ComboFix 12-11-08.01 - Administrator 2012-11-08 22:59:45.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2009.1635 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-10-08 do 2012-11-08 ))))))))))))))))))))))))))))))) . . 2012-11-08 16:56 . 2012-11-08 16:56 -------- d-----w- c:\program files\CCleaner 2012-11-08 16:28 . 2012-11-08 16:52 -------- d-----w- c:\documents and settings\Administrator 2012-11-07 21:14 . 2012-11-08 17:11 10240 ----a-w- c:\windows\zzzmsdrm.dll 2012-11-07 21:12 . 2012-11-07 21:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\doojpxsufcqqoba 2012-11-07 21:12 . 2012-11-07 21:12 277504 ----a-w- c:\windows\ybulhgyc.exe 2012-10-09 23:46 . 2012-10-09 23:52 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2012-10-09 23:45 . 2012-10-09 23:46 -------- d-----w- c:\program files\Google 2012-10-09 23:45 . 2012-10-09 23:45 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 23:45 . 2011-11-06 23:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-04-29 10:12 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2009-07-20 2713144] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-27 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-27 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-27 150040] "EnergyUtility"="c:\programy lenovo\Energy Management\utility.exe" [2009-06-12 4464640] "Energy Management"="c:\programy lenovo\Energy Management\Energy Management.exe" [2009-06-10 1282048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-04-29 395144] "Adobe Reader Speed Launcher"="c:\programy\Reader\Reader_sl.exe" [2011-09-07 37296] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - c:\programy lenovo\Bluetooth Software\BTTray.exe [2008-1-18 576104] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\programy\\do ściągania filmów\\utorrent-3.0-latest.exe"= "c:\\Documents and Settings\\Marcin\\Pulpit\\uTorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1338:UDP"= 1338:UDP:Windows Media Format SDK (iexplore.exe) "1339:UDP"= 1339:UDP:Windows Media Format SDK (iexplore.exe) . R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-10-15 9472] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-11-08 691696] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-07-21 81704] . Zawartość folderu 'Zaplanowane zadania' . 2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 23:45] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-09 23:45] . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-09 23:45] . 2012-11-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-04-29 10:12] . . ------- Skan uzupełniający ------- . TCP: DhcpNameServer = 62.179.1.63 62.179.1.62 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-08 23:03 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1644491937-651377827-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,ae,91,d5,57,59,f7,46,82,29,50,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,ae,91,d5,57,59,f7,46,82,29,50,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Czas ukończenia: 2012-11-08 23:04:38 ComboFix-quarantined-files.txt 2012-11-08 22:04 ComboFix2.txt 2012-11-08 16:43 . Przed: 84 623 622 144 bajtów wolnych Po: 84 634 464 256 bajtów wolnych . - - End Of File - - 2406020A78018C301477F35DE4590A85