ComboFix 10-11-21.01 - TXP 2010-11-22 14:43:56.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1015.766 [GMT 1:00] Uruchomiony z: d:\nowe prog\Free\ComboFix\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\s c:\windows\system32\Language c:\windows\system32\Language\HTTPPlugin.lng c:\windows\system32\Language\lang_pl.txt c:\windows\system32\Language\shell2englishHC.dll c:\windows\system32\Language\shell2englishLC.dll c:\windows\system32\Language\ShellEnglishHC.dll c:\windows\system32\Language\ShellEnglishLC.dll c:\windows\system32\Language\WCMD_ENG.ini c:\windows\system32\Language\WCMD_ENG.MNU c:\windows\system32\Language\WCMD_ENGORG.MNU c:\windows\system32\Language\WCMD_POL.INC c:\windows\system32\Language\WCMD_POL.ini c:\windows\system32\Language\WCMD_POL.LNG c:\windows\system32\Language\WCMD_POL.MNU c:\windows\system32\Language\WCMD_POLORG.INC c:\windows\system32\Language\WCMD_POLORG.LNG c:\windows\system32\Language\WCMD_POLORG.MNU c:\windows\system32\msconfig.exe c:\windows\system32\ReadMe.txt c:\windows\system32\srsvc.dll . . . jest zainfekowany!! . ((((((((((((((((((((((((( Pliki utworzone od 2010-10-22 do 2010-11-22 ))))))))))))))))))))))))))))))) . 2010-11-20 10:21 . 2010-11-20 10:21 -------- d-----w- C:\videooutput 2010-11-20 09:49 . 2010-11-21 10:11 -------- d-----w- C:\Portable KeePass 2010-11-20 09:44 . 2010-11-20 09:44 -------- d-----r- C:\MSOCache . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2007-02-17 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2007-02-17 . 92296EBC8CE6714A3DC3D791E6246580 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll [-] 2007-02-17 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe [-] 2007-02-15 . E94C91139359A5A56ECBE4713D41E391 . 113664 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe [-] 2007-02-17 . 19CDC3435A7C6DA3117F4E0B2C79AC5F . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2006-08-25 . 6944354E1163DE1E6BB63F9E59B36E61 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [7] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2007-02-17 . 100644E8387D798754A51CF05DE04EC5 . 1014272 . . [5.1.2600.2991] . . c:\windows\system32\kernel32.dll [-] 2007-02-17 . B489FAA0105744BEB96594E2974DCF69 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll [-] 2007-02-15 . 166527324772CAB1266AEC9062A02E76 . 3433472 . . [6.00.2900.3059] . . c:\windows\ie7\mshtml.dll [-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\system32\mshtml.dll [-] 2007-02-17 . 22B96841DF0B4186FCE1498D8F695BDF . 2139136 . . [5.1.2600.3023] . . c:\windows\system32\ntoskrnl.exe [-] 2007-02-17 . 8B050486E57C23624CFD374488FE4A16 . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll [-] 2007-02-17 . 6A93565BE9B8422EB7538C66AC732D76 . 578560 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll [-] 2007-02-17 . B9CD00815EFFA790279A1D2F0D07323F . 667648 . . [6.00.2900.3059] . . c:\windows\ie7\wininet.dll [-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\system32\wininet.dll [-] 2007-01-15 . E5241037518F63E806DCF75F78DC84A8 . 1549312 . . [6.00.2900.2649] . . c:\windows\explorer.exe [-] 2006-01-03 . 30219C10F43FD0FDC0424F628D929406 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2007-02-17 10:56 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys [-] 2007-02-17 . 54DF9001110934C98ECFF5691B332F5F . 2018816 . . [5.1.2600.3023] . . c:\windows\system32\ntkrnlpa.exe [-] 2007-02-15 . B4B3886360A79F09AF5BBACA2DA72196 . 425984 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe c:\windows\System32\drivers\beep.sys ... - brak elementu !! c:\windows\System32\srsvc.dll ... - brak elementu !! c:\windows\System32\wscntfy.exe ... - brak elementu !! c:\windows\System32\ctfmon.exe ... - brak elementu !! c:\windows\System32\regsvc.dll ... - brak elementu !! c:\windows\System32\ssdpsrv.dll ... - brak elementu !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2010-11-08 7937536] "HEXelon MAX"="d:\nowe prog\Free\HEXelonMAX6\hexelon.exe" [2007-06-28 2816512] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672] "CachemanTray"="c:\program files\Cacheman\CachemanTray.exe" [2009-06-19 306176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233] "Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-30 121089] "Licence"="Licence.exe" [2007-01-08 101651] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784] "Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2010-11-19 800768] "iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2007-08-29 385024] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "pdfFactory Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-12-11 614400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-01-08 124928] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "NoSMConfigurePrograms"= 1 (0x1) "NoExpandedNewMenu"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoThumbnailCache"= 1 (0x1) "NoTaskGrouping"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "NoSMConfigurePrograms"= 1 (0x1) "NoExpandedNewMenu"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoThumbnailCache"= 1 (0x1) "NoTaskGrouping"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2010-11-20 40368] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-20 135336] R2 CachemanService;Cacheman Service;c:\program files\Cacheman\CachemanServ.exe [2009-06-19 215040] R2 GtDetectSc;GtDetectSc Service;c:\program files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe [2010-11-20 204800] R2 GtFlashSwitch;GtFlashSwitch Service;c:\program files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe [2010-11-20 204800] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-11-19 27064] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - HELPSVC *NewlyCreated* - SECLOGON *NewlyCreated* - SPEEDFAN NETSVCS WYMAGA NAPRAWY - pokazano aktualnie istniejące wpisy 6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule SENS Sharedaccess Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt xmlprov BITS wuauserv ShellHWDetection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . ------- Skan uzupełniający ------- . uStart Page = www.google.pl uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=GNU9R00U&id=menu_ie_frame IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=GNU9R00U&id=menu_ie_image IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=GNU9R00U&id=menu_ie_link IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=GNU9R00U&id=menu_ie_exclude IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=GNU9R00U&id=menu_ie_report FF - ProfilePath - c:\documents and settings\TXP\Dane aplikacji\Mozilla\Firefox\Profiles\6zfraqbc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/webhp?hl=pl FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-22 14:46 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1048) c:\windows\system32\sfc_os.dll . Czas ukończenia: 2010-11-22 14:48:06 ComboFix-quarantined-files.txt 2010-11-22 13:48 Przed: 11 657 097 216 bajtów wolnych Po: 11 694 448 640 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=AlwaysOff - - End Of File - - 82842EF2B463458FEAD832AAD0798705