ComboFix 12-07-25.04 - Administrator 2012-07-25 14:38:27.1.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3503.3245 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\svodbzsd.exe c:\documents and settings\All Users\Dane aplikacji\uaaccvcqcqpouhh c:\documents and settings\dom\0.6748664505527474.exe . c:\windows\system32\drivers\i8042prt.sys . . . brak pliku!! . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-25 do 2012-07-25 ))))))))))))))))))))))))))))))) . . 2012-07-25 10:54 . 2012-07-25 10:55 -------- d-----w- c:\documents and settings\Administrator 2012-07-25 10:35 . 2012-07-25 10:35 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\riihjqelgdknzkz 2012-07-24 21:38 . 2012-07-24 21:38 -------- d-----w- c:\program files\Trend Micro 2012-07-19 14:23 . 2012-07-19 14:23 -------- d-----w- c:\program files\CPUID 2012-07-18 13:40 . 2012-07-18 13:40 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-07-18 13:40 . 2012-07-18 13:40 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-07-18 13:40 . 2012-07-18 13:40 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2012-07-18 13:39 . 2012-07-18 13:39 -------- d-----w- c:\program files\ASIO4ALL v2 2012-07-18 13:38 . 2012-07-18 13:38 -------- d-----w- c:\program files\VstPlugins 2012-07-18 13:38 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll 2012-07-18 13:38 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm 2012-07-18 13:38 . 2012-07-18 13:38 -------- d-----w- c:\program files\Outsim 2012-07-18 13:36 . 2012-07-24 21:55 -------- d-----w- c:\program files\Image-Line 2012-07-15 13:05 . 2012-07-15 13:05 -------- d-----w- c:\program files\Ubisoft 2012-07-15 12:53 . 2012-07-15 12:53 -------- d-----w- c:\program files\Foxit Software 2012-07-07 14:32 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2012-07-07 14:32 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2012-07-07 14:29 . 2012-07-07 14:29 -------- d-----w- c:\program files\Microsoft Works 2012-07-07 14:28 . 2012-07-07 14:28 -------- d-----w- c:\program files\Microsoft.NET 2012-07-07 14:27 . 2012-07-07 14:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2012-07-07 14:26 . 2012-07-07 14:28 -------- d-----w- c:\windows\SHELLNEW 2012-07-07 14:26 . 2012-07-07 14:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2012-07-07 14:26 . 2012-07-07 14:26 -------- d-----r- C:\MSOCache . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 13:29 . 2012-06-08 10:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-12 13:29 . 2012-06-08 10:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-08 10:25 . 2012-06-07 16:48 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-06-08 10:25 . 2012-06-07 16:48 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-05-22 13:47 . 2012-06-09 09:20 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll 2012-07-19 13:37 . 2012-06-23 13:55 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-09-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-06 142616] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-06 182552] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-06 166680] "RTHDCPL"="RTHDCPL.EXE" [2011-07-21 20055144] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-09-10 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2009-09-10 13:45 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] 2008-03-20 10:04 2127296 ----a-w- c:\program files\Gadu-Gadu\gg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 18:51 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "MozillaMaintenance"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "AdobeFlashPlayerUpdateSvc"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Ubisoft\\Rayman Origins\\Rayman Origins.exe"= "c:\\Program Files\\Ubisoft\\Rayman Origins\\gu.exe"= . R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-09-10 69248] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-09-10 212520] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207020.003\symds.sys [2012-06-11 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207020.003\symefa.sys [2012-06-11 744568] R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-06-07 41088] S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [2012-07-12 821920] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207020.003\ironx86.sys [2012-06-11 136312] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-06-11 130008] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-06-07 2655768] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-06-07 1691480] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-21 106656] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [?] S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120724.001\IDSXpx86.sys [2012-07-25 369632] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 250056] S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-08 113120] . Zawartość folderu 'Zaplanowane zadania' . 2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 13:29] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\gat780o0.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-svodbzsdgerooka - c:\documents and settings\All Users\Dane aplikacji\svodbzsd.exe MSConfigStartUp-Google Update - c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-25 14:43 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt" . Czas ukończenia: 2012-07-25 14:45:20 ComboFix-quarantined-files.txt 2012-07-25 12:45 . Przed: 90 579 128 320 bajtów wolnych Po: 90 537 279 488 bajtów wolnych . - - End Of File - - 86F1D1C49071C05C7B066AA0F91C3CEE