ComboFix 12-10-14.03 - 1 2012-10-14 14:47:51.1.2 - x86 MINIMAL MicrosoftŽ Windows Vista™ Home Premium 6.0.6002.2.1250.48.1033.18.2037.1582 [GMT 1:00] Uruchomiony z: F:\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . /wow section - STAGE 48 SED: can't read CuRun.dmp: No such file or directory SED: can't read CuRun.dmp: No such file or directory SED: can't read CuRun.dmp: No such file or directory SED: can't read CuRun.dmp: No such file or directory . /wow section - STAGE 50 . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\EEB8.tmp c:\programdata\ptlodowq.exe c:\users\1\AppData\Roaming\Poepne\cibui.exe c:\users\1\ms.exe c:\users\Public\sdelevURL.tmp c:\windows\system32\KBL.LOG . . ((((((((((((((((((((((((( Pliki utworzone od 2012-09-14 do 2012-10-14 ))))))))))))))))))))))))))))))) . . 2012-10-14 13:58 . 2012-10-14 13:59 -------- d-----w- c:\users\1\AppData\Local\temp 2012-10-14 13:58 . 2012-10-14 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-14 12:56 . 2012-10-14 12:56 -------- d-----w- c:\programdata\agrmvfeipzgnwmq 2012-10-11 22:49 . 2012-10-11 22:49 -------- d-----w- c:\programdata\Browser Manager 2012-10-11 22:49 . 2012-10-11 22:49 -------- d-----w- c:\program files\BabylonToolbar 2012-10-11 22:49 . 2012-10-11 22:49 -------- d-----w- c:\users\1\AppData\Local\Giant Savings 2012-10-11 22:49 . 2012-10-11 22:49 -------- d-----w- c:\program files\Giant Savings 2012-10-11 22:49 . 2012-10-11 22:49 -------- d-----w- c:\program files\VideoConverter 2012-10-11 22:49 . 2012-10-11 22:49 -------- d-----w- c:\users\1\AppData\Roaming\Babylon 2012-10-11 22:49 . 2012-10-11 22:49 -------- d-----w- c:\programdata\Babylon 2012-10-10 09:27 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 09:27 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 09:27 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 09:27 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 09:27 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 09:27 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 09:27 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-09 20:01 . 2012-10-09 20:01 -------- d-----w- C:\found.000 2012-09-23 09:19 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-23 09:19 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-09-23 09:19 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-09-23 09:19 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-08 21:50 . 2012-07-27 10:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 21:50 . 2011-11-30 23:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-28 22:57 . 2012-08-28 22:57 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE 2009-05-13 21:55 . 2012-10-11 22:38 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-13 21:55 . 2012-10-11 22:38 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2012-10-11 22:38 . 2012-10-11 22:38 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyœlne, prawidłowe wpisy nie sš pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-10 3906656] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-08-26 09:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2010-10-10 15:51 3906656 ----a-w- c:\program files\uTorrentBar\tbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-10 3906656] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-10 3906656] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888] "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408] "Kookos"="c:\users\1\AppData\Local\Kookos\kookos.exe" [2012-04-14 0] "GameXN GO"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-30 347008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\browse~1\23765~1.24\{16cdf~1\browse~1.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezGOSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartoœć folderu 'Zaplanowane zadania' . 2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 21:50] . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 06:04] . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 06:04] . 2012-10-13 c:\windows\Tasks\Norton Security Scan for 1.job - c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-27 02:30] . . ------- Skan uzupełniajšcy ------- . uStart Page = hxxp://search.babylon.com/?affID=110824&tt=101012_24_4112_4&babsrc=HP_ss&mntrId=d2996ad8000000000000001f3a5a6c5a mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Presario&pf=laptop IE: Download all by FlashGet3 - c:\users\1\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: Download by FlashGet3 - c:\users\1\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: ????3?? - c:\users\1\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: ????3?????? - c:\users\1\AppData\Roaming\FlashGetBHO\GetAllUrl.htm TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll FF - ProfilePath - c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\7rt8xxpx.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110824&tt=101012_24_4112_4&babsrc=HP_ss&mntrId=d2996ad8000000000000001f3a5a6c5a FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110824&tt=101012_24_4112_4&babsrc=KW_ss&mntrId=d2996ad8000000000000001f3a5a6c5a&q= FF - ExtSQL: 2012-09-11 19:03; {99079a25-328f-4bd4-be04-00955acaa0a7}; c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\7rt8xxpx.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} FF - ExtSQL: 2012-09-11 19:03; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension FF - ExtSQL: 2012-10-11 23:49; crossriderapp4479@crossrider.com; c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\7rt8xxpx.default\extensions\crossriderapp4479@crossrider.com FF - ExtSQL: !HIDDEN! 2009-09-02 04:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - ExtSQL: !HIDDEN! 2012-09-11 19:03; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d2996ad8000000000000001f3a5a6c5a&q= FF - user.js: extensions.BabylonToolbar.id - d2996ad8000000000000001f3a5a6c5a FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15624 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.723:49 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-10 - (no file) HKCU-Run-Iwusula - c:\users\1\AppData\Local\uqidetakobiloba.dll HKCU-Run-{32360D8B-A4AE-380B-EC1F-A3BE0C89192E} - c:\users\1\AppData\Roaming\Poepne\cibui.exe HKCU-Run-ptlodowqpkncpul - c:\programdata\ptlodowq.exe HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe AddRemove-Ad-Aware - c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-14 14:59 Windows 6.0.6002 Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . . c:\users\1\AppData\Local\Temp\catchme.dll 53248 bytes executable . skanowanie pomyœlnie ukończone ukryte pliki: 1 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1508387401-3316694040-3821124759-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\1\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm" "contexts"=dword:00000022 . [HKEY_USERS\S-1-5-21-1508387401-3316694040-3821124759-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}hQčţ”Ľc] @Allowed: (Read) (RestrictedCode) @="c:\\Users\\1\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm" "contexts"=dword:000000f3 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Czas ukończenia: 2012-10-14 15:02:56 ComboFix-quarantined-files.txt 2012-10-14 14:02 . Przed: 7 712 382 976 bytes free Po: 14 806 056 960 bytes free . - - End Of File - - AE41F33B89C0B0E83C37ACC00A9CF8D0