ComboFix 13-12-17.02 - Rafał 2013-12-18 11:43:45.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.511.247 [GMT 1:00] Uruchomiony z: c:\documents and settings\Rafał\Moje dokumenty\logi\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: F-Secure Anti-Virus 2008 8.00 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\EventSystem.log c:\windows\system32\TZLog.log . . ((((((((((((((((((((((((( Pliki utworzone od 2013-11-18 do 2013-12-18 ))))))))))))))))))))))))))))))) . . 2013-12-18 09:59 . 2013-12-18 09:59 40392 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{BB76B259-4E62-4B7E-A09F-CFEA2B50ACF3}\MpKsledef7801.sys 2013-12-18 09:35 . 2013-12-18 09:35 -------- d-----w- c:\documents and settings\Rafał\Phone Browser 2013-12-18 07:30 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{BB76B259-4E62-4B7E-A09F-CFEA2B50ACF3}\mpengine.dll 2013-12-16 09:51 . 2013-11-07 16:15 7772552 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-12-11 09:16 . 2013-12-11 09:16 9293192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-12-11 08:21 . 2013-12-11 09:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-12-03 08:53 . 2013-12-03 08:53 -------- d-----w- C:\_OTL 2013-12-02 12:42 . 2013-11-19 10:21 230048 ------w- c:\windows\system32\MpSigStub.exe 2013-12-02 12:38 . 2013-12-02 12:39 -------- d-----w- c:\program files\Microsoft Security Client 2013-12-02 11:56 . 2013-12-02 11:56 -------- d-----w- C:\FRST 2013-11-30 13:17 . 2013-11-30 13:17 -------- d-----w- c:\windows\pchealth 2013-11-30 10:30 . 2012-06-02 14:18 275696 ----a-w- c:\windows\system32\mucltui.dll 2013-11-29 12:43 . 2013-11-29 12:43 -------- d-----w- c:\program files\Common Files\Java 2013-11-29 12:41 . 2013-11-29 12:38 145408 ----a-w- c:\windows\system32\javacpl.cpl 2013-11-29 12:39 . 2013-11-29 12:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-11-29 11:51 . 2013-11-29 11:51 -------- d-----w- c:\program files\CCleaner . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-11 09:16 . 2011-11-12 15:29 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-11-13 03:00 . 2006-03-02 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38 . 2006-03-02 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:36 . 2008-05-05 05:25 7680 ----a-w- c:\windows\system32\xpsp4res.dll 2013-10-30 02:51 . 2006-03-02 12:00 1879296 ----a-w- c:\windows\system32\win32k.sys 2013-10-29 07:45 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-10-29 07:45 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-10-29 07:45 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll 2013-10-29 07:45 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-10-29 00:48 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2013-10-23 23:45 . 2006-03-02 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll 2013-10-12 15:57 . 2006-03-02 12:00 279552 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 13:13 . 2006-03-02 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-07 10:59 . 2006-03-02 12:00 606720 ----a-w- c:\windows\system32\crypt32.dll 2013-09-27 08:53 . 2013-09-27 08:53 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-24 12:09 . 2013-09-24 12:06 43 ----a-w- C:\drukarka.bat 2004-10-01 14:00 . 2007-12-14 08:12 40960 ----a-w- c:\program files\Uninstall_CDS.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "AutoRegisterCerts"="D:\cryptoCertumScanner.exe" [2012-10-26 121344] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="e:\nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^aneta^Menu Start^Programy^Autostart^Rejestrowanie produktów Corela.lnk] path=c:\documents and settings\aneta\Menu Start\Programy\Autostart\Rejestrowanie produktów Corela.lnk backup=c:\windows\pss\Rejestrowanie produktów Corela.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2010-01-22 21:57 1011712 ----a-w- d:\ares\Ares.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] 2007-06-18 14:10 271360 ----a-w- e:\nokia\Nokia PC Suite 6\LaunchApplication.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr] 2009-02-04 16:55 548864 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "InCDsrv"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\SUPDSvc.exe"= "d:\\Ares\\Ares.exe"= "d:\\Ares\\chatServer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= . R1 MpKsledef7801;MpKsledef7801;c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{BB76B259-4E62-4B7E-A09F-CFEA2B50ACF3}\MpKsledef7801.sys [2013-12-18 40392] R2 MSSQL$INSERTGT;SQL Server (INSERTGT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2667392] S2 gupdate1ca19f51f024aaa;Usługa Google Update (gupdate1ca19f51f024aaa);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 133104] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2009-01-06 38528] S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2009-10-10 127656] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - MPKSLEDEF7801 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 11:02 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2013-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 09:16] . 2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:59] . 2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:59] . 2013-12-18 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 14:01] . . ------- Skan uzupełniający ------- . uStart Page = https://www.google.pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 194.204.152.34 194.204.159.1 DPF: {14DF37B4-B1AD-4BD4-A855-56930AF822FF} - hxxps://www.giif.mofnet.gov.pl/giif/SIGIIFAX.cab DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} - hxxps://www.pekaobiznes24.pl/sme/static/components/1,3,0,82/SignActivXPEKAO.cab FF - ProfilePath - c:\documents and settings\Rafał\Dane aplikacji\Mozilla\Firefox\Profiles\71350mue.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-12-18 12:01 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,aa,86,79,0b,fb,70,47,ab,d8,87,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,aa,86,79,0b,fb,70,47,ab,d8,87,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(612) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2013-12-18 12:06:29 ComboFix-quarantined-files.txt 2013-12-18 11:06 ComboFix2.txt 2013-11-30 13:15 ComboFix3.txt 2012-10-13 11:31 . Przed: 313 700 352 bajtów wolnych Po: 578 084 864 bajtów wolnych . - - End Of File - - 9A012713D81EFF67ACC788CD99D1CABD 32052574BF9F325AE309ABC7BFD04460