ComboFix 11-11-09.02 - Zenek 2011-11-09 21:38:29.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1729 [GMT 1:00] Uruchomiony z: c:\documents and settings\Zenek\Pulpit\ComboFix.exe AV: avast! antivirus 4.8.1356 [VPS 100131-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Menu Start\HP Image Zone .lnk c:\program files\iplus c:\program files\iplus\PaseczekControlAPI.dll c:\program files\webhancer c:\windows\$NtUninstallKB27451$ c:\windows\$NtUninstallKB27451$\2267878377\@ c:\windows\$NtUninstallKB27451$\2267878377\L\rnpgjjee c:\windows\$NtUninstallKB27451$\2267878377\loader.tlb c:\windows\$NtUninstallKB27451$\2267878377\U\@00000001 c:\windows\$NtUninstallKB27451$\2267878377\U\@000000c0 c:\windows\$NtUninstallKB27451$\2267878377\U\@000000cb c:\windows\$NtUninstallKB27451$\2267878377\U\@000000cf c:\windows\$NtUninstallKB27451$\2267878377\U\@80000000 c:\windows\$NtUninstallKB27451$\2267878377\U\@800000c0 c:\windows\$NtUninstallKB27451$\2267878377\U\@800000cb c:\windows\$NtUninstallKB27451$\2267878377\U\@800000cf c:\windows\$NtUninstallKB27451$\3114947915 c:\windows\av_ico c:\windows\av_ico\ico_avast_desktop.ico c:\windows\av_ico\ico_avast_start.ico c:\windows\av_ico\ico_mcafee_start.ico c:\windows\btc_client_iplist.txt c:\windows\front_ip_list.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\IsUn0415.exe c:\windows\loader2.exe_ok c:\windows\phoenix c:\windows\phoenix.rar c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\__init__.pyc c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\__init__.pyc c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\proc_list1.log c:\windows\rpcminer c:\windows\rpcminer.rar c:\windows\rpcminer\bitcoinminercuda_10.cubin c:\windows\rpcminer\bitcoinminercuda_11.cubin c:\windows\rpcminer\bitcoinminercuda_20.cubin c:\windows\rpcminer\bitcoinmineropencl.cl c:\windows\rpcminer\cudart32_32_16.dll c:\windows\rpcminer\curllib.dll c:\windows\rpcminer\libeay32.dll c:\windows\rpcminer\libsasl.dll c:\windows\rpcminer\openldap.dll c:\windows\rpcminer\rpcminer-4way.exe c:\windows\rpcminer\rpcminer-cpu.exe c:\windows\rpcminer\rpcminer-cuda.exe c:\windows\rpcminer\rpcminer-opencl.exe c:\windows\rpcminer\ssleay32.dll c:\windows\system32\ c:\windows\system32\c_38050.nls c:\windows\system32\drivers\etc\HSTS~1 c:\windows\update.1 c:\windows\update.1\svchost.exe c:\windows\update.2 c:\windows\update.5.0 c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt c:\windows\winsetupapi.log . Zainfekowana kopia c:\windows\system32\drivers\ipsec.sys została znaleziona. Problem naprawiono Plik odzyskano z - The cat found it :) Zainfekowana kopia c:\program files\Google\Update\GoogleUpdate.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{02F64963-AAF7-4AE0-BEA6-771A9C571377}\RP73\A0194971.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SRVBTCCLIENT -------\Legacy_SRVIECHECK -------\Legacy_SRVSYSDRIVER32 -------\Legacy_WXPDRIVERS -------\Service_872d13e9 -------\Service_srvbtcclient -------\Service_srviecheck -------\Service_srvsysdriver32 -------\Service_wxpdrivers . . ((((((((((((((((((((((((( Pliki utworzone od 2011-10-09 do 2011-11-09 ))))))))))))))))))))))))))))))) . . 2011-11-09 20:57 . 2011-11-09 20:57 -------- d-----w- c:\windows\av_ico 2011-11-09 20:33 . 2008-04-13 22:49 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys 2011-11-09 20:33 . 2008-04-13 22:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-11-07 22:18 . 2011-11-07 22:18 -------- d-----w- c:\documents and settings\Zenek\DoctorWeb 2011-11-07 21:56 . 2011-11-07 21:56 -------- d-----w- c:\documents and settings\Zenek\Ustawienia lokalne\Dane aplikacji\Temp 2011-11-07 21:53 . 2011-11-07 21:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-07 21:51 . 2011-11-07 21:51 -------- d-sh--w- c:\documents and settings\Zenek\IECompatCache 2011-11-07 21:50 . 2008-04-14 20:50 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-11-07 21:50 . 2008-04-14 20:50 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-11-07 21:34 . 2008-04-14 21:50 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2011-11-07 21:34 . 2008-04-14 21:50 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-11-05 11:15 . 2011-11-05 11:15 -------- dc-h--w- c:\documents and settings\All Users\Dane aplikacji\{D7941DA4-2EF5-4E70-8A3D-3CF7634A336B} 2011-11-03 19:56 . 2011-11-03 19:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles 2011-11-02 18:12 . 2011-11-02 18:12 -------- d--h--w- c:\documents and settings\All Users\Dane aplikacji\Common Files 2011-11-02 18:06 . 2011-11-02 18:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MFAData 2011-11-02 17:36 . 2011-11-02 17:36 -------- d-----w- c:\program files\CardDetector 2011-11-01 18:13 . 2011-11-01 18:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-11-01 18:13 . 2011-11-01 18:13 -------- d-----r- c:\documents and settings\LocalService\Ulubione 2011-11-01 18:10 . 2011-11-09 01:39 -------- d-----w- c:\windows\ufa 2011-11-01 18:08 . 2011-11-08 20:40 -------- d-sh--w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\872d13e9 2011-11-01 18:07 . 2011-11-01 18:10 246272 ----a-w- c:\windows\unrar.exe 2011-11-01 17:18 . 2011-11-09 19:27 -------- d--h--w- c:\windows\update.tray-9-0 2011-11-01 17:18 . 2011-11-09 19:27 -------- d--h--w- c:\windows\update.tray-7-0 2011-11-01 17:18 . 2011-11-09 19:27 -------- d--h--w- c:\windows\update.tray-7-0-lnk 2011-11-01 17:18 . 2011-11-01 17:18 -------- d--h--w- c:\windows\update.tray-9-0-lnk 2011-11-01 17:07 . 2011-11-01 17:07 -------- d-----w- c:\documents and settings\LocalService\Menu Start 2011-10-19 17:28 . 2011-10-19 17:34 -------- d-----w- c:\program files\Moozy 2011-10-13 12:33 . 2011-10-13 12:33 -------- d-----w- c:\program files\Atari 2011-10-11 16:18 . 2011-10-11 16:18 -------- d-----w- c:\program files\Common Files\Adobe AIR . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-09 20:58 . 2011-11-09 20:58 257024 ----a-w- c:\windows\sysdriver32.exe 2011-11-09 20:57 . 2011-11-09 20:58 257024 ----a-w- c:\windows\sysdriver32_.exe 2011-11-09 01:37 . 2009-04-03 16:16 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2011-11-09 01:37 . 2009-02-19 09:26 163840 ----a-w- c:\windows\system32\nvsvc32.exe 2011-10-13 12:41 . 2011-07-01 15:11 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-02-03 2181672] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-05 39408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-19 13680640] "nwiz"="nwiz.exe" [2009-02-19 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-19 86016] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616] "BEWINTERNET-PLSessionManager"="c:\program files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe" [2008-10-24 131824] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "CardDetectorZTEMF636"="c:\program files\CardDetector\ZTEMF636\CardDetector.exe" [2008-10-14 274432] "tray_ico0"="c:\windows\update.tray-9-0\svchost.exe" [2011-11-09 1203200] "tray_ico1"="c:\windows\update.tray-7-0\svchost.exe" [2011-11-09 1203200] "6517440.exe"="c:\docume~1\Zenek\USTAWI~1\Temp\6517440.exe" [2011-11-09 257024] "sysdriver32.exe"="c:\windows\sysdriver32.exe" [2011-11-09 257024] "sysdriver32_.exe"="c:\windows\sysdriver32_.exe" [2011-11-09 257024] "2452805.exe"="c:\docume~1\Zenek\USTAWI~1\Temp\2452805.exe" [2011-11-09 257024] "6406030.exe"="c:\windows\TEMP\6406030.exe" [2011-11-09 257024] "3347047.exe"="c:\windows\TEMP\3347047.exe" [2011-11-09 1942528] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Zenek\Menu Start\Programy\Autostart\ Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] HP Image Zone - szybkie uruchamianie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-11 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 11:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-11-05 11:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32.exe] 2011-11-09 20:58 257024 ----a-w- c:\windows\sysdriver32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32_.exe] 2011-11-09 20:58 257024 ----a-w- c:\windows\sysdriver32_.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico0] 2011-11-09 01:39 1203200 ---h--w- c:\windows\update.tray-9-0\svchost.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray_ico1] 2011-11-09 01:39 1203200 ---h--w- c:\windows\update.tray-7-0\svchost.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\OrangeBS\\BEWInternet-PL\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\WINDOWS\\update.tray-7-0\\svchost.exe"= "c:\\WINDOWS\\update.tray-9-0\\svchost.exe"= "c:\\WINDOWS\\update.2\\svchost.exe"= "c:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ArcCon.ac"= "c:\\Program Files\\OrangeBS\\BEWInternet-PL\\Launcher\\Launcher.exe"= "c:\\Program Files\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"= "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"= "c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "2407:TCP"= 2407:TCP:ijspqtv "7782:TCP"= 7782:TCP:dvfqc . R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2005-09-26 24064] R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-09-20 110304] R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?] R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?] R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-02-27 27632] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-04-01 238080] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S2 mgyeigffv;Universal Server;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-05-19 13224] S3 gjranrrw;gjranrrw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 iatmunin;iatmunin;\??\c:\docume~1\MATEUCHO\USTAWI~1\Temp\iatmunin.sys --> c:\docume~1\MATEUCHO\USTAWI~1\Temp\iatmunin.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?] S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2010-03-13 83880] S3 tompe;tompe;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?] S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2009-11-03 103936] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - SRVBTCCLIENT *NewlyCreated* - SRVIECHECK *NewlyCreated* - SRVSYSDRIVER32 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs mgyeigffv . Zawartość folderu 'Zaplanowane zadania' . 2011-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2011-11-09 c:\windows\Tasks\User_Feed_Synchronization-{0AEDDF18-15B7-4638-9477-075C34FA4400}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . 2011-11-09 c:\windows\Tasks\User_Feed_Synchronization-{A05F7E23-2529-44D6-8164-45F5D11AB599}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.10.1 . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file) WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file) HKLM-Run-wxpdrv - c:\windows\services32.exe HKLM-Run-tray_ico - (no file) HKLM-Run-tray_ico2 - (no file) HKLM-Run-tray_ico3 - (no file) HKLM-Run-tray_ico4 - (no file) SafeBoot-wxpdrivers MSConfigStartUp-3173186 - c:\windows\TEMP\3173186.exe MSConfigStartUp-5534578 - c:\windows\TEMP\5534578.exe MSConfigStartUp-659209 - c:\docume~1\MATEUCHO\USTAWI~1\Temp\659209.exe MSConfigStartUp-7281861 - c:\docume~1\MATEUCHO\USTAWI~1\Temp\7281861.exe MSConfigStartUp-9031481 - c:\windows\TEMP\9031481.exe MSConfigStartUp-wxpdrv - c:\windows\services32.exe AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0415.EXE AddRemove-Nowe Gadu-Gadu - c:\program files\Nowe Gadu-Gadu\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-09 21:57 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gjranrrw] "ImagePath"="\??\c:\windows\system32\01.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tompe] "ImagePath"="\??\c:\windows\system32\02.tmp" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(912) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\RUNDLL32.EXE c:\program files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\OrangeBS\BEWInternet-PL\PhoneTools\TextMessaging.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe c:\windows\update.2\svchost.exe c:\windows\update.2\svchost.exe c:\windows\update.5.0\svchost.exe c:\windows\update.5.0\svchost.exe c:\windows\update.2\svchost.exe c:\windows\update.2\svchost.exe c:\windows\update.2\svchost.exe c:\windows\update.2\svchost.exe . ************************************************************************** . Czas ukończenia: 2011-11-09 22:01:10 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-11-09 21:01 . Przed: 53 763 186 688 bajtów wolnych Po: 55 144 669 184 bajtów wolnych . - - End Of File - - 0EA476CE61025CF9F4883E213E99CFED