ComboFix 12-07-25.04 - AGULA 2012-07-25 2:19.2.1 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.494.309 [GMT 2:00] Uruchomiony z: E:\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Poprzednie uruchomienie ------- . c:\documents and settings\AGULA\Dane aplikacji\desktop.ini c:\documents and settings\AGULA\Dane aplikacji\ntuser.dat c:\documents and settings\AGULA\Dane aplikacji\wiaserva.log c:\program files\rnamfler\manual.htm c:\program files\rnamfler\naofsvc.exe c:\program files\rnamfler\radhslib.dll c:\program files\rnamfler\radprcmp.exe c:\program files\rnamfler\radprlib.dll c:\program files\rnamfler\tray.jpg c:\windows\EventSystem.log c:\windows\IsUn0415.exe c:\windows\syskey2i.drv c:\windows\system32\_000009_.tmp.dll c:\windows\system32\_000010_.tmp.dll c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e3ac62eb627a3740.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\msupdte.exe c:\windows\Web\ddid c:\windows\Web\ddnm c:\windows\Web\ddsn c:\windows\Web\result.dark . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RdnaoFlSvc -------\Legacy_RdnaoFlSvc -------\Service_RdnaoFlSvc -------\Service_RdnaoFlSvc . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-25 do 2012-07-25 ))))))))))))))))))))))))))))))) . . 2012-07-24 23:07 . 2012-07-24 23:07 -------- d-----w- c:\documents and settings\Administrator 2012-07-24 22:13 . 2012-07-24 22:13 -------- d-----w- c:\documents and settings\AGULA\Dane aplikacji\hellomoto 2012-07-22 13:19 . 2012-07-22 13:20 -------- d-----w- c:\program files\CCleaner 2012-07-22 13:11 . 2012-07-22 13:11 -------- d-----w- c:\program files\Insoft 2012-07-22 12:56 . 2012-07-22 12:56 -------- d-----w- c:\program files\MSXML 6.0 2012-07-22 12:35 . 2012-07-22 12:57 -------- d-----w- c:\program files\Microsoft SQL Server 2012-07-22 12:29 . 2012-07-24 23:00 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\.beniamin 2012-07-22 12:28 . 2012-07-03 18:52 1028096 ----a-w- c:\windows\system32\BnmnSrv.exe 2012-07-22 12:28 . 2012-07-03 18:51 1335296 ----a-w- c:\windows\system32\alpf.dll 2012-07-22 12:28 . 2012-07-03 18:51 1060864 ----a-w- c:\windows\system32\bnmndrv.dll 2012-07-22 12:27 . 2012-07-22 12:29 -------- d-----w- c:\program files\BeniaminHome 2012-07-21 19:50 . 2012-07-21 20:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\firebird 2012-07-21 19:49 . 2012-07-21 19:49 -------- d-sh--w- c:\windows\ftpcache 2012-07-21 18:28 . 2010-09-17 09:13 548864 ----a-w- c:\windows\system32\GDS32.DLL 2012-07-21 18:28 . 2012-07-21 18:28 -------- d-----w- c:\program files\Firebird 2012-07-21 18:21 . 2012-07-21 18:21 -------- d-----w- c:\program files\Stacksoft 2012-07-20 14:58 . 2012-07-21 18:01 -------- d-----w- c:\windows\system32\XPSViewer 2012-07-20 14:58 . 2012-07-20 14:58 -------- d-----w- c:\program files\MSBuild 2012-07-20 14:57 . 2012-07-20 14:57 -------- d-----w- c:\program files\Reference Assemblies 2012-07-20 14:57 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2012-07-20 14:57 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2012-07-20 14:57 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2012-07-20 14:57 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2012-07-20 14:57 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2012-07-20 14:56 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2012-07-20 14:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2012-07-20 14:56 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2012-07-20 14:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2012-07-20 14:56 . 2012-07-20 14:57 -------- d-----w- C:\c105c270b02b777acd19 2012-07-19 19:52 . 2012-07-19 19:52 722957 ----a-w- c:\windows\unins000.exe 2012-07-19 19:36 . 2012-07-21 18:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Bibliotekarz.NET 2012-07-19 19:35 . 2012-07-19 19:35 -------- d-----w- c:\program files\MarqSoft 2012-06-26 16:46 . 2012-06-26 16:46 -------- d-----w- c:\documents and settings\AGULA\Ustawienia lokalne\Dane aplikacji\AVG Secure Search 2012-06-26 16:45 . 2012-06-26 16:45 -------- d-----w- c:\documents and settings\AGULA\Dane aplikacji\AVG Secure Search 2012-06-26 16:45 . 2012-07-17 19:21 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVG Secure Search 2012-06-26 16:45 . 2012-06-26 16:45 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-06-26 16:45 . 2012-07-17 19:20 -------- d-----w- c:\program files\AVG Secure Search . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-13 13:55 . 2004-11-29 12:28 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2008-04-14 17:20 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2004-11-29 12:28 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2004-11-29 12:28 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2008-10-16 12:08 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2004-11-29 12:43 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2004-11-29 12:43 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2004-11-29 12:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2004-11-29 12:43 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2004-11-29 12:43 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2004-11-29 12:28 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2008-10-16 12:08 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2004-11-29 12:43 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2008-10-16 12:07 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2004-11-29 12:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-31 13:22 . 2004-11-29 12:28 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 07:59 . 2004-11-29 12:28 669696 ----a-w- c:\windows\system32\wininet.dll 2012-05-05 03:15 . 2004-08-04 00:38 2070400 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-05 03:15 . 2004-11-29 12:28 2193920 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-02 13:47 . 2004-11-29 12:41 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-08 22:25 . 2011-04-25 08:16 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-17 19:15 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-17 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-14 323392] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2010-03-23 1432064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-10 1089536] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-17 1107552] "WLConfig"="c:\program files\BeniaminHome\WLConfigNM.exe" [2012-07-03 2138112] "SMBHelper"="c:\documents and settings\AGULA\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4281\SMBHelper.exe" [2012-07-24 48640] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\AGULA\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-7-1 155648] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\OpenTTD\\openttd.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-04-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-09-13 31952] R1 SMBHC;Sterownik kontrolera hosta magistrali zarządzania systemem firmy Microsoft;c:\windows\system32\drivers\smbhc.sys [2004-11-29 6784] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-09-05 697328] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-07 235216] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-07-11 301248] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 BnmnService;BnmnService;c:\windows\system32\BnmnSrv.exe [2012-07-22 1028096] S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fb_inet_server.exe [2012-07-21 3727360] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 136176] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-17 935008] S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2010-04-20 1668352] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 136176] S3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [2004-12-03 155392] S3 SMBBATT;Sterownik baterii inteligentnej Microsoft;c:\windows\system32\drivers\smbbatt.sys [2004-11-29 16000] . Zawartość folderu 'Zaplanowane zadania' . 2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 14:02] . 2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 14:02] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\bnmndrv.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\AGULA\Dane aplikacji\Mozilla\Firefox\Profiles\bg84do62.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843462&SearchSource=3&q={searchTerms} FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc1e9cd53-4610-46b7-8498-24b7eb065694%7D&mid=9e4e33bc63ce47d18202d16e5f5ab992-f61928c2db35302ac56e9d6afd72896d511973d4&ds=AVG&v=11.1.0.12&lang=pl&pr=fr&d=2012-06-26%2018%3A45%3A44&sap=ku&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-25 02:29 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-07-25 02:32:59 ComboFix-quarantined-files.txt 2012-07-25 00:32 . Przed: 45 772 582 912 bajtów wolnych Po: 45 732 020 224 bajtów wolnych . - - End Of File - - E51E7829B11843862F95BBB714FAB0E8