ComboFix 12-12-12.01 - mrówka 2012-12-13 12:00:38.1.3 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1917.1290 [GMT 1:00] Uruchomiony z: c:\documents and settings\mrówka\Pulpit\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\TEMP c:\documents and settings\All Users\Dane aplikacji\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe c:\documents and settings\All Users\Dane aplikacji\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\PostBuild.exe c:\documents and settings\mrówka\Dane aplikacji\Ajtu\ipask.exe c:\documents and settings\mrówka\Dane aplikacji\Microsoft\~DFK2450286.tmp c:\documents and settings\mrówka\Dane aplikacji\Microsoft\1eaadjc.dll c:\documents and settings\mrówka\Dane aplikacji\Microsoft\bass.dll c:\documents and settings\mrówka\Dane aplikacji\Microsoft\kfgresk.dll c:\documents and settings\mrówka\Dane aplikacji\Microsoft\mjcriu.dll c:\documents and settings\mrówka\Dane aplikacji\Microsoft\peaadje.dll c:\documents and settings\mrówka\Dane aplikacji\Microsoft\qwadjb.dll c:\documents and settings\mrówka\Dane aplikacji\Microsoft\rsaadjd.dll c:\documents and settings\mrówka\Dane aplikacji\TLECA.exe c:\documents and settings\mrówka\wgsdgsdgdsgsd.exe c:\windows\system32\SET17E.tmp c:\windows\system32\spool\prtprocs\w32x86\pcldll6l.dll c:\windows\system32\spool\prtprocs\w32x86\zpp.dll c:\windows\system32\Warning.txt . . ((((((((((((((((((((((((( Pliki utworzone od 2012-11-13 do 2012-12-13 ))))))))))))))))))))))))))))))) . . 2012-12-11 23:33 . 2012-12-11 23:33 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-12-11 18:04 . 2010-01-01 00:37 -------- d-----w- c:\documents and settings\mrówka\Dane aplikacji\SanDisk 2012-11-29 22:31 . 2012-12-02 00:00 -------- d-----w- c:\documents and settings\mrówka\Ustawienia lokalne\Dane aplikacji\DICOMViewer 2012-11-24 08:49 . 2011-09-16 10:57 189088 ----a-w- c:\program files\Mozilla Firefox\plugins\npVividasPlayer.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-11 23:33 . 2012-04-22 07:10 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-11 23:33 . 2011-12-01 07:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-15 18:27 . 2012-10-15 18:27 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-15 18:27 . 2011-03-15 11:36 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-15 18:27 . 2012-05-27 12:51 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-15 18:27 . 2011-03-15 11:36 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-19 17:18 . 2012-10-19 17:18 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] 2011-05-09 09:49 176936 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSearchEverywhereLinkInStartMenu"= 1 (0x1) "NoCommonGroups"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoUserFolderlnStartMenu"= 1 (0x1) "NoStartMenuSearchPrograms"= 1 (0x1) "NoStartMenuSearchFiles"= 1 (0x1) "NoStartMenuMyMusic"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMMyDocs"= 1 (0x1) "NoNetworkConnections"= 1 (0x1) "NoStartMenuNetworkPlaces "= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2010-12-13 07:39 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU] 2009-10-15 13:06 375000 ----a-w- c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-03 22:44 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] 2004-08-03 22:44 159744 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-04-03 18:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2010-04-03 18:23 110696 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2010-07-28 10:27 19557480 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] 2012-09-14 10:58 1247504 ----a-w- c:\program files\Trojan Remover\Trjscan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU] 2006-03-29 15:12 364544 ----a-w- c:\program files\TP-LINK\TWCU\TWCU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "AdobeFlashPlayerUpdateSvc"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19333:UDP"= 19333:UDP:UDP 19333 "13630:TCP"= 13630:TCP:TCP 13630 . R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-01-16 19496] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-16 136360] R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-03-26 22504] R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2011-01-16 462212] S3 ALSysIO;ALSysIO;\??\c:\docume~1\MRWKA~1\USTAWI~1\Temp\ALSysIO.sys --> c:\docume~1\MRWKA~1\USTAWI~1\Temp\ALSysIO.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-01-16 1691480] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-11-22 13:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' . 2010-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 23:33] . 2012-12-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-KR-BB76226F8F48-mrówka.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-18 20:12] . 2010-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 23:09] . 2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 23:09] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.ask.com/?l=dis&o=14672 uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\mrówka\Dane aplikacji\Mozilla\Firefox\Profiles\3jonur0i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q= . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-AdobeBridge - (no file) HKCU-Run-{1284AB20-7431-AD40-5C6C-9D624CDDBE70} - c:\documents and settings\mrówka\Dane aplikacji\Ajtu\ipask.exe MSConfigStartUp-nwiz - nwiz.exe MSConfigStartUp-SecdrvUpdate - c:\documents and settings\mrówka\Dane aplikacji\TLECA.exe MSConfigStartUp-VoipDiscount - c:\program files\VoipDiscount.com\VoipDiscount\voipdiscount.exe MSConfigStartUp-{1284AB20-7431-AD40-5C6C-9D624CDDBE70} - c:\documents and settings\mrówka\Dane aplikacji\Ajtu\ipask.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-13 12:04 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(796) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2012-12-13 12:08:58 ComboFix-quarantined-files.txt 2012-12-13 11:08 . Przed: 20 896 432 128 bajtów wolnych Po: 20 956 831 744 bajtów wolnych . - - End Of File - - BE4A4C5F68A72C27EA8A97E1488A9F46