ComboFix 10-12-04.06 - INSTALATOR 2010-12-06 21:05:12.2.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2036.1331 [GMT 1:00] Uruchomiony z: c:\users\INSTALATOR\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\INSTALATOR\AppData\Local\Bron.tok-12-5 c:\users\INSTALATOR\AppData\Local\Bron.tok.A12.em.bin c:\users\INSTALATOR\AppData\Local\Kosong.Bron.Tok.txt c:\users\INSTALATOR\AppData\Local\Update.12.Bron.Tok.bin . ((((((((((((((((((((((((( Pliki utworzone od 2010-11-06 do 2010-12-06 ))))))))))))))))))))))))))))))) . 2010-12-05 19:46 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-12-05 19:46 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-12-05 19:46 . 2010-09-07 15:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2010-12-05 19:46 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-12-05 19:46 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-12-05 19:46 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-12-05 19:45 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr 2010-12-05 19:45 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-12-05 18:47 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B91D092D-2BB1-4D83-B6BE-9EB570EB1B80}\mpengine.dll 2010-12-05 18:05 . 2010-12-05 18:43 -------- d-----w- c:\users\INSTALATOR\AppData\Local\Loc.Mail.Bron.Tok 2010-12-05 18:05 . 2010-12-05 18:05 -------- d-----w- c:\users\INSTALATOR\AppData\Local\Ok-SendMail-Bron-tok 2010-12-05 16:23 . 2010-12-05 16:23 -------- d-----w- c:\users\INSTALATOR\AppData\Roaming\ScanSpyware 2010-12-05 16:23 . 2008-09-07 16:22 8704 ----a-w- c:\windows\system32\ssbtsr.exe 2010-12-05 16:23 . 2010-12-05 16:23 -------- d-----w- c:\program files\ScanSpyware 2010-12-03 13:50 . 2010-12-03 13:50 -------- d-----w- c:\programdata\Alwil Software 2010-12-03 13:50 . 2010-12-03 13:50 -------- d-----w- c:\program files\Alwil Software 2010-11-25 16:09 . 2008-01-02 15:37 180224 ----a-w- c:\windows\system32\igfxres.dll 2010-11-25 15:08 . 2010-11-25 15:08 388096 ----a-r- c:\users\BIURO\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-11-25 15:08 . 2010-12-03 14:30 -------- d-----w- c:\program files\Trend Micro 2010-11-24 06:53 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2010-11-23 14:55 . 2010-11-23 14:55 -------- d-----w- c:\users\BIURO\AppData\Roaming\Malwarebytes 2010-11-23 14:54 . 2010-11-23 14:54 -------- d-----w- c:\users\INSTALATOR\AppData\Roaming\Malwarebytes 2010-11-23 14:54 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-23 14:54 . 2010-11-23 14:54 -------- d-----w- c:\programdata\Malwarebytes 2010-11-23 14:53 . 2010-11-23 14:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-23 14:53 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-10 11:03 . 2010-11-10 11:03 -------- d-sh--w- c:\windows\system32\%APPDATA% 2010-11-10 07:03 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-19 09:41 . 2009-10-03 10:34 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-13 13:56 . 2010-10-13 06:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-09-08 06:01 . 2010-10-13 06:13 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-08 05:57 . 2010-10-13 06:13 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-08 05:57 . 2010-10-13 06:13 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-08 05:56 . 2010-10-13 06:13 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-09-08 05:56 . 2010-10-13 06:13 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-09-08 05:04 . 2010-10-13 06:13 385024 ----a-w- c:\windows\system32\html.iec 2010-09-08 04:26 . 2010-10-13 06:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-09-08 04:25 . 2010-10-13 06:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell] @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}" [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}] 2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0ssbtsr [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartDeviceMonitor for Client.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SmartDeviceMonitor for Client.lnk backup=c:\windows\pss\SmartDeviceMonitor for Client.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10] 2009-12-21 13:49 11850344 ----a-w- c:\program files\Gadu-Gadu 10\gg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-01-02 16:06 166424 ----a-w- c:\windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-01-02 16:07 141848 ----a-w- c:\windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!] 2009-12-21 16:50 14100376 ----a-w- c:\program files\ipla\ipla.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JobHisInit] 2007-08-30 14:08 229481 ----a-w- c:\program files\RDS\RMClient\JobHisInit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MplSetUp] 2007-08-30 14:30 49254 ----a-w- c:\program files\RDS\RMClient\MplSetUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-01-02 16:07 133656 ----a-w- c:\windows\System32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-01-31 22:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-11-26 16:06 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol] 2010-07-08 13:28 815704 ----a-w- c:\program files\TightVNC\tvnserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] 2007-02-10 15:03 204800 ----a-w- c:\program files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 136176] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2010-07-08 815704] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2007-02-09 14336] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] R3 PMObserv;PMObserv;c:\windows\system32\PMObserv.exe [2008-01-28 245907] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Zawartość folderu 'Zaplanowane zadania' 2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 07:19] 2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 07:19] . . ------- Skan uzupełniający ------- . uStart Page = about:blank IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} - hxxps://www.pekaobiznes24.pl/components/SignActivXPEKAO.cab DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab FF - ProfilePath - c:\users\INSTALATOR\AppData\Roaming\Mozilla\Firefox\Profiles\ruckdptl.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\users\INSTALATOR\AppData\Roaming\Gadu-Gadu 10\_userdata\npgg.2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-RunOnce- - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-06 21:10 Windows 6.0.6002 Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2010-12-06 21:12:27 ComboFix-quarantined-files.txt 2010-12-06 20:12 Przed: 66 101 997 568 bajtów wolnych Po: 67 471 568 896 bajtów wolnych - - End Of File - - 6A8A96ADA5465B897D032BB86C1D9C80