ComboFix 10-06-08.02 - Administrator 2010-06-09 1:34.1.1 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.503.364 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\mmtaskclean.log c:\windows\system\win32in.dll c:\windows\system\win32out.dll c:\windows\system32\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D} . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CREATEPROCESS ((((((((((((((((((((((((( Pliki utworzone od 2010-05-12 do 2010-06-12 ))))))))))))))))))))))))))))))) . 2010-06-09 02:19 . 2004-08-04 00:44 1033728 ----a-w- c:\windows\explorer.exe 2010-06-09 02:19 . 2004-08-04 00:44 25088 ----a-w- c:\windows\system32\userinit.exe 2010-06-08 23:28 . 2010-06-08 23:28 -------- d-----w- c:\program files\Trend Micro 2010-06-02 17:41 . 2010-06-02 17:41 112144 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\X86\kl1.sys 2010-06-02 17:41 . 2010-06-02 17:41 715280 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\updater.dll 2010-06-02 17:41 . 2010-06-02 17:41 158224 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\scrchpg.dll 2010-06-02 17:41 . 2010-06-02 17:41 201504 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\klif.sys 2010-06-02 17:41 . 2010-06-02 17:41 41488 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\fssync.dll 2010-06-02 17:41 . 2010-06-02 17:41 342544 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\ckahum.dll 2010-06-02 17:41 . 2010-06-02 17:41 231952 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\avp.exe 2010-06-02 17:10 . 2010-06-02 17:44 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-06-02 17:10 . 2010-06-02 17:44 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-06-02 17:09 . 2010-06-12 13:45 5094688 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-06-02 17:09 . 2010-06-03 08:18 3872 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-06-02 16:53 . 2010-06-08 17:25 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Systweak 2010-05-26 18:57 . 2010-05-26 18:57 1329 ----a-w- c:\documents and settings\administrator.SBSMEIN\Dane aplikacji\mytribe\domek\plugins\PurpleProtocol\certificates\x509\tls_peers\v.mytribe.com 2010-05-26 18:57 . 2010-05-26 18:57 1329 ----a-w- c:\documents and settings\administrator.SBSMEIN\Dane aplikacji\mytribe\domek\plugins\PurpleProtocol\certificates\x509\tls_peers\mytribe.com 2010-05-26 18:55 . 2010-06-02 17:54 -------- d-----w- c:\documents and settings\administrator.SBSMEIN\Dane aplikacji\mytribe 2010-05-14 18:57 . 2010-05-14 18:57 -------- d-----w- c:\documents and settings\administrator.SBSMEIN\Dane aplikacji\JAlbum 2010-05-14 06:32 . 2010-05-14 06:32 -------- d-----w- c:\documents and settings\administrator.SBSMEIN\Ustawienia lokalne\Dane aplikacji\Team_GmbH . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-08 23:04 . 2010-01-13 18:25 -------- d-----w- c:\program files\Zylom Games 2010-06-08 17:26 . 2008-07-04 18:49 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2010-06-08 17:25 . 2010-01-22 17:31 -------- d-----w- c:\program files\Advanced System Optimizer 3 2010-06-08 17:25 . 2010-01-22 17:32 -------- d-----w- c:\documents and settings\administrator.SBSMEIN\Dane aplikacji\Systweak 2010-06-08 17:25 . 2010-01-22 18:47 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Systweak 2010-06-03 08:18 . 2010-06-02 17:09 1388 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-06-03 08:18 . 2010-06-02 17:09 69308 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-06-02 17:44 . 2007-07-18 12:39 112144 ----a-w- c:\windows\system32\drivers\kl1.sys 2010-06-02 06:22 . 2007-05-17 08:51 -------- d-----w- c:\documents and settings\administrator.SBSMEIN\Dane aplikacji\PegazNET 2010-06-01 06:36 . 2010-02-02 18:22 -------- d-----w- c:\program files\VideoViewer 2010-05-29 19:26 . 2010-04-19 15:43 26 ----a-w- c:\windows\PEH_PW_KOMI_xxx_1003.dat 2010-05-26 19:02 . 2006-12-10 20:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\stamina 2010-05-24 18:41 . 2007-09-29 14:04 -------- d-----w- c:\program files\CCleaner 2010-05-23 17:32 . 2006-08-02 14:07 -------- d-----w- c:\documents and settings\administrator.SBSMEIN\Dane aplikacji\CyberLink 2010-05-20 18:38 . 2007-05-17 08:23 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PegazNET 2010-05-14 18:57 . 2009-09-29 10:37 -------- d-----w- c:\program files\Jalbum 2010-05-11 19:15 . 2010-05-11 19:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-05-11 19:15 . 2009-11-08 11:16 -------- d-----w- c:\program files\iTunes 2010-05-11 19:14 . 2009-11-08 11:17 -------- d-----w- c:\program files\iPod 2010-05-11 19:10 . 2009-10-18 20:32 -------- d-----w- c:\program files\QuickTime 2010-05-11 19:05 . 2008-12-29 21:55 -------- d-----w- c:\program files\Bonjour 2010-05-11 18:59 . 2010-05-11 18:59 73000 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-04-28 17:23 . 2008-03-19 18:55 26 ----a-w- c:\windows\HIPOGE99.dat 2010-04-28 10:54 . 2009-09-16 05:45 26 ----a-w- c:\windows\PEH_Z_OC001_0909.lbl.dat 2010-04-28 10:48 . 2007-05-23 16:03 26 ----a-w- c:\windows\HIPH7_F8.dat 2010-04-27 17:06 . 2004-09-20 10:06 542900 ----a-w- c:\windows\system32\perfh015.dat 2010-04-27 17:06 . 2004-09-20 10:06 103630 ----a-w- c:\windows\system32\perfc015.dat 2010-04-16 06:33 . 2009-03-19 19:43 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-04-16 06:33 . 2008-08-09 20:20 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-04-02 18:09 . 2007-10-10 17:31 26 ----a-w- c:\windows\HIPMF_E1.dat 2010-03-30 11:26 . 2010-01-27 17:00 26 ----a-w- c:\windows\PEH_PW_KOMI_xxx_0001.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 16:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-967109387-3731007639-2346926483-3280\Scripts\Logon\0\0] "Script"=drukarki.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-967109387-3731007639-2346926483-500\Scripts\Logon\0\0] "Script"=drukarki.cmd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] 2010-06-02 17:44 231952 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 17:21 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 13:57 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WLANKEEPER"=2 (0x2) "NICCONFIGSVC"=2 (0x2) "idsvc"=3 (0x3) "SQLWriter"=2 (0x2) "SQLBrowser"=2 (0x2) "S24EventMonitor"=2 (0x2) "RegSrvc"=2 (0x2) "ose"=3 (0x3) "MSSQL$PEGAZ_NET"=2 (0x2) "MDM"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "EvtEng"=2 (0x2) "Bonjour Service"=2 (0x2) "AVP"=2 (0x2) "ASO3DiskOptimizer"=2 (0x2) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"= "c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Jalbum\\Jalbum.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\VideoViewer\\VideoViewer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service S2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [2002-09-03 19296] S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-05-30 24344] S3 PAC7311;Trust WB-3400T Webcam;c:\windows\system32\drivers\PA707UCM.SYS [2007-03-14 449024] S3 SER120;OTI Serial port driver;c:\windows\system32\drivers\ser120.sys [2007-11-06 32910] S4 MSSQL$PEGAZ_NET;SQL Server (PEGAZ_NET);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] . Zawartość folderu 'Zaplanowane zadania' 2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.euro.dell.com DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://212.160.173.249:8183/ssi.cgi/cab/OCXChecker_8198.cab FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\8ztjbkyw.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-ASO3SPCDone - c:\program files\Advanced System Optimizer 3\aso3.exe MSConfigStartUp-mytribe - c:\program files\mytribe\mytribe.exe MSConfigStartUp-nod32 - c:\docume~1\ADMINI~1\USTAWI~1\Temp\nodqq.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-12 15:51 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG12.00.00.01PROFESSIONAL"="F591FB9657376CDD65585D790CA80874C5358E4CA458EDAFF95A6254943B6E06E8C8D1BCA287AACF5B1620950583260BC14760D53CDF2CABB3303E00472C0502497099C51C4EFB284AF271C283992E879C8EA64CB0E537EC95A20246B6BF9FA70DD1930FC42B21BCC8C9DF7CBC6C40AB32175AE20C6A2D3DE10D3331629A766BF7BCF41EB180924CBFF9ECDC78BF301CB0F1EAECEBB2DCCCACFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667A6A0AC4980AC79339B1930CC5F7F0EEFCF5CC305D2FC174352B6191EB2D2D19A76674D571B2C33B53EB622052D38F8036938CCB7AECC3CE824574EAA35D698DC3831DF01E7A65B4DD4C26A5B4BFCC6DA6463163424F464E175955E135E36E54C2E9EC28C94F71CC2D576FB101757769FE8024B8E10FE933ABE23CFE22D14E77B448EF619DF02ED4D3FFEEFFA3188684CA4303EF114A736527FA7CD39614C33D069551F5B4EDBAD780FFD04037B83E230C6F9661D955E195F373DA6C984EBBF858F3A841B25D01A23498718261FEE0F7005E15CE1BD48706B6DF44FDBDDB366282C7A92B5F0DED8FEF5A5B0F40AA7790598DE5E26F83ED1512B50DBCAFB1968183C45599A7FB7F1139FD3F79669BC93373DD8CE64F74D3742FD468884B246E98DBD408C4E654353BA5784BAC234F1B42A3331B3AB32B4FEC37643350F1798701132818469F99B4A242F1DE848213E14CF4036359D5EE8EB2FABA462FE03A1E88122953C18568E8ED240749886AB4DD0EEAC31A2F07B13A42FB73FB90115A6211016FBD39ADB9F369DA6D901F2157EEB25C4D9EDEFC910B2C5B65783D32FA1CEC21EAA90442C05BEAD000E0198E16649E1D9DE2D77CDEF85C7CBAA31CAF74087F14D87587F2EA8880470C39714D84B3368BF6319FAD1F76F5D1C66544D58E2464DB8EF38460F2AD77121A6EB1586A95750CFFB1101E29EA50550AFA257001F6C557CB3602ABC5BD41EBCD245E2BCAF488665B295245192C38D969B7977E040BBE0B516244E69420B83F25911D50D42F8C9E2074E9033B4481C21B556CF30C2DC9887CFFAEC8D1AEC72773FDF5A5279C42E2DE9838BE09614AAA57D5C1A6958D97B9A8D8150E4D14E8B827D66F3A69E679BAA412368F783EF05DCE4529FC866235A17EDF7D9EC0B66C64E817E36E9B204CC49E6409359F784CC85D323C152850C5BAC05C1FDE89D526E1BAA24CAC1E81FD3FA2A900B2B22DFF460A6DD71CA844C788DDB66C4E19192222ECFF86F9629A11231CCEC60D5E8F5C7342AB637BDE47DFEF16E9149A1298B54CCBA41F4130FD9C06883543906E31CE1C9A1022D775BA09012AB953EB653064A4326E64128E8796B9AF8E751ACDF8DB36EC4BB840CD199" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(240) c:\windows\system32\klogon.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(1560) c:\windows\system32\WININET.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe . ************************************************************************** . Czas ukończenia: 2010-06-12 15:57:39 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-06-12 13:57 Przed: 13 487 722 496 bajtów wolnych Po: 13 377 302 528 bajtów wolnych - - End Of File - - B79BC4DDBCCDE85ADD0241D2C4478295