ComboFix 12-12-27.03 - Katarzyna 2012-12-27 15:23:49.3.2 - x86 Uruchomiony z: c:\documents and settings\Katarzyna\Pulpit\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad c:\documents and settings\Katarzyna\wgsdgsdgdsgsd.exe c:\documents and settings\Katarzyna\WINDOWS c:\windows\system32\216609370.dat c:\windows\system32\embedded c:\windows\system32\embedded\License.txt c:\windows\system32\embedded\WizardImage.bmp c:\windows\system32\embedded\WizardSmallImage.bmp . . ((((((((((((((((((((((((( Pliki utworzone od 2012-11-27 do 2012-12-27 ))))))))))))))))))))))))))))))) . . 2012-12-26 10:20 . 2012-12-26 10:20 3022 ----a-w- c:\documents and settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.js 2012-12-03 21:35 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2012-12-03 21:35 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2012-12-03 21:32 . 2012-12-03 21:32 -------- d-----w- c:\program files\Microsoft Works 2012-12-03 21:30 . 2012-12-03 21:30 -------- d-----w- c:\program files\Microsoft.NET 2012-12-03 21:26 . 2012-12-03 21:26 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2012-12-03 21:26 . 2012-12-03 21:26 -------- d-----w- c:\documents and settings\Katarzyna\Ustawienia lokalne\Dane aplikacji\Microsoft Help 2012-12-03 21:26 . 2012-12-03 22:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2012-12-03 21:24 . 2012-12-03 21:24 -------- d-----r- C:\MSOCache 2012-11-29 15:45 . 2012-11-29 15:48 -------- d-----w- c:\documents and settings\Katarzyna\Dane aplikacji\vlc 2012-11-29 15:44 . 2012-11-29 15:44 -------- d-----w- c:\program files\VideoLAN . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-28 17:32 . 2012-11-23 12:23 88576 ----a-w- c:\windows\system32\pdfcmon.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-02-03 1800464] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Katarzyna\Menu Start\Programy\Autostart\ runctf.lnk - c:\windows\system32\rundll32.exe [2006-3-2 33280] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2010-9-15 1601536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\BMWgroup\\ETKLokal\\javaclient\\ETK.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110805.030\IDSxpx86.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207020.003\SYMDS.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207020.003\SYMEFA.SYS [x] S0 Vax347b;Vax347b;c:\windows\system32\DRIVERS\Vax347b.sys [x] S0 Vax347s;Vax347s;c:\windows\System32\Drivers\Vax347s.sys [x] S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [x] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x] S2 Transbase;Transbase;d:\bmwgroup\ETKLokal\transbase\tbmux32.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 188.125.128.2 192.168.0.1 FF - ProfilePath - c:\documents and settings\Katarzyna\Dane aplikacji\Mozilla\Firefox\Profiles\48bc573q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: network.proxy.type - 1 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn . - - - - USUNIĘTO PUSTE WPISY - - - - . SafeBoot-Wdf01000.sys SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-27 15:31 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . detected NTDLL code modification: ZwClose, ZwOpenFile . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-823518204-725345543-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-823518204-725345543-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:47,5c,94,69,89,7c,e8,44,ea,81,80,94,41,67,4e,25,b1,6f,c2,c4,70, 88,b7,98,d5,ea,5d,42,dc,5e,93,90,fa,9f,d9,59,23,fb,cd,4d,cf,15,80,6b,03,0b,\ "rkeysecu"=hex:47,3e,83,aa,01,8b,71,a1,1e,6b,63,53,b0,02,ff,9f . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(868) c:\windows\system32\guard32.dll . - - - - - - - > 'lsass.exe'(924) c:\windows\system32\guard32.dll . Czas ukończenia: 2012-12-27 15:34:55 ComboFix-quarantined-files.txt 2012-12-27 14:34 ComboFix2.txt 2008-12-08 14:21 . Przed: 15 635 599 360 bajtów wolnych Po: 15 904 440 320 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - CE60A3E8C364CB7BB28CBBE276A9CDEB