ComboFix 12-02-03.02 - Lila 2012-02-04 22:41:11.9.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1022.597 [GMT 1:00] Uruchomiony z: c:\documents and settings\Lila\Pulpit\ComboFix.exe AV: mks_vir 9 *Disabled/Outdated* {163C25B5-5987-428D-9426-9C29A96444AB} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Pliki utworzone od 2012-01-04 do 2012-02-04 ))))))))))))))))))))))))))))))) . . 2012-02-04 13:09 . 2012-02-04 18:51 -------- d-----w- C:\pliki 2012-02-04 09:36 . 2012-02-04 09:36 -------- d-----w- C:\_OTL 2012-01-30 23:19 . 2012-01-30 23:35 -------- d-----w- c:\documents and settings\Lila\DoctorWeb 2012-01-29 21:33 . 2012-01-29 21:33 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\ESET 2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\documents and settings\Lila\Ustawienia lokalne\Dane aplikacji\ESET 2012-01-29 21:08 . 2012-01-29 21:44 -------- d-----w- c:\program files\TNod User & Password Finder 2012-01-29 21:05 . 2012-01-29 21:05 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET 2012-01-29 21:04 . 2012-01-30 21:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET 2012-01-29 21:04 . 2012-01-29 21:04 -------- d-----w- c:\program files\ESET . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-30 23:35 . 2007-11-25 13:23 48128 ----a-w- c:\windows\system32\WLTRYSVC.EXE 2012-01-30 23:32 . 2004-08-03 22:44 80384 ----a-w- c:\windows\system32\notepad.exe 2011-11-05 07:31 . 2011-11-09 19:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys . [-] 2008-04-14 . 79F8346813CF17B3DF27AD88B15CFE46 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 . 1C396AF5FA246CA51F203E9A98978743 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2004-08-03 22:44 . A1F51183E349916400FC2DD61FFA98BF . 24576 . . [] . . c:\windows\$NtServicePackUninstall$\userinit.exe . [-] 2008-04-14 . 52FF65D372A00E3114E411B24D56A2E6 . 149504 . . [5.1.2600.5512] . . c:\windows\REGEDIT.EXE [-] 2008-04-14 . 5E0D8F941008C5D22F29382A9C982766 . 149504 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe [-] 2004-08-03 . 827E7786712F8CC3E9ACD605B7C625AB . 149504 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe . [-] 2008-04-14 . BD0209B5A3EFB6CBB235840E14EEB1DD . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe [-] 2008-04-14 . AB93C111EBD5EBB8435B93FA784E4253 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 4EDAD0C8919BD4DC91B57E472F849BAB . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2004-08-03 . D2D6533A0B392ABD3231DB5B16D7FE09 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe . [-] 2008-04-14 . 7926B7D55E904BA310E3D0348070E887 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe [-] 2008-04-14 . 7806AE5FC664DCE82F600284E5EDEB32 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2008-04-14 . 95A71667E4FEC903D2706B4E54568A30 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2008-04-14 . 08D33C4A13AE32C8FBEAE861C8757A48 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe [-] 2004-08-03 . D300D49F67C8B27FAD0E6BFAB6C0D7D7 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe . [-] 2008-04-14 . 1D6A7385D6AC1E62336B841C5721B347 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe [-] 2004-08-03 . 97DC41C5D48318568B68BEE5E5093DA1 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe . ((((((((((((((((((((((((((((( SnapShot_2012-01-30_19.24.33 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-04 21:34 . 2012-02-04 21:34 16384 c:\windows\temp\Perflib_Perfdata_794.dat + 2004-08-03 22:44 . 2008-04-14 20:51 57856 c:\windows\system32\spoolsv.exe - 2007-11-25 12:03 . 2001-10-26 17:30 57344 c:\windows\system32\sol.exe + 2007-11-25 12:03 . 2008-04-15 12:00 57344 c:\windows\system32\sol.exe + 2004-08-03 22:44 . 2008-04-14 20:51 91136 c:\windows\system32\smlogsvc.exe + 2001-10-26 16:15 . 2012-01-30 22:40 49910 c:\windows\system32\perfc015.dat - 2001-10-26 16:15 . 2011-11-05 16:56 49910 c:\windows\system32\perfc015.dat + 2001-08-17 21:30 . 2012-01-30 22:40 40326 c:\windows\system32\perfc009.dat - 2001-08-17 21:30 . 2011-11-05 16:56 40326 c:\windows\system32\perfc009.dat + 2001-10-26 17:29 . 2008-04-15 12:00 22016 c:\windows\system32\mpnotify.exe - 2001-10-26 17:29 . 2001-10-26 17:29 22016 c:\windows\system32\mpnotify.exe - 2007-11-25 12:03 . 2001-10-26 17:29 55808 c:\windows\system32\freecell.exe + 2007-11-25 12:03 . 2008-04-15 12:00 55808 c:\windows\system32\freecell.exe + 2001-10-26 17:29 . 2008-04-15 12:00 47104 c:\windows\system32\DRWTSN32.EXE - 2001-10-26 17:29 . 2001-10-26 17:29 47104 c:\windows\system32\DRWTSN32.EXE - 2007-11-25 12:03 . 2001-10-26 17:30 57344 c:\windows\system32\dllcache\sol.exe + 2007-11-25 12:03 . 2008-04-15 12:00 57344 c:\windows\system32\dllcache\sol.exe + 2004-08-03 22:44 . 2008-04-14 20:51 91136 c:\windows\system32\dllcache\smlogsvc.exe - 2001-10-26 17:29 . 2001-10-26 17:29 22016 c:\windows\system32\dllcache\mpnotify.exe + 2001-10-26 17:29 . 2008-04-15 12:00 22016 c:\windows\system32\dllcache\mpnotify.exe - 2007-11-25 12:03 . 2001-10-26 17:29 55808 c:\windows\system32\dllcache\freecell.exe + 2007-11-25 12:03 . 2008-04-15 12:00 55808 c:\windows\system32\dllcache\freecell.exe - 2001-10-26 17:29 . 2001-10-26 17:29 47104 c:\windows\system32\dllcache\drwtsn32.exe + 2001-10-26 17:29 . 2008-04-15 12:00 47104 c:\windows\system32\dllcache\drwtsn32.exe - 2007-11-25 12:03 . 2001-10-26 17:29 80896 c:\windows\system32\dllcache\charmap.exe + 2007-11-25 12:03 . 2008-04-15 12:00 80896 c:\windows\system32\dllcache\charmap.exe - 2009-11-09 06:42 . 2012-01-26 21:01 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2009-11-09 06:42 . 2012-01-30 22:35 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2007-11-25 12:12 . 2012-01-26 21:01 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2007-11-25 12:12 . 2012-01-30 22:35 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2007-11-25 12:03 . 2001-10-26 17:29 80896 c:\windows\system32\charmap.exe + 2007-11-25 12:03 . 2008-04-15 12:00 80896 c:\windows\system32\charmap.exe + 2012-01-31 19:01 . 2012-01-31 19:01 22016 c:\windows\Installer\2bf7fa9.msi + 2007-11-25 12:03 . 2008-04-15 06:30 139264 c:\windows\system32\sndvol32.exe - 2007-11-25 12:03 . 2001-10-26 17:30 139264 c:\windows\system32\sndvol32.exe + 2001-10-26 16:15 . 2012-01-30 22:40 356068 c:\windows\system32\perfh015.dat - 2001-10-26 16:15 . 2011-11-05 16:56 356068 c:\windows\system32\perfh015.dat - 2001-08-17 21:30 . 2011-11-05 16:56 311938 c:\windows\system32\perfh009.dat + 2001-08-17 21:30 . 2012-01-30 22:40 311938 c:\windows\system32\perfh009.dat - 2007-11-25 12:03 . 2001-10-26 17:29 128000 c:\windows\system32\mshearts.exe + 2007-11-25 12:03 . 2008-04-15 12:00 128000 c:\windows\system32\mshearts.exe + 2004-08-03 22:44 . 2008-04-15 12:00 150528 c:\windows\system32\IMAPI.EXE + 2007-11-25 12:03 . 2008-04-15 06:30 139264 c:\windows\system32\dllcache\sndvol32.exe - 2007-11-25 12:03 . 2001-10-26 17:30 139264 c:\windows\system32\dllcache\sndvol32.exe - 2007-11-25 12:03 . 2001-10-26 17:29 128000 c:\windows\system32\dllcache\mshearts.exe + 2007-11-25 12:03 . 2008-04-15 12:00 128000 c:\windows\system32\dllcache\mshearts.exe + 2004-08-03 22:44 . 2008-04-15 12:00 150528 c:\windows\system32\dllcache\imapi.exe - 2004-08-03 22:44 . 2008-04-14 20:51 150528 c:\windows\system32\dllcache\imapi.exe + 2007-11-25 12:03 . 2008-04-15 12:00 115200 c:\windows\system32\dllcache\calc.exe - 2007-11-25 12:03 . 2001-10-26 17:29 115200 c:\windows\system32\dllcache\calc.exe - 2007-11-25 12:03 . 2001-10-26 17:29 115200 c:\windows\system32\calc.exe + 2007-11-25 12:03 . 2008-04-15 12:00 115200 c:\windows\system32\calc.exe + 2004-08-03 22:44 . 2012-01-31 20:57 266752 c:\windows\msagent\agentsvr.exe + 2004-08-03 22:44 . 2008-04-14 20:51 1035264 c:\windows\system32\dllcache\explorer.exe - 2004-08-03 22:44 . 2012-01-26 08:23 1035264 c:\windows\EXPLORER.EXE + 2004-08-03 22:44 . 2008-04-14 20:51 1035264 c:\windows\EXPLORER.EXE . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyœlne, prawidłowe wpisy nie sš pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16386048] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "Shell"= explorer.exe,rundll32 ,init . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10768:TCP"= 10768:TCP:BitComet 10768 TCP "10768:UDP"= 10768:UDP:BitComet 10768 UDP . R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2005-12-21 10240] S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 135664] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 135664] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-11-25 642560] . Zawartoœć folderu 'Zaplanowane zadania' . 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 06:05] . 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 06:05] . 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-879983540-2147098553-1003Core.job - c:\documents and settings\Lila\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-01-15 01:58] . 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-879983540-2147098553-1003UA.job - c:\documents and settings\Lila\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-01-15 01:58] . . ------- Skan uzupełniajšcy ------- . mStart Page = hxxp://www.google.pl/ mWindow Title = Microsoft Internet Explorer uSearchAssistant = uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Wyœlij do urzšdzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Œcišgnij przy poomocy FlashGet3 - c:\documents and settings\Lila\Dane aplikacji\FlashGetBHO\GetUrl.htm IE: Œcišgnij wszystko przy pomocy FlashGet3 - c:\documents and settings\Lila\Dane aplikacji\FlashGetBHO\GetAllUrl.htm IE: ????3?? - c:\documents and settings\Lila\Dane aplikacji\FlashGetBHO\GetUrl.htm IE: ????3?????? - c:\documents and settings\Lila\Dane aplikacji\FlashGetBHO\GetAllUrl.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\documents and settings\Lila\Dane aplikacji\Mozilla\Firefox\Profiles\ovblpwcj.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.pl FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 4 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-04 22:51 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyœlnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1801674531-879983540-2147098553-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}] @="c:\\Documents and Settings\\Lila\\Dane aplikacji\\FlashGetBHO\\GetUrl.htm" "contexts"=dword:00000022 . [HKEY_USERS\S-1-5-21-1801674531-879983540-2147098553-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}hQčţ”Ľc] @="c:\\Documents and Settings\\Lila\\Dane aplikacji\\FlashGetBHO\\GetAllUrl.htm" "contexts"=dword:000000f3 . Czas ukończenia: 2012-02-04 22:54:55 ComboFix-quarantined-files.txt 2012-02-04 21:54 ComboFix2.txt 2012-02-04 14:42 ComboFix3.txt 2012-02-02 21:14 ComboFix4.txt 2012-01-29 21:53 ComboFix5.txt 2012-02-04 21:39 . Przed: 9 959 792 640 bajtów wolnych Po: 9 935 163 392 bajtów wolnych . - - End Of File - - 7DD6DD44E816C1BF4F73B238FAB95A2A