ComboFix 11-05-10.01 - BBB 2011-05-11 14:19:09.1.1 - x86 Uruchomiony z: C:\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\autorun.inf c:\documents and settings\BBB\Dane aplikacji\PriceGong c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\1.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\a.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\b.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\c.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\d.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\e.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\f.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\g.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\h.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\i.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\J.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\k.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\l.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\m.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\mru.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\n.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\o.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\p.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\q.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\r.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\s.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\t.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\u.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\v.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\w.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\x.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\y.xml c:\documents and settings\BBB\Dane aplikacji\PriceGong\Data\z.xml c:\program files\Spik\Spik.exe c:\recycled\Recycled D:\autorun.inf E:\autorun.inf F:\autorun.inf . . ((((((((((((((((((((((((( Pliki utworzone od 2011-04-11 do 2011-05-11 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-01 14:48 . 2011-03-23 22:33 151552 --sh--r- c:\windows\system32\EXPLORER.EXE 2011-02-20 06:00 . 2011-02-14 21:07 21840 ----atw- c:\windows\system32\SIntfNT.dll 2011-02-20 06:00 . 2011-02-14 21:07 17212 ----atw- c:\windows\system32\SIntf32.dll 2011-02-20 06:00 . 2011-02-14 21:07 12067 ----atw- c:\windows\system32\SIntf16.dll 2011-02-20 05:35 . 2011-02-20 05:35 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys . . ------- Sigcheck ------- . [-] 2009-06-09 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\tbSoft.dll" [2010-11-13 3913000] . [HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-11-13 17:28 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] 2010-11-13 17:28 3913000 ----a-w- c:\program files\Softonic-Polska\tbSoft.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}"= "c:\program files\Softonic-Polska\tbSoft.dll" [2010-11-13 3913000] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000] . [HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF}"= "c:\program files\Softonic-Polska\tbSoft.dll" [2010-11-13 3913000] . [HKEY_CLASSES_ROOT\clsid\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1477440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 95232] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-04-25 150448] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 1046976] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-06-09 15360] . c:\documents and settings\BBB\Menu Start\Programy\Autostart\ ctfmon.exe [2011-3-23 364544] . [COLOR=RED] Klucz Trybu Awaryjnego wymaga naprawy. Komputer nie może wejść w Tryb Awaryjny. [/COLOR] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Recycled\\ctfmon.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\WINDOWS\\system32\\taskmgr.exe"= "c:\\Documents and Settings\\BBB\\Menu Start\\Programy\\Autostart\\ctfmon.exe"= "c:\\WINDOWS\\system32\\wscntfy.exe"= "c:\\Program Files\\Winamp\\winampa.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"= "c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"= "c:\\Program Files\\SubEdit-Player\\subedit.exe"= "c:\\Program Files\\DAEMON Tools Lite\\DTLite.exe"= "c:\\WINDOWS\\system32\\sol.exe"= "c:\\Program Files\\Spik\\regtool.exe"= "c:\\WINDOWS\\system32\\EXPLORER.EXE"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe"= "c:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"= "c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mpc-hc.exe"= "c:\\WINDOWS\\system32\\ntvdm.exe"= "c:\\WINDOWS\\system32\\spider.exe"= "c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"= "c:\\PDFConverterSetup.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7349:TCP"= 7349:TCP:wdhhz . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-02-20 218688] R3 dpti930;dpti930;\??\c:\windows\system32\drivers\eineln.sys --> c:\windows\system32\drivers\eineln.sys [?] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2011-01-29 31424] S2 wbfrumhkb;Config Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2009-06-10 14336] S3 nnbktndg;nnbktndg;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?] S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2011-03-27 83880] S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2011-03-27 15016] S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2011-03-27 110632] S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2011-03-27 104616] S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2011-03-27 25512] S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2011-03-27 100648] S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2011-03-27 110120] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs wbfrumhkb . . ------- Skan uzupełniający ------- . uStart Page = my.daemon-search.com IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {E3FEEC13-AA3A-49C9-883A-418CAB41BDEE} = 8.8.8.8 109.196.112.20 Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files\Spik\url_wpmsg.dll . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-wsctf.exe - wsctf.exe HKLM-Run-Spik - c:\program files\Spik\Spik.exe . . . ************************************************************************** skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nnbktndg] "ImagePath"="\??\c:\windows\system32\01.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wbfrumhkb] "ServiceDll"="c:\windows\system32\uxjoved.dll" . Czas ukończenia: 2011-05-11 14:35:20 ComboFix-quarantined-files.txt 2011-05-11 10:05 . Przed: 779 067 392 bajtów wolnych Po: 1 274 421 248 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - F58EA99BF1EAD641D8BD45FD5FCB8174