ComboFix 11-02-24.05 - Rafał 2011-02-25 16:51:27.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.446.145 [GMT 1:00] Uruchomiony z: c:\documents and settings\Rafał\Moje dokumenty\Pobieranie\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\dwh.exe C:\h3wp9.exe c:\windows\system32\arking.exe c:\windows\system32\arking0.dll c:\windows\system32\mgking1.dll . ((((((((((((((((((((((((( Pliki utworzone od 2011-01-25 do 2011-02-25 ))))))))))))))))))))))))))))))) . 2011-01-29 08:38 . 2011-01-29 08:38 -------- d-----w- c:\program files\Western Digital 2011-01-29 08:36 . 2011-01-29 08:36 -------- d-----w- c:\documents and settings\Rafał\Ustawienia lokalne\Dane aplikacji\Western Digital . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:44 . 2006-03-02 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2006-03-02 12:00 1855232 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:25 . 2006-03-02 12:00 732160 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2006-03-02 12:00 726528 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 15:14 . 2006-03-02 12:00 2194048 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 15:14 . 2004-08-04 00:38 2070656 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-12-09 14:30 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-08 11:00 . 2010-12-08 11:00 115200 --sh--r- c:\windows\system32\mgking2.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyœlne, prawidłowe wpisy nie sš pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CARPService"="carpserv.exe" [2003-05-21 4608] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056] "QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688] "StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440] "TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\documents and settings\Rafaˆ\Menu Start\Programy\Autostart\ OpenOfficePL Professional 2008.lnk - c:\program files\OpenOfficePL Professional 2008\program\quickstart.exe [2008-4-8 122880] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-10-5 5200384] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hewlett-Packard\\hp LaserJet 1160_1320 series\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54925:UDP"= 54925:UDP:BrotherNetwork Scanner R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-10-05 237056] R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-07-17 28280] . . ------- Skan uzupełniajšcy ------- . uStart Page = hxxp://www.mks.com.pl/ uInternet Settings,ProxyOverride = IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\i35vdwbd.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - USUNIĘTO PUSTE WPISY - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-King_ar - c:\windows\system32\arking.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-25 16:57 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyœlnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Czas ukończenia: 2011-02-25 17:01:07 ComboFix-quarantined-files.txt 2011-02-25 16:01 Przed: 3 500 072 960 bajtów wolnych Po: 3 648 544 768 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 86E2E493DEB940B5D5BA1ADF8E7C20CF