.exe"= "c:\\WINDOWS\\system32\\igfxsrvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3670:TCP"= 3670:TCP:skaner . R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-03-04 11352] R2 DdsSched;Dds Scheduler Deamon;c:\program files\RDS\DdsSchedNT.exe [2011-02-03 36864] R2 RsiSvc;Ridoc Server Information Service;c:\program files\RDS\RsiSvc.exe [2011-02-03 65536] R2 ScanRouterDriverV2;ScanRouterDriverV2;c:\program files\RDS\SrScanDr.exe [2011-02-03 178688] R2 SOption;SOption;c:\program files\RDS\SOption.exe [2011-02-03 98304] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-03-10 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-02 19472] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 136176] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-13 113120] S3 scsiscan;Sterownik skanera SCSI;c:\windows\system32\drivers\scsiscan.sys [2011-02-03 10880] S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2011-03-24 103936] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 11:49] . 2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 11:49] . 2012-07-18 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-02-04 21:18] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{578B9335-B6D7-4003-856C-7EB69F52357C}: NameServer = 194.204.159.1 194.204.152.34 TCP: Interfaces\{724E1B2C-091C-44F5-A6C0-62E812FF80D8}: NameServer = 194.204.152.34,194.204.159.1 FF - ProfilePath - c:\documents and settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\qlvdyv1w.default\ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-18 10:54 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-07-18 10:56:16 ComboFix-quarantined-files.txt 2012-07-18 08:56 ComboFix2.txt 2012-07-18 08:40 . Przed: 116 348 461 056 bajtów wolnych Po: 116 240 232 448 bajtów wolnych . - - End Of File - - 588E197B2B56CDB88DB51E44F6A5F646