ComboFix 12-09-29.01 - Administrator 2012-09-30 13:01:38.1.1 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.255.125 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: System antywirusowy NOD32 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\autorun.inf c:\documents and settings\Administrator\ms.exe c:\documents and settings\All Users\Dane aplikacji\taxtzajx.exe c:\documents and settings\All Users\Menu Start\Programy\Fakturka c:\documents and settings\All Users\Menu Start\Programy\Fakturka\Fakturka.lnk c:\windows\IsUn0415.exe c:\windows\system32\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D} D:\autorun.inf D:\install.exe E:\autorun.inf . . ((((((((((((((((((((((((( Pliki utworzone od 2012-08-28 do 2012-09-30 ))))))))))))))))))))))))))))))) . . 2012-09-30 09:58 . 2012-09-30 09:58 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-09-29 17:36 . 2012-09-29 17:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\mnjbhfhxudrtshj 2012-09-29 17:36 . 2012-09-29 17:36 72192 ----a-w- c:\windows\taxtzajx.exe 2012-09-29 16:47 . 2012-09-29 16:47 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\IBUpdaterService . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-30 09:58 . 2012-07-13 20:23 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-14 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\sfcfiles.dll [-] 2008-02-19 . E54EA1BCF81FDB065EF7C748F3FA4087 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-13 68856] "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904] "Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704] "taxtzajxugwmbds"="c:\windows\taxtzajx.exe" [2012-09-29 72192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-19 949376] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-29 7618560] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-29 86016] "HP Software Update"="d:\hp\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352] "Device Detector"="c:\program files\Common Files\ACD Systems\EN\DevDetect.exe" [2003-09-17 212992] "UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-09-14 425984] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2004-08-03 100864] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] HP Digital Imaging Monitor.lnk - d:\hp\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2009-4-13 950272] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "d:\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "d:\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "d:\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "d:\\HP\\Digital Imaging\\bin\\hposid01.exe"= "d:\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "d:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "d:\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "d:\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "d:\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "d:\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "d:\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "d:\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "d:\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "d:\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= . R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [x] R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 IBUpdaterService;Updater Service;c:\documents and settings\All Users\Dane aplikacji\IBUpdaterService\ibsvc.exe [x] R2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [x] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [x] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [x] R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [x] . . Zawartość folderu 'Zaplanowane zadania' . 2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 20:54] . 2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 20:54] . 2012-09-30 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-01 20:18] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll TCP: DhcpNameServer = 192.168.1.1 0.0.0.0 FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\12qa72sj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-nwiz - nwiz.exe AddRemove-100 najsłynniejszych budowli - c:\windows\IsUn0415.exe AddRemove-SiS7012 - c:\program files\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012 AddRemove-VideoPerformer - c:\program files\VideoPerformer\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-30 13:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-09-30 13:13:33 ComboFix-quarantined-files.txt 2012-09-30 11:13 . Przed: 389 861 376 bajtów wolnych Po: 364 650 496 bajtów wolnych . - - End Of File - - E93B776D8DDD2C607D4A55C57F23F569