ComboFix 12-07-21.01 - Administrator 2012-07-23 19:07:35.3.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1022.796 [GMT 2:00] Uruchomiony z: G:\ComboFix.exe AV: ArcaVir *Enabled/Outdated* {430EE792-8EF9-4D8A-B486-78BBF686F0E1} FW: ArcaVir Firewall *Disabled* {B640009B-6FF6-4CA7-9CE8-7DA160B95A5B} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\LUInstall.LiveUpdate c:\windows\g32.txt c:\windows\gs32.txt c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-23 do 2012-07-23 ))))))))))))))))))))))))))))))) . . 2012-07-23 17:01 . 2012-07-23 17:01 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2012-07-23 17:01 . 2012-07-23 17:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2012-07-23 15:52 . 2012-07-23 15:52 -------- d-----w- c:\windows\LastGood 2012-07-22 19:39 . 2012-07-22 19:39 -------- d-----w- C:\BOS 2012-07-11 20:34 . 2012-07-12 21:48 -------- d-----w- c:\program files\mFaktura 2012-07-11 20:23 . 2012-07-11 20:23 -------- d-----w- c:\program files\BDE5Setup 2012-07-11 20:23 . 2012-07-11 20:23 -------- d-----w- c:\program files\Borland 2012-07-11 20:22 . 2012-07-11 20:30 -------- d-----w- C:\Dumpingowiec 2012-06-29 21:48 . 2012-06-29 21:48 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-29 21:48 . 2012-06-29 21:48 476936 ----a-w- c:\windows\system32\npdeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 02:24 . 2012-04-16 04:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 02:24 . 2011-06-07 22:06 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-29 21:48 . 2010-11-21 15:54 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-13 13:55 . 2006-01-30 07:06 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2008-04-14 17:20 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2006-01-30 07:06 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2006-01-30 07:06 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2007-05-23 21:58 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2007-05-23 21:58 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2006-01-30 07:18 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2006-01-30 07:18 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2006-01-30 07:18 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2006-01-30 07:18 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2006-01-30 07:18 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2006-01-30 07:06 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2005-05-26 03:16 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2007-05-23 21:58 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2006-01-30 07:18 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2007-05-23 21:58 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2006-01-30 07:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:18 . 2010-01-19 11:28 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2010-01-19 11:28 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18 . 2010-01-19 11:28 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2006-01-30 07:06 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2006-01-30 07:06 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44 . 2006-01-30 07:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2006-01-30 07:06 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2006-01-30 07:06 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:14 . 2006-01-30 07:06 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2004-08-04 00:38 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2006-01-30 07:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2004-03-11 11:27 . 2007-07-09 17:26 40960 ----a-w- c:\program files\Uninstall_CDS.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @="{E4000AC4-5E5F-4956-807A-C5854405D64F}" [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}] 2008-11-16 19:32 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe -NoClient" [X] "PCSuiteTrayApplication"="rem" [X] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "TPSMain"="TPSMain.exe" [2005-08-04 266240] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728] "SmoothView"="c:\program files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-13 118784] "TFncKy"="TFncKy.exe" [BU] "TDispVol"="TDispVol.exe" [2005-09-16 73728] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-08-18 49152] "Domino"="c:\windows\Domino.exe" [2006-08-18 49152] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "ERA_SEPANG ModemListener"="c:\program files\blueconnect\BackgroundService\ModemListener.exe" [2010-12-07 102400] "AvMenu"="c:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2011-10-04 457296] "ABRegmon"="c:\program files\ArcaBit\ArcaVir\ABregmon.exe" [2010-01-28 420432] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2006-12-8 65536] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-11-18 155648] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Toshiba\\ConfigFree\\CFSServ.exe"= "c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 DataModem HSDPA.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Fastlane\\fastlane.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Metin2_PL\\metin2.bin"= "c:\\Program Files\\Metin2_PL\\metin2client.bin"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "50000:TCP"= 50000:TCP:ArcaVir CommunicationPort (A) "50001:TCP"= 50001:TCP:ArcaVir CommunicationPort (S) . R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-11-02 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-11-02 5248] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-12-25 691696] R1 ABTDI;ArcaBit Network Driver;c:\program files\ArcaBit\ArcaVir\ABTDI.sys [2008-02-26 51208] S2 ABMainSV;ArcaBit Main Service;c:\program files\ArcaBit\ArcaVir\ArcaMainSV.exe [2010-05-19 122152] S2 ArcaRemoteService;ArcaBit Control;c:\program files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [2010-06-07 289360] S2 AVTasks2;ArcaBit Tasks Service;c:\program files\ArcaBit\Common\ArcaTasksService.exe [2010-04-27 96848] S2 AVUpdate;ArcaBit Update Service;c:\program files\ArcaBit\ArcaUpdate\update.exe [2010-05-19 117328] S2 Modem Device Helper;Modem Device Helper;c:\program files\blueconnect\BackgroundService\ServiceManager.exe -start --> c:\program files\blueconnect\BackgroundService\ServiceManager.exe -start [?] S2 Skype C2C Service;Skype C2C Service;"c:\documents and settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe" --> c:\documents and settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-05 160944] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-06-02 185856] S3 ABFLT;ArcaBit File Monitor Driver;c:\program files\ArcaBit\ArcaVir\ABFLT.sys [2010-09-08 51792] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 250056] S3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;c:\program files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2010-02-05 207440] S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;c:\program files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2009-09-11 248400] S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [2009-01-14 88960] S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [2006-11-09 65152] S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [2006-11-09 65152] S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [2011-06-30 105344] S3 TSClient;Tatara Protocol Driver;c:\windows\system32\drivers\tsclient.sys [2005-12-01 27264] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - PXHELP20 . Zawartość folderu 'Zaplanowane zadania' . 2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 02:24] . . ------- Skan uzupełniający ------- . IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - c:\program files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll TCP: DhcpNameServer = 192.168.1.254 DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://g2g.l-m.pl/plugin/DFusionHomeWebPlugIn.Installer.exe . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-23 19:12 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-759917011-1756250584-1555316252-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,a3,fc,b8,ed,9a,17,4d,ad,38,f4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,a3,fc,b8,ed,9a,17,4d,ad,38,f4,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(780) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2012-07-23 19:14:12 ComboFix-quarantined-files.txt 2012-07-23 17:14 ComboFix2.txt 2012-07-23 16:40 ComboFix3.txt 2012-07-22 22:34 . Przed: 23 842 189 312 bajtów wolnych Po: 23 819 317 248 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 58677F5E66365E6B57E37041109E0C63