ComboFix 13-11-16.01 - Robert 2013-11-16 12:18:26.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2294.116 [GMT 1:00] Uruchomiony z: d:\robert\Moje dokumenty\Pobieranie\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\msmqinst.log . . ((((((((((((((((((((((((( Pliki utworzone od 2013-10-16 do 2013-11-16 ))))))))))))))))))))))))))))))) . . 2013-11-15 13:25 . 2013-11-15 14:06 -------- d-----w- c:\documents and settings\Robert\Doctor Web 2013-11-15 12:37 . 2013-11-15 12:37 -------- d-----w- c:\documents and settings\Robert\Dane aplikacji\Malwarebytes 2013-11-15 12:37 . 2013-11-15 12:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2013-11-15 12:37 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-11-15 12:37 . 2013-11-15 12:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-11-14 14:41 . 2013-11-14 14:41 -------- d-----w- c:\documents and settings\All Users\CrypKey 2013-11-14 14:22 . 2008-08-22 20:14 21638 ----a-w- c:\windows\system32\Ckldrv.sys 2013-11-14 14:22 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe 2013-11-14 14:22 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe 2013-11-14 14:22 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe 2013-11-14 14:22 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll 2013-11-14 14:22 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe 2013-11-14 14:22 . 2013-11-14 14:22 -------- d-----w- c:\program files\Pacesetter 2013-11-05 13:09 . 2013-11-05 13:09 -------- d-----w- c:\documents and settings\Robert\Dane aplikacji\Softland 2013-11-05 13:09 . 2013-11-05 13:09 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\Softland 2013-11-05 13:09 . 2013-08-20 12:28 24384 ----a-w- c:\windows\system32\dopdfmn7.dll 2013-11-05 13:09 . 2013-08-20 12:28 21312 ----a-w- c:\windows\system32\dopdfmi7.dll 2013-11-05 13:09 . 2010-02-05 14:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2013-11-05 13:09 . 2013-11-05 13:09 -------- d-----w- c:\program files\Softland . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-31 08:23 . 2013-10-31 08:23 1852 ----a-r- c:\windows\Fonts\iQsCode128.ttf 2013-10-13 11:42 . 2008-09-06 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-10-13 07:12 . 2008-09-06 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-10-13 07:12 . 2008-09-06 12:00 18944 ----a-w- c:\windows\system32\corpol.dll 2013-10-13 07:12 . 2008-09-06 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-10-13 07:00 . 2008-09-06 12:00 385024 ------w- c:\windows\system32\html.iec 2013-10-12 15:57 . 2008-09-06 12:00 279552 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 14:07 . 2012-04-19 11:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-09 14:07 . 2012-02-28 15:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-09 13:13 . 2008-09-06 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-07 10:59 . 2008-09-06 12:00 606720 ----a-w- c:\windows\system32\crypt32.dll 2013-10-05 01:42 . 2010-08-13 17:44 7680 ----a-w- c:\windows\system32\xpsp4res.dll 2013-08-29 07:01 . 2008-09-06 12:00 1878912 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-02 20472992] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP OrderReminder Cleaner"="c:\windows\hporclnr.exe" [2006-12-27 104960] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-09-06 15360] . c:\documents and settings\Robert\Menu Start\Programy\Autostart\ EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-3-19 1086816] EvernoteTray.lnk - c:\program files\Evernote\Evernote\EvernoteTray.exe [2013-3-19 395104] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296] TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-1-18 268864] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-04-26 242240] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-15 418376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-15 701512] R2 MSSQL$INSERTGT;SQL Server (INSERTGT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2013-01-10 19456] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2013-04-19 57440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-15 22856] R3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [2013-01-10 18864] R3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [2013-01-10 89008] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-08-08 30312] S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2013-04-19 1763584] S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.SYS [2012-02-29 145280] S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [2013-04-19 360529] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-02-28 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-02-28 11104] S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [2012-05-21 42728] S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2012-05-21 188520] S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [2012-05-21 32872] S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [2012-08-09 62976] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-08-08 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-08-08 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-08-08 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-08-08 114280] . Zawartość folderu 'Zaplanowane zadania' . 2013-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 14:07] . 2013-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . . ------- Skan uzupełniający ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html TCP: DhcpNameServer = 94.156.58.89 8.8.8.8 FF - ProfilePath - c:\documents and settings\Robert\Dane aplikacji\Mozilla\Firefox\Profiles\dnls3qj7.default-1384517354858\ . . ------- Skojarzenia plików ------- . .scr=SageThumbsImage.scr . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-GimPhoto - f:\program files\GimPhoto 1.4.3\uninst.exe AddRemove-MozBackup - f:\program files\MozBackup\Uninstall.exe AddRemove-Revo Uninstaller - f:\program files\Revo Uninstaller\uninst.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-11-16 12:30 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(852) c:\windows\system32\igfxdev.dll . Czas ukończenia: 2013-11-16 12:32:16 ComboFix-quarantined-files.txt 2013-11-16 11:32 . Przed: 6 083 461 120 bajtów wolnych Po: 7 800 324 096 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - B82D18EFC50A00FE2A0960EF1CE30580 32052574BF9F325AE309ABC7BFD04460