ComboFix 13-01-26.02 - Konieczna 2013-01-26 15:25:17.1.1 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2550.2195 [GMT 1:00] Uruchomiony z: E:\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\Konieczna\Dane aplikacji\skype.dat c:\documents and settings\Konieczna\WINDOWS c:\windows\IsUn0415.exe c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\TZLog.log c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2012-12-26 do 2013-01-26 ))))))))))))))))))))))))))))))) . . 2013-01-25 17:27 . 2013-01-23 19:37 602112 ----a-w- C:\OTL.exe 2013-01-23 18:40 . 2013-01-23 20:10 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-01-23 11:56 . 2013-01-23 11:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2013-01-07 23:02 . 2013-01-07 23:02 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2006-06-07 15:52 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 11:55 . 2006-06-07 15:52 1866624 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:00 . 2009-10-27 19:00 1371648 ------w- c:\windows\system32\msxml6.dll 2012-11-02 02:03 . 2006-06-07 15:52 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:13 . 2006-06-07 15:52 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:13 . 2006-06-07 15:52 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:13 . 2006-06-07 15:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2006-06-07 15:52 385024 ----a-w- c:\windows\system32\html.iec 2007-08-11 08:53 . 2007-08-11 08:53 4346704 ----a-w- c:\program files\gg77.exe 2007-08-10 17:28 . 2007-08-10 17:28 16420640 ----a-w- c:\program files\setuppol.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "ACU"="c:\program files\Atheros\ACU.exe" [2005-12-08 323584] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Konieczna\Menu Start\Programy\Autostart\ 3DO Registration.lnk - c:\gry\Register\Remind32.exe [N/A] Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-07-01 664064] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-09-07 721000] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-04-19 353688] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-19 21256] S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-04-18 98816] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-12 10:04 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Zawartość folderu 'Zaplanowane zadania' . 2013-01-26 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-29 16:21] . 2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 19:02] . 2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 19:02] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/webhp?rls=ig uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 194.204.152.34 194.204.159.1 . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-Power Saver - c:\windows\IsUn0415.exe AddRemove-Program PC Diagnostic Tool - c:\windows\IsUn0415.exe AddRemove-S4Uninst - c:\gry\uninst.isu . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-26 15:33 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2013-01-26 15:36:36 ComboFix-quarantined-files.txt 2013-01-26 14:36 . Przed: 59 577 180 160 bajtów wolnych Po: 59 575 787 520 bajtów wolnych . - - End Of File - - 9C6D019CB08DF2FA7C484C623FFF644A