ComboFix 10-08-05.01 - Admin 2010-08-05 22:58:42.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.1919.1104 [GMT 2:00] Uruchomiony z: c:\users\Admin\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania * Rezydentny antywirus jest aktywny . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DFR6A15.tmp . ((((((((((((((((((((((((( Pliki utworzone od 2010-07-05 do 2010-08-05 ))))))))))))))))))))))))))))))) . 2010-08-05 21:17 . 2010-08-05 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-05 19:40 . 2010-08-05 19:40 -------- d-----w- c:\users\Admin\AppData\Local\ESET 2010-08-05 19:24 . 2010-08-05 19:24 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes 2010-08-05 19:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-05 19:11 . 2010-08-05 19:11 -------- d-----w- c:\programdata\Malwarebytes 2010-08-05 19:11 . 2010-08-05 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-05 19:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-05 19:11 . 2010-08-05 19:11 -------- d-----w- c:\program files\ESET 2010-08-05 19:03 . 2010-08-05 19:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-08-05 19:03 . 2010-08-05 19:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-08-05 18:51 . 2010-08-05 18:51 -------- d-----w- c:\windows\Options 2010-08-05 18:51 . 2010-01-05 08:54 1387008 ----a-w- c:\windows\system32\drivers\athur.sys 2010-08-05 18:51 . 2010-01-05 08:54 1387008 ----a-w- c:\windows\system32\athur.sys 2010-08-05 18:50 . 2010-08-05 18:50 -------- d-----w- c:\programdata\TP-LINK 2010-08-05 18:35 . 2007-09-24 09:09 464384 ----a-w- c:\windows\system32\drivers\netr73.sys 2010-08-05 18:35 . 2010-08-05 18:35 -------- d-----w- c:\program files\RALINK . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-05 20:53 . 2007-04-20 07:29 665404 ----a-w- c:\windows\system32\perfh015.dat 2010-08-05 20:53 . 2007-04-20 07:29 128164 ----a-w- c:\windows\system32\perfc015.dat 2010-08-05 20:33 . 2007-04-20 06:34 3204 ----a-w- c:\windows\bthservsdp.dat 2010-08-05 20:27 . 2007-07-12 23:51 -------- d-----w- c:\program files\Common Files\Ahead 2010-08-05 20:22 . 2007-10-07 11:49 -------- d-----w- c:\users\Admin\AppData\Roaming\Ahead 2010-08-05 20:14 . 2008-02-29 21:37 -------- d-----w- c:\users\Admin\AppData\Roaming\uTorrent 2010-08-05 19:17 . 2007-10-31 19:59 -------- d-----w- c:\program files\VideoLAN 2010-08-05 19:12 . 2007-07-13 00:23 -------- d-----w- c:\programdata\Symantec 2010-08-05 19:12 . 2007-07-13 00:22 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-08-05 18:57 . 2007-11-02 08:57 -------- d-----w- c:\program files\Google 2010-08-05 18:51 . 2007-07-13 00:09 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-05 17:07 . 2007-07-13 00:14 -------- d-----w- c:\program files\ASUS 2010-08-05 17:06 . 2007-09-29 10:39 -------- d-----w- c:\program files\Winamp 2010-08-05 17:00 . 2007-07-13 00:14 -------- d-----w- c:\programdata\ASUS 2010-08-05 16:58 . 2010-05-30 11:01 -------- d-----w- c:\program files\ipla 2010-08-05 16:55 . 2010-05-30 11:01 -------- d-----w- c:\users\Admin\AppData\Roaming\ipla 2010-08-05 16:53 . 2007-09-29 14:50 45056 ----a-w- c:\windows\system32\acovcnt.exe 2010-08-04 14:37 . 2007-09-29 19:44 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype 2010-08-04 14:35 . 2007-11-26 18:57 -------- d-----w- c:\users\Admin\AppData\Roaming\skypePM 2010-07-14 16:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-07-14 16:27 . 2007-07-12 23:44 -------- d-----w- c:\programdata\Microsoft Help 2010-06-23 14:05 . 2010-06-23 14:05 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb42A0.tmp.exe 2010-06-19 07:39 . 2010-06-05 15:12 -------- d-----w- c:\program files\PokerStars 2010-06-15 14:13 . 2010-06-15 14:13 -------- d-----w- c:\program files\Common Files\Skype 2010-05-26 17:06 . 2010-06-11 14:35 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-11 14:35 289792 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-02 4186112] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2010-8-5 1040384] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Action Manager 32.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Action Manager 32.lnk backup=c:\windows\pss\Action Manager 32.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk] path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk backup=c:\windows\pss\Adobe Media Player.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver] 2007-07-13 00:21 37232 ----a-w- c:\windows\ASScrProlog.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector] 2007-07-13 00:21 33136 ----a-w- c:\windows\ASScrPro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2006-12-02 05:36 4186112 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2006-10-09 19:43 729088 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2006-11-23 05:27 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2008-04-01 18:49 36352 ------w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):29,40,b3,af,a7,33,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3791390834-54218287-135633135-1000] "EnableNotificationsRef"=dword:00000001 R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071220.001\IDSvix86.sys [x] R2 BulkUsb;%BULKUSB.SvcDesc%;c:\windows\system32\DRIVERS\usbscan.sys [x] R3 Atc002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\L260x86.sys [2006-12-13 25600] R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-01-05 1387008] R3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\system32\DRIVERS\BthAvrcp.sys [2008-07-10 15872] R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x] R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-09-24 464384] R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 134024] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-07 96896] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-11 24576] S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-19 1324544] S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: {A0D69903-6761-40A4-A67A-7FC75594D8A2} = 85.219.244.253,212.244.133.253 . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe MSConfigStartUp-Make A Voozie - c:\programdata\Make A Voozie\VoozieMaker.exe MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe ActiveSetup-ccc-core-static - msiexec ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-05 23:20 Windows 6.0.6002 Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Czas ukończenia: 2010-08-05 23:27:44 ComboFix-quarantined-files.txt 2010-08-05 21:27 Przed: 25 160 683 520 bajtów wolnych Po: 25 215 787 008 bajtów wolnych - - End Of File - - F085A2F51284603E900572FE9766B65D