ComboFix 13-02-03.03 - Maciek 2013-02-05 15:19:50.1.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.2047.1560 [GMT 1:00] Uruchomiony z: C:\ComboFix.exe AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: Zapora osobista *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\arbpbfrf.exe c:\users\Maciek\AppData\Local\arbpbfrf.exe c:\users\Maciek\AppData\Roaming\arbpbfrf.exe c:\users\Maciek\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif c:\windows\IsUn0415.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\roboot.exe . . ((((((((((((((((((((((((( Pliki utworzone od 2013-01-05 do 2013-02-05 ))))))))))))))))))))))))))))))) . . 2013-02-05 14:22 . 2013-02-05 14:23 -------- d-----w- c:\users\Maciek\AppData\Local\temp 2013-02-05 14:22 . 2013-02-05 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-05 14:14 . 2013-02-05 14:14 -------- d-----w- c:\windows\LastGood 2013-01-30 16:03 . 2012-08-21 13:44 513696 ----a-w- c:\windows\system32\msxml.dll 2013-01-30 16:03 . 2012-08-21 13:44 38560 ----a-w- c:\windows\system32\CleanMFT32.exe 2013-01-30 16:03 . 2008-09-17 20:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2013-01-30 16:03 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2013-01-30 16:03 . 2008-04-02 14:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2013-01-30 16:03 . 2008-04-02 14:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2013-01-30 16:03 . 2013-01-30 16:03 -------- d-----w- c:\program files\Common Files\PC Tools 2013-01-30 16:03 . 2013-02-05 10:55 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2013-01-22 16:09 . 2013-01-22 16:09 -------- d-----w- c:\users\Maciek\AppData\Roaming\Systweak 2013-01-22 16:09 . 2013-01-22 16:26 -------- d-----w- c:\program files\RegClean Pro 2013-01-22 16:09 . 2013-01-22 16:11 -------- d-----w- c:\users\Maciek\AppData\Roaming\PhotoScape 2013-01-22 16:09 . 2013-01-22 16:09 -------- d-----w- c:\program files\PhotoScape . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048] "ares"="c:\program files\Ares\Ares.exe" [2010-10-27 1015808] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-11 6703648] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ MSNET_Działdowo.lnk - c:\program files\MSNET_Działdowo\KDLink32.exe [2008-11-3 963584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 12:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD] 2003-11-07 18:55 413696 ----a-w- c:\program files\CyberLink\PowerDVD\PowerDVD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2003-10-31 18:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2010-08-25 19:37 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-20 18:18 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-969023606-1492458141-901998452-1004] "EnableNotificationsRef"=dword:00000001 . R2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-04 18:28 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Zawartość folderu 'Zaplanowane zadania' . 2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-10 21:59] . 2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-10 21:59] . 2012-11-21 c:\windows\Tasks\Norton Security Scan for Maciek.job - c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-11-19 09:45] . 2013-02-02 c:\windows\Tasks\RegClean Pro_DEFAULT.job - c:\program files\RegClean Pro\RegCleanPro.exe [2013-01-22 11:01] . 2013-01-31 c:\windows\Tasks\RegClean Pro_UPDATES.job - c:\program files\RegClean Pro\RegCleanPro.exe [2013-01-22 11:01] . 2013-02-05 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2013-01-30 13:44] . 2013-02-04 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2013-01-30 13:43] . 2013-02-04 c:\windows\Tasks\User_Feed_Synchronization-{88BCFA29-EA26-4A54-BDCA-C658DF83D25F}.job - c:\windows\system32\msfeedssync.exe [2009-09-03 11:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{1018C00A-BF1B-4CEA-894D-7ED4D7827942}: NameServer = 10.55.0.250 88.199.86.67 TCP: Interfaces\{CD9D1C19-F421-4CAA-972B-F69800248D20}: NameServer = 10.55.0.250 88.199.86.67 . - - - - USUNIĘTO PUSTE WPISY - - - - . MSConfigStartUp-cdoosoft - c:\users\Maciek\AppData\Local\Temp\herss.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-05 15:23 Windows 6.0.6001 Service Pack 1 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2013-02-05 15:24:27 ComboFix-quarantined-files.txt 2013-02-05 14:24 . Przed: 11 541 438 464 bajtów wolnych Po: 16 804 634 624 bajtów wolnych . - - End Of File - - 2C145C08502519DF52503CF3163FBF9B