ComboFix 13-03-01.01 - Wodzu 2013-03-01 18:41:42.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3001.2273 [GMT 1:00] Uruchomiony z: c:\documents and settings\Wodzu\Moje dokumenty\Pobieranie\ComboFix.exe AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\COM+.log c:\windows\msmqinst.log c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\TZLog.log c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2013-02-01 do 2013-03-01 ))))))))))))))))))))))))))))))) . . 2013-02-23 06:52 . 2013-02-23 06:52 -------- d-----r- C:\MSOCache 2013-02-22 17:02 . 2013-02-27 13:25 -------- d-----r- C:\Program Files 2013-02-22 17:01 . 2013-02-22 16:19 -------- d-----w- C:\Documents and Settings . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-26 03:55 . 2008-04-15 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 07:27 . 2008-04-15 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 07:26 . 2008-04-14 21:59 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 10:10 . 2008-04-15 12:00 1867520 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2008-04-15 12:00 1295872 ----a-w- c:\windows\system32\quartz.dll 2013-01-02 06:49 . 2008-04-15 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2012-12-27 10:31 . 2012-12-27 10:31 81920 ------w- c:\windows\system32\ieencode.dll 2012-12-26 20:21 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2012-12-26 20:21 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-12-26 20:21 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-12-24 06:42 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec 2012-12-19 14:36 . 2012-12-19 14:36 104872 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-12-19 14:35 . 2012-12-19 14:35 116136 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-12-19 14:35 . 2012-12-19 14:35 175016 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2012-12-16 12:23 . 2008-04-15 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2013-02-16 00:34 . 2013-02-22 16:41 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 01:43 69632 ------r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] 2006-07-18 05:40 53248 ------w- c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2013-01-08 08:41 3674320 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-06-17 17:33 170520 ----a-r- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-06-17 17:34 150040 ----a-r- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 21:51 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-06-17 17:34 141848 ----a-r- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-05-16 21:39 16862720 ------r- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2008-02-22 18:12 1032192 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueCrypt] 2013-02-22 17:05 1516496 ----a-w- c:\program files\TrueCrypt\TrueCrypt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "Microsoft SharePoint Workspace Audit Service"=3 (0x3) "idsvc"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\WINDOWS\\KMSEmulator.exe"= "d:\\Gry\\Disciples II - Bunt Elfów\\Discipl2.exe"= "d:\\Gry\\XTCS\\cstrike.exe"= "d:\\Gry\\Crashday\\Crashday.exe"= . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-03-14 120152] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-03-14 104160] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2013-02-24 188328] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2013-02-24 94632] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-03-07 913144] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2013-02-22 108032] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-12-19 104872] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-12-19 116136] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-18 78136] . Zawartość folderu 'Zaplanowane zadania' . 2013-03-01 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2013-02-24 08:41] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=bc544dab000000000000001d72fad869 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Wodzu\Dane aplikacji\Mozilla\Firefox\Profiles\1roelcfk.default\ FF - prefs.js: browser.search.selectedEngine - Delta Search FF - prefs.js: browser.startup.homepage - hxxp://google.pl/ig FF - ExtSQL: 2013-01-05 20:08; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\Wodzu\Dane aplikacji\Mozilla\Firefox\Profiles\1roelcfk.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF - ExtSQL: 2013-02-14 10:09; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Wodzu\Dane aplikacji\Mozilla\Firefox\Profiles\1roelcfk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-02-22 19:36; donottrackplus@abine.com; c:\documents and settings\Wodzu\Dane aplikacji\Mozilla\Firefox\Profiles\1roelcfk.default\extensions\donottrackplus@abine.com FF - ExtSQL: 2013-02-22 19:36; battlefieldplay4free@ea.com; c:\documents and settings\Wodzu\Dane aplikacji\Mozilla\Firefox\Profiles\1roelcfk.default\extensions\battlefieldplay4free@ea.com FF - ExtSQL: 2013-02-24 09:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe AddRemove-Microsoft .NET Framework 4 Client Profile PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2736428 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2737019 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2742595 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2789642 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-01 18:44 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(1268) c:\windows\system32\igfxdev.dll . Czas ukończenia: 2013-03-01 18:46:14 ComboFix-quarantined-files.txt 2013-03-01 17:46 . Przed: 36 774 223 872 bajtów wolnych Po: 36 967 636 992 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 2BD2A4EC3D7B8B15498FCC3E3CE02176