ComboFix 12-09-24.02 - Administrator 2012-09-25 3:39.1.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3327.2980 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\d & s\Administrator\Dane aplikacji\msconfig.dat c:\program files\Common c:\program files\Common\Common Files\Microsoft Shared\Speech\sapi.cpl c:\windows\msmqinst.log c:\windows\regopt.log c:\windows\system32\KGyGaAvL.sys c:\windows\system32\Mario.exe c:\windows\system32\msconfig.exe c:\windows\system32\TZLog.log c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . c:\windows\system32\drivers\psched.sys . . . brak pliku!! . . ((((((((((((((((((((((((( Pliki utworzone od 2012-08-25 do 2012-09-25 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-06 01:26 . 2012-09-20 22:08 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-10-27 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys . [-] 2009-02-27 13:01 . 888F3C14C8AA55FD4BC6C23552287234 . 1558016 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll . [-] 2009-02-27 . CEF41B7F252C18D841769D72EA33D086 . 559616 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe . . [-] 2009-05-20 . EFF0EB33111C9CB9EE5244A6B270F856 . 631296 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll . [-] 2009-07-07 . 030EFCFC01B16F34D206C240EA9F0B38 . 2761216 . . [6.00.2900.5512] . . c:\windows\explorer.exe . [-] 2009-02-26 . 25053BF8D4A7DF409E4529ABAC117919 . 279040 . . [5.1.2600.5512] . . c:\windows\regedit.exe . . . . [-] 2009-10-27 . 875AB6E317BE601D58A705CC2834E794 . 2130432 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe . [-] 2009-10-27 . 52F85073C7755FD8AD799BD7CC567C38 . 2251776 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe . [-] 2009-02-27 . 20BC122D7D1B8E3919D1CDB2B72F7A0B . 350720 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll . c:\windows\System32\wuauclt.exe ... - brak elementu !! c:\windows\System32\ctfmon.exe ... - brak elementu !! c:\windows\System32\wscntfy.exe ... - brak elementu !! c:\windows\System32\regsvc.dll ... - brak elementu !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536] "TransBar"="c:\program files\Narzędzia\TB\TB.exe" [2009-02-04 165376] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720] "AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2012-07-16 10354176] "Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416] "SkyTel"="SkyTel.EXE" [2007-06-15 1826816] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-08-30 15512424] "NvMediaCenter"="NvMCTray.dll" [2012-08-30 108392] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-08-30 1634112] "cFosSpeed"="c:\program files\Topos\cFosSpeed\cFosSpeed.exe" [2009-02-11 876760] "V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-30 32768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-09-15 128512] . c:\d & s\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2012-9-20 962661] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "DisableStatusMessages"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\D & S\\All Users\\Dane aplikacji\\Battle.net\\Agent\\Agent.1040\\Agent.exe"= "c:\\D & S\\All Users\\Dane aplikacji\\Battle.net\\Agent\\Agent.1363\\Agent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-10-27 76208] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-10-27 210736] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-09-21 1258856] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-21 114144] S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [2012-09-22 99648] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - ADILOADER . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ FF - ProfilePath - c:\d & s\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\f854063o.default\ FF - prefs.js: browser.startup.homepage - google.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-25 03:46 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1454471165-1303643608-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,fe,21,27,4c,60,1e,43,bb,ff,e9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,fe,21,27,4c,60,1e,43,bb,ff,e9,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(224) c:\windows\system32\SETUPAPI.dll . - - - - - - - > 'lsass.exe'(280) c:\windows\system32\setupapi.dll c:\windows\system32\scecli.dll . Czas ukończenia: 2012-09-25 03:47:41 ComboFix-quarantined-files.txt 2012-09-25 01:47 . Przed: 74 631 954 432 bajtów wolnych Po: 74 666 733 568 bajtów wolnych . - - End Of File - - 7637310C30F692E9525A9C4D176CBDB8