ComboFix 12-11-16.02 - Administrator 2012-11-16 23:13:58.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1015.689 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Moje dokumenty\Pobieranie\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\GABIK\Dane aplikacji\msconfig.dat c:\documents and settings\GABIK\Dane aplikacji\msconfig.ini c:\program files\Funmoods c:\program files\Funmoods\1.5.23.22\bh\escort.dll c:\program files\Funmoods\1.5.23.22\escortApp.dll c:\program files\Funmoods\1.5.23.22\escortEng.dll c:\program files\Funmoods\1.5.23.22\escorTlbr.dll c:\program files\Funmoods\1.5.23.22\escortShld.dll c:\program files\Funmoods\1.5.23.22\FavIcon.ico c:\program files\Funmoods\1.5.23.22\funmoodssrv.exe c:\program files\Funmoods\1.5.23.22\uninstall.exe c:\windows\msmqinst.log . . ((((((((((((((((((((((((( Pliki utworzone od 2012-10-16 do 2012-11-16 ))))))))))))))))))))))))))))))) . . 2012-11-16 21:33 . 2012-11-16 21:56 -------- d-----w- c:\documents and settings\Administrator 2012-10-31 11:18 . 2012-10-31 11:18 -------- d-----w- c:\program files\Origin Games 2012-10-31 11:18 . 2012-10-31 11:18 -------- d-----w- c:\documents and settings\GABIK\Ustawienia lokalne\Dane aplikacji\Origin . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 19:57 . 2004-08-03 21:37 1866624 ----a-w- c:\windows\system32\win32k.sys 2012-10-09 17:54 . 2012-08-14 15:51 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 17:54 . 2012-02-13 15:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-02 18:04 . 2004-08-03 21:44 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-05 07:54 . 2012-09-05 07:55 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-05 07:54 . 2012-09-05 07:55 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-05 07:54 . 2012-08-13 19:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-05 07:54 . 2012-08-13 19:44 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 15:18 . 2004-08-03 21:44 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:18 . 2004-08-03 21:44 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 15:18 . 2004-08-03 21:44 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 12:07 . 2004-08-03 21:36 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-03 21:44 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 13:43 . 2011-07-11 00:14 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-08-23 06:27 . 2004-08-03 21:38 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2004-08-04 00:39 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-29 05:39 . 2012-09-18 07:49 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}] 2012-03-15 13:57 242384 ----a-w- c:\program files\Softonic\Softonic\1.5.21.0\bh\Softonic.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll" [2012-03-15 250576] . [HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}] [HKEY_CLASSES_ROOT\Softonic.dskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\Softonic.dskBnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-13 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-06 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-06 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-06 138008] "RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16384512] "SkyTel"="SkyTel.EXE" [2007-11-06 1826816] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-04-24 225280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-06 888832] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-04-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-09-13 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-07 237408] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-07-11 301920] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Dane aplikacji\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-12 2309656] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2012-02-13 264576] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 17:54] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-13 16:22] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-13 16:22] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0F0D0EyC0EyC0A0C0CyBtN0D0Tzu0CtByBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=811955334 mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0F0D0EyC0EyC0A0C0CyBtN0D0Tzu0CtByBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=811955334 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 217.113.224.36 217.113.224.134 FF - ProfilePath - c:\documents and settings\GABIK\Dane aplikacji\Mozilla\Firefox\Profiles\1e2ojoej.default-1348777261703\ FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - ExtSQL: 2012-09-18 09:25; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files\AVG\AVG2012\Firefox4 FF - ExtSQL: 2012-09-18 09:49; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2012-09-26 15:22; {b64982b1-d112-42b5-b1e4-d3867c4533f8}; c:\documents and settings\All Users\Dane aplikacji\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe AddRemove-funmoods - c:\progra~1\Funmoods\1.5.23.22\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-16 23:20 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(3020) c:\windows\system32\WININET.dll c:\documents and settings\All Users\Dane aplikacji\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll c:\windows\system32\webcheck.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\agrsmsvc.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\windows\system32\wdfmgr.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Czas ukończenia: 2012-11-16 23:22:32 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-11-16 22:22 . Przed: 633 372 672 bajtów wolnych Po: 891 170 816 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 11A3EB463846F6D4333E9036593C0D99