ComboFix 10-11-11.01 - admin 2010-11-12 11:40:12.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1023.685 [GMT 1:00] Uruchomiony z: c:\documents and settings\admin\Moje dokumenty\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\dat.txt c:\windows\g32.txt . ((((((((((((((((((((((((( Pliki utworzone od 2010-10-12 do 2010-11-12 ))))))))))))))))))))))))))))))) . 2010-11-12 10:03 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2010-11-12 10:03 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2010-11-12 10:03 . 2010-10-05 10:10 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-11-12 10:03 . 2010-08-18 12:51 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-11-12 10:03 . 2010-09-30 07:58 159936 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-11-12 10:02 . 2010-10-05 10:11 123712 ----a-w- c:\windows\system32\drivers\pctplfw.sys 2010-11-12 10:02 . 2010-09-03 11:28 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2010-11-12 10:02 . 2010-08-10 16:58 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys 2010-11-12 10:02 . 2010-08-27 08:26 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-11-12 10:02 . 2010-11-12 10:23 -------- d-----w- c:\program files\PC Tools Security 2010-11-12 10:02 . 2010-11-12 10:07 -------- d-----w- c:\program files\Common Files\PC Tools 2010-11-12 10:02 . 2010-11-12 10:02 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\PC Tools 2010-11-12 09:57 . 2010-11-12 10:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PC Tools 2010-11-10 14:14 . 2010-11-10 14:24 -------- d-----w- c:\program files\SkanerOnline 2010-11-08 13:24 . 2009-10-20 18:34 162320 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll 2010-11-08 12:55 . 2010-11-08 12:55 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2010-11-08 12:55 . 2010-11-12 09:28 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\Spyware Terminator 2010-11-08 12:54 . 2010-11-12 09:34 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator 2010-11-08 12:54 . 2010-11-12 09:34 -------- d-----w- c:\program files\Spyware Terminator 2010-10-22 10:05 . 2010-10-22 10:05 -------- d-----w- c:\program files\Windows Sidebar 2010-10-22 10:05 . 2010-11-08 13:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Norton 2010-10-20 10:05 . 2010-10-20 10:06 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\WinPatrol 2010-10-20 10:05 . 2010-10-20 10:05 -------- d-----w- c:\program files\BillP Studios 2010-10-19 09:46 . 2010-10-19 09:46 -------- d-----w- c:\documents and settings\admin\Dane aplikacji\GFC Trader 2010-10-19 08:50 . 2010-10-19 13:28 -------- d-----w- c:\program files\GFC Markets MetaTrader 2010-10-19 08:44 . 2010-10-19 09:49 -------- d-----w- c:\program files\GFC Trader 2010-10-18 11:38 . 2010-10-18 11:38 -------- d-----w- C:\$AVG 2010-10-18 10:57 . 2010-10-18 10:57 -------- d-----w- c:\program files\AVG 2010-10-18 10:57 . 2010-10-22 10:25 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\avg9 2010-10-18 10:02 . 2010-10-18 12:39 -------- d-----w- C:\output 2010-10-14 08:04 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-14 08:04 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-14 08:03 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 10:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:52 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:52 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:52 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:52 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:57 . 2004-08-04 12:00 1853056 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:03 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:54 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:12 . 2004-08-04 12:00 617472 ------w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856] "Google Update"="c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2010-03-01 135664] "SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-11-08 3037696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-11-08 2216960] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\admin\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.3.1.lnk - c:\program files\OpenOffice.ux.pl 2.3.1\program\quickstart.exe [2007-12-7 17408] RegVac.lnk - c:\program files\RegVac Registry Cleaner\regvac.exe [2009-9-24 2892272] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\Okilpr.exe [2009-7-22 163840] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\totalcmd\\TOTALCMD.EXE"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "2799:UDP"= 2799:UDP:Altova License Metering Port (UDP) "2799:TCP"= 2799:TCP:Altova License Metering Port (TCP) R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-06-17 20616] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-12 237632] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-12 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-12 656320] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-11-08 142592] R2 PRTGService;PRTG Service;c:\program files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-04-09 3945800] S2 PrintSuperVisor;PrintSuperVisor;c:\program files\PrintSuperVision\www\bin\PrintSuperVisor.exe [2010-03-24 24576] S2 prtgwatchservice;PRTG Watchdog;c:\program files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2008-04-09 443904] S2 PSVWebServer;PSVWebServer;c:\program files\PrintSuperVision\www\bin\PSVWebServer.exe [2010-03-24 20480] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-06-17 30088] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-06-17 26248] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-11-12 366840] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - PCTDS *NewlyCreated* - PCTEFA *NewlyCreated* - PCTSDINJDRIVER32 *NewlyCreated* - SDAUXSERVICE *NewlyCreated* - SDCORESERVICE *Deregistered* - PCTSDInjDriver32 . Zawartość folderu 'Zaplanowane zadania' 2010-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1005Core.job - c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-03-01 09:53] 2010-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1005UA.job - c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-03-01 09:53] 2010-11-08 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 10:25] 2010-08-27 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 10:25] 2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{5193DD0F-FA6B-456A-BAE0-8E9435CCEA38}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: {DE8AC9D0-E6A6-4F71-86A1-5FC56EE6F524} = 192.168.88.1 FF - ProfilePath - c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\umwnss8d.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15446&l=dis FF - component: c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\umwnss8d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\umwnss8d.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}\plugins\npOggX.dll FF - plugin: c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - USUNIĘTO PUSTE WPISY - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Mała Księgowość Rzeczpospolitej - c:\mk\Odinstaluj.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-12 11:46 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2010-11-12 11:49:44 ComboFix-quarantined-files.txt 2010-11-12 10:49 Przed: 5 455 736 832 bajtów wolnych Po: 8 810 307 584 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - B823A9A78481524CCC596196B3BBACA9