ComboFix 12-09-26.02 - Administrator 2012-09-27 14:56:33.2.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1023.805 [GMT 2:00] Uruchomiony z: g:\download\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Kamil\Dane aplikacji\msconfig.dat c:\documents and settings\Kamil\Moje dokumenty\explorer c:\documents and settings\Kamil\Moje dokumenty\explorer\id_110824134445134_110824134445720.upf c:\documents and settings\Kamil\WINDOWS c:\windows\IsUn0415.exe c:\windows\system32\AF15BDAEX.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-08-27 do 2012-09-27 ))))))))))))))))))))))))))))))) . . 2012-09-27 12:45 . 2012-09-27 12:45 -------- d-----w- c:\program files\CCleaner 2012-09-27 12:37 . 2012-09-27 12:37 63115 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2012-09-27 12:37 . 2012-09-27 12:37 9310 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2012-09-27 12:37 . 2012-09-27 12:37 8646 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2012-09-27 12:37 . 2012-09-27 12:37 6429 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2012-09-27 12:37 . 2012-09-27 12:37 4599 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2012-09-27 12:37 . 2012-09-27 12:37 8613 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2012-09-27 12:37 . 2012-09-27 12:37 5927 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2012-09-27 12:37 . 2012-09-27 12:37 1651 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2012-09-27 12:36 . 2012-09-27 12:36 6910 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2012-09-27 12:36 . 2012-09-27 12:36 6208 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2012-09-27 12:36 . 2012-09-27 12:36 18541 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2012-09-27 12:36 . 2012-09-27 12:36 8288 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2012-09-27 12:36 . 2012-09-27 12:36 51852 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2012-09-27 12:36 . 2012-09-27 12:36 23327 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2012-09-27 12:36 . 2012-09-27 12:36 20719 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2012-09-27 12:36 . 2012-09-27 12:36 7271 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2012-09-27 12:36 . 2012-09-27 12:36 8782 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2012-09-26 15:50 . 2012-09-26 15:50 -------- d-----w- c:\documents and settings\Administrator 2012-09-25 13:54 . 2012-09-25 13:54 -------- d-----w- c:\documents and settings\Kamil\Ustawienia lokalne\Dane aplikacji\FreePascal 2012-09-25 13:53 . 2012-09-25 13:58 -------- d-----w- C:\FPC 2012-09-15 16:05 . 2012-09-15 16:05 -------- d-----w- c:\program files\Testy na Prawo Jazdy - B 2012-09-14 18:36 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2012-09-14 17:31 . 2012-09-14 18:38 -------- d-----w- c:\documents and settings\Kamil\Ustawienia lokalne\Dane aplikacji\Ubisoft 2012-09-14 17:31 . 2012-09-15 05:59 -------- d-sh--w- c:\documents and settings\Kamil\wc 2012-09-14 17:31 . 2012-09-14 17:31 -------- d-sh--w- c:\documents and settings\Kamil\Dane aplikacji\wyUpdate AU 2012-09-14 17:31 . 2012-09-14 17:31 -------- d-----w- c:\program files\Ubisoft 2012-09-10 14:31 . 2012-09-10 14:31 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-09-04 16:53 . 2012-09-04 16:53 -------- d-----w- c:\program files\Common Files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-22 07:14 . 2012-06-13 17:44 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-22 07:14 . 2011-12-01 18:18 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-28 15:18 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:18 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:18 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2011-02-10 07:18 385024 ----a-w- c:\windows\system32\html.iec 2012-07-06 13:58 . 2008-04-15 12:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2011-01-11 10:16 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:22 . 2008-04-15 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-09-10 14:31 . 2011-06-24 17:48 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2012-02-10 09:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\Kamil\Menu Start\Programy\Autostart\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-4-14 113664] Ekran Stanu KX-P7105 i KX-P7110.lnk - c:\program files\Panasonic\Panasonic KX-P7105 and KX-P7110\Status Display\stmndsp.exe [2011-2-6 122880] Status Display.lnk - c:\program files\Panasonic\Panasonic KX-P7105 and KX-P7110\Status display\stmndsp.exe [2011-2-6 122880] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "UpdReg"=c:\windows\UpdReg.EXE "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "NPSStartup"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "d:\\Gry kamilka\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"= "d:\\Gry kamilka\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Battle.net\\Agent\\Agent.515\\Agent.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Battle.net\\Agent\\Agent.868\\Agent.exe"= "d:\\Gry kamilka\\Steam\\SteamApps\\walec1\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Ubisoft\\MMDoC-PDCLive\\Launcher\\Launcher.exe"= "c:\\Program Files\\Ubisoft\\MMDoC-PDCLive\\GameData\\Game.exe"= "d:\\Gry kamilka\\iMetin\\starter.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-05-19 436792] S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-02-10 193816] S2 KME Remote Server;KME Remote Server;c:\progra~1\PANASO~1\REMOTE~1\kmentsrv.exe [2011-02-06 57344] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-05-29 1528672] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 250288] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-02-05 30312] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-02-10 240408] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-02-05 36608] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-10 114144] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-02-05 96488] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-02-05 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-02-05 121576] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-05-08 10064] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] . Zawartość folderu 'Zaplanowane zadania' . 2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 07:14] . 2012-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-09-22 c:\windows\Tasks\At1.job - c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 14:07] . 2012-09-15 c:\windows\Tasks\At2.job - c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 14:07] . 2012-09-22 c:\windows\Tasks\At3.job - c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 14:07] . 2012-09-22 c:\windows\Tasks\At4.job - c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 14:07] . . ------- Skan uzupełniający ------- . mStart Page = hxxp://startsear.ch/?aff=1&cf=66e9b992-3a37-11e1-887a-00138f4003a1 TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 FF - ProfilePath - c:\documents and settings\Administrator.PRV-KAMIL\Dane aplikacji\Mozilla\Firefox\Profiles\v34mghxj.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-27 15:04 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(708) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2012-09-27 15:05:49 ComboFix-quarantined-files.txt 2012-09-27 13:05 . Przed: 65 549 836 288 bajtów wolnych Po: 66 550 865 920 bajtów wolnych . - - End Of File - - 8336A482A98A9BA3757BDA00A49449FB