ComboFix 12-02-21.02 - Joanna 2012-02-23 1:44.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2430.2010 [GMT 1:00] Uruchomiony z: c:\documents and settings\Joanna\Pulpit\wirus\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Rezydentny antywirus jest aktywny . . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((( Pliki utworzone od 2012-01-23 do 2012-02-23 ))))))))))))))))))))))))))))))) . . 2012-02-23 05:41 . 2008-04-15 02:41 53248 ----a-w- c:\windows\system32\dllcache\i8042prt.sys 2012-02-22 18:07 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-02-22 16:30 . 2012-02-22 16:30 -------- d-----w- C:\_OTL 2012-02-22 12:21 . 2008-04-13 22:53 13240 ----a-w- c:\windows\system32\dllcache\slwdmsup.sys 2012-02-22 12:21 . 2008-04-13 22:53 404990 ----a-w- c:\windows\system32\dllcache\slntamr.sys 2012-02-22 12:21 . 2008-04-13 22:53 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys 2012-02-22 12:21 . 2008-04-13 22:53 1309184 ----a-w- c:\windows\system32\dllcache\mtlstrm.sys 2012-02-22 12:21 . 2008-04-13 22:53 126686 ----a-w- c:\windows\system32\dllcache\mtlmnt5.sys 2012-02-22 12:21 . 2008-04-13 22:53 180360 ----a-w- c:\windows\system32\dllcache\ntmtlfax.sys 2012-02-22 12:21 . 2008-04-13 21:04 36463 ----a-w- c:\windows\system32\dllcache\ati1tuxx.sys 2012-02-22 12:21 . 2008-04-13 21:04 56623 ----a-w- c:\windows\system32\dllcache\ati1btxx.sys 2012-02-22 12:20 . 2008-04-13 21:04 34735 ----a-w- c:\windows\system32\dllcache\ati1xsxx.sys 2012-02-22 12:20 . 2008-04-13 23:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-02-22 12:20 . 2008-04-13 23:10 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys 2012-02-22 12:20 . 2008-04-13 21:04 30671 ----a-w- c:\windows\system32\dllcache\ati1raxx.sys 2012-02-22 12:20 . 2008-04-13 21:04 11615 ----a-w- c:\windows\system32\dllcache\ati1mdxx.sys 2012-02-22 12:20 . 2008-04-13 21:04 12047 ----a-w- c:\windows\system32\dllcache\ati1pdxx.sys 2012-02-22 12:20 . 2008-04-13 21:04 21343 ----a-w- c:\windows\system32\dllcache\ati1ttxx.sys 2012-02-22 12:20 . 2008-04-13 21:04 63663 ----a-w- c:\windows\system32\dllcache\ati1rvxx.sys 2012-02-22 12:20 . 2008-04-13 21:04 26367 ----a-w- c:\windows\system32\dllcache\ati1snxx.sys 2012-02-22 12:20 . 2008-04-13 21:04 29455 ----a-w- c:\windows\system32\dllcache\ati1xbxx.sys 2012-02-22 11:43 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-21 23:00 . 2012-02-21 23:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2012-02-21 23:00 . 2012-02-21 23:00 -------- d-----r- c:\documents and settings\NetworkService\Ulubione 2012-02-21 21:03 . 2012-02-21 21:03 -------- d-----w- C:\spoolerlogs 2012-02-20 23:07 . 2012-02-21 22:49 -------- d-----r- C:\Dropbox 2012-02-20 23:01 . 2012-02-22 00:28 -------- d-----w- c:\documents and settings\Joanna\Dane aplikacji\Dropbox 2012-02-15 23:04 . 2012-02-15 23:25 -------- d-----w- C:\RESEARCH ARTICLES 2012-02-15 22:58 . 2012-02-15 22:58 -------- d-----w- c:\documents and settings\Joanna\Ustawienia lokalne\Dane aplikacji\Mendeley Ltd 2012-02-15 22:57 . 2012-02-15 22:58 -------- d-----w- c:\program files\Mendeley Desktop 2012-02-15 17:46 . 2012-02-15 17:46 -------- d-----w- c:\documents and settings\Joanna\Ustawienia lokalne\Dane aplikacji\PDFRider 2012-02-15 16:06 . 2012-02-18 01:20 -------- d-----w- c:\program files\PDFRider 2012-02-14 20:55 . 2012-02-14 20:58 -------- d-----w- C:\E-BOOKS - backup 14.02.2012 2012-02-14 16:51 . 2012-02-16 04:08 -------- d-----w- c:\documents and settings\Joanna\Dane aplikacji\calibre 2012-02-14 16:51 . 2012-02-14 16:51 -------- d-----w- c:\program files\Calibre2 2012-02-14 16:49 . 2012-02-14 16:49 -------- d-----w- c:\documents and settings\Joanna\KooBits4 2012-02-13 22:26 . 2012-02-13 22:26 -------- d-----w- c:\documents and settings\Joanna\Dane aplikacji\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1 2012-02-13 22:26 . 2012-02-13 22:26 -------- d-----w- c:\program files\focus booster 2012-02-10 18:13 . 2012-02-10 18:13 -------- d-----w- c:\documents and settings\Joanna\Dane aplikacji\uniblue 2012-02-10 18:11 . 2012-02-10 18:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\WildTangent 2012-02-10 18:09 . 2012-02-10 18:09 -------- d-----w- c:\documents and settings\Joanna\Dane aplikacji\SoftMaker 2012-02-05 18:26 . 2004-12-06 14:32 156469152 ----a-w- C:\bfh-francuski.www!OSIOLEK!com.bin 2012-02-05 16:04 . 2006-09-14 21:01 843584784 ----a-w- C:\Profesor.Klaus.5.0.CD2.bin . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-22 09:11 . 2004-09-20 13:07 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-02-22_12.23.23 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-23 00:40 . 2012-02-23 00:40 16384 c:\windows\Temp\Perflib_Perfdata_778.dat + 2004-08-03 23:36 . 2008-04-15 02:41 53248 c:\windows\system32\drivers\i8042prt.sys - 2004-08-03 23:36 . 2008-04-14 20:41 53248 c:\windows\system32\drivers\i8042prt.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936] "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2009-05-26 413696] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Joanna\Menu Start\Programy\Autostart\ RMClock.lnk - c:\program files\RMClock\RMClockLauncher.exe [2011-12-6 61440] Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2011-4-17 3581680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2007-08-01 18:17 222592 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-09-20 13:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-03-16 17:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 21:51 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DemonStarter] 1999-12-01 11:47 36864 ----a-w- c:\program files\PWN\Definicje\BIN\Starter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2005-12-09 19:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX520 Series] 2005-04-07 02:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAGE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-10-03 10:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-10-03 10:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] 2003-09-10 01:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 21:51 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 07:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2006-09-22 10:06 282624 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2006-09-22 10:47 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2008-04-01 18:49 36352 ----a-w- c:\program files\Winamp\winampa.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programy\\Opera\\opera.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16356:TCP"= 16356:TCP:BitComet 16356 TCP "16356:UDP"= 16356:UDP:BitComet 16356 UDP . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 114984] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-04-07 95872] R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2011-12-06 14464] R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2011-09-07 66832] S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-04-17 11520] S3 zlportio;zlportio;\??\c:\program files\UltraStar Deluxe\zlportio.sys --> c:\program files\UltraStar Deluxe\zlportio.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-04-17 685816] . Zawartość folderu 'Zaplanowane zadania' . 2012-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uInternet Settings,ProxyServer = w3cache.pl:8080 uInternet Settings,ProxyOverride = IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Download all links with IDM - c:\programy\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\programy\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\programy\Internet Download Manager\IEExt.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-23 02:00 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) "AppDataDir"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\ESET\\ESET NOD32 Antivirus\\" "DataDir"="ESET\\ESET NOD32 Antivirus\\" "EditionName"=" " "InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\" "LanguageId"=dword:00000415 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000000 "ProductCode"="{85DCB3AA-90D3-444B-880C-C72951252E55}" "ProductName"="ESET NOD32 Antivirus" "ProductType"="eav" "ProductVersion"="4.2.42.3" "UniqueId"="000850D84DAA4546" "ScannerBuild"=dword:00001aec "ScannerVersionId"=dword:00001390 "ScannerVersion"="Open window for status." "ei2"=hex(b):82,43,99,b9,30,17,0b,38 "ei1"=hex(b):00,19,b9,82,48,36,00,00 "ei3"=hex(b):dc,1e,9f,4e,00,00,00,00 "ei4"=dword:00000000 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(808) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . Czas ukończenia: 2012-02-23 02:06:18 ComboFix-quarantined-files.txt 2012-02-23 01:06 ComboFix2.txt 2012-02-22 12:34 . Przed: 18 091 945 984 bajtów wolnych Po: 18 082 766 848 bajtów wolnych . - - End Of File - - 2E22B8385B23885A693013FE862ECF31