ComboFix 12-08-08.01 - araczkowski 2012-08-09 7:47.1.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1660 [GMT 2:00] Uruchomiony z: G:\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\ojcbvtch.exe c:\documents and settings\All Users\Dane aplikacji\uamauhwyofnifwg c:\documents and settings\araczkowski\ms.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\SET25F.tmp c:\windows\system32\SET263.tmp c:\windows\system32\SET26B.tmp . . ((((((((((((((((((((((((( Pliki utworzone od 2012-07-09 do 2012-08-09 ))))))))))))))))))))))))))))))) . . 2012-08-09 00:55 . 2012-08-09 00:55 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\bwythcyvwwsrspc 2012-07-14 21:39 . 2012-07-14 21:40 -------- d-----w- C:\SierraChart . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-13 13:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2008-04-14 17:20 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2010-06-24 21:49 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2010-06-24 21:49 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2010-06-24 21:36 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2010-06-24 21:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2010-06-24 21:36 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2010-06-24 21:49 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2010-06-24 21:36 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2010-06-24 21:36 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2010-06-24 21:49 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2010-06-24 21:36 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2010-06-24 21:49 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2010-06-24 21:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:18 . 2011-07-09 18:56 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2011-07-09 18:56 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18 . 2011-07-09 18:56 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-07-18 20:12 . 2011-12-02 23:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304] "c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 868352] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\araczkowski\Menu Start\Programy\Autostart\ palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-9-19 2367488] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2010-10-11 253952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"= "c:\\Games\\Pro Evolution Soccer 2011\\pes2011.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\NewsBin\\nbpro.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= . R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-08-24 42648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-08-24 12184] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-06-25 136360] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736] S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-05-30 12184] S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2010-09-03 16384] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-11 113120] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 606056] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - LBEEPKE *NewlyCreated* - PARPORT . . ------- Skan uzupełniający ------- . uInternet Settings,ProxyOverride = *.local IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 62.179.1.63 62.179.1.62 FF - ProfilePath - c:\documents and settings\araczkowski\Dane aplikacji\Mozilla\Firefox\Profiles\jnrw4v3p.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-ojcbvtchwrnyhlp - c:\documents and settings\All Users\Dane aplikacji\ojcbvtch.exe AddRemove-2531847601.fuse.fender.com - c:\program files\Microsoft Silverlight\4.0.50917.0\Silverlight.Configuration.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-09 07:54 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347] "1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae, 25 "2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b, c3 "3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48, 8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f . [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0BB4AB33ED50D261F5C8A2C244CF5435] "1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,41,14,92,53,8b,f4,9f, 53,ff,8f,6c,08,d5,ab,f1,06 "2"=hex:7d,73,4a,d4,1d,ee,c7,5a "3"=hex:81,20,8f,ab,28,6a,52,9c "4"=hex:2f,ad,a2,e7,8a,bf,05,5e "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55, 1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\ "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4, 51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20 "7"=hex:97,e4,84,cd,95,83,bf,82,bd,04,75,27,c9,a8,72,b1,55,38,49,8a,a6,16,a2, 28,28,eb,ee,eb,0f,d6,d6,b8,f4,df,4a,8d,b5,18,4f,2a,0d,c4,ee,cf,81,df,fe,df,\ "8"=hex:b5,40,4e,88,cb,cf,d9,4a,23,3d,23,21,3a,29,96,9b,af,cf,d8,5e,37,07,f0, bb,2d,bc,49,73,57,b0,5a,9f,14,97,f6,7f,77,32,70,d5,d6,82,ba,ec,fc,cb,2e,b3,\ "9"=hex:81,20,8f,ab,28,6a,52,9c "18"=hex:b6,dd,00,4d,9d,38,11,d1 "10"=hex:81,20,8f,ab,28,6a,52,9c "11"=hex:81,20,8f,ab,28,6a,52,9c "12"=hex:81,20,8f,ab,28,6a,52,9c "13"=hex:81,20,8f,ab,28,6a,52,9c "14"=hex:81,20,8f,ab,28,6a,52,9c "24"=hex:81,20,8f,ab,28,6a,52,9c "26"=hex:81,20,8f,ab,28,6a,52,9c "27"=hex:81,20,8f,ab,28,6a,52,9c "19"=hex:81,20,8f,ab,28,6a,52,9c "22"=hex:81,20,8f,ab,28,6a,52,9c . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(256) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . Czas ukończenia: 2012-08-09 07:55:44 ComboFix-quarantined-files.txt 2012-08-09 05:55 . Przed: 19 099 262 976 bajtów wolnych Po: 23 236 427 776 bajtów wolnych . - - End Of File - - 01959784421B47EF60DBEC76EFE33F71