ComboFix 10-09-30.01 - Właściciel 2010-09-30 22:46:48.2.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1470.1210 [GMT 2:00] Uruchomiony z: c:\documents and settings\Właściciel\Moje dokumenty\Pobieranie\ComboFix.exe AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Poprzednie uruchomienie ------- . c:\windows\settings.reg c:\windows\System32\drivers\mng6ffe.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\wpcap.dll c:\windows\Temp\_ex-08.exe D:\autorun.inf . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF -------\Legacy_mng6ffe -------\Service_mng6ffe ((((((((((((((((((((((((( Pliki utworzone od 2010-08-28 do 2010-09-30 ))))))))))))))))))))))))))))))) . 2010-09-21 16:28 . 2010-09-21 16:28 -------- d-----w- c:\program files\Microsoft.NET 2010-09-21 16:17 . 2010-09-21 16:27 -------- d-----w- c:\windows\SHELLNEW 2010-09-21 16:07 . 2010-09-21 16:07 -------- d-----r- C:\MSOCache 2010-09-12 15:02 . 2010-09-30 19:21 -------- d-----w- c:\program files\Ask.com 2010-09-12 14:58 . 2010-07-22 21:40 2944904 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe 2010-09-12 14:58 . 2010-09-12 15:03 -------- d-----w- c:\program files\VDownloader 2010-09-06 20:32 . 2010-09-06 20:32 -------- d-sh--w- c:\documents and settings\Default User\IETldCache . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-30 19:00 . 2010-04-06 12:10 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-29 19:00 . 2010-08-22 08:13 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-24 17:55 . 2010-08-24 17:53 -------- d-----w- c:\program files\Winamp 2010-08-24 17:54 . 2010-08-24 17:54 -------- d-----w- c:\program files\Winamp Detect 2010-08-24 17:54 . 2010-08-24 17:54 -------- d-----w- c:\program files\Winamp Toolbar 2010-08-24 17:54 . 2010-08-24 17:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar 2010-08-17 13:17 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-12 18:47 . 2010-08-12 18:47 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\n7-89-o9-3r-4t-r9 2010-08-12 18:46 . 2010-08-12 18:46 -------- d-----w- c:\program files\GameHouse 2010-08-05 17:49 . 2010-08-05 17:49 503808 ----a-w- c:\documents and settings\Właściciel\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e5b9f2d-n\msvcp71.dll 2010-08-05 17:49 . 2010-08-05 17:49 499712 ----a-w- c:\documents and settings\Właściciel\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e5b9f2d-n\jmc.dll 2010-08-05 17:49 . 2010-08-05 17:49 348160 ----a-w- c:\documents and settings\Właściciel\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e5b9f2d-n\msvcr71.dll 2010-08-05 17:49 . 2010-08-05 17:49 61440 ----a-w- c:\documents and settings\Właściciel\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ecee0fc-n\decora-sse.dll 2010-08-05 17:49 . 2010-08-05 17:49 12800 ----a-w- c:\documents and settings\Właściciel\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ecee0fc-n\decora-d3d.dll 2010-08-04 20:02 . 2010-04-06 17:22 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2010-07-28 15:36 . 2010-07-28 15:36 180224 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\winamptbres.dll 2010-07-22 15:46 . 2008-04-15 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592] "Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-08-12 131072] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "32771948"="c:\documents and settings\Właściciel\Ustawienia lokalne\Dane aplikacji\32771948.exe" [2010-09-30 1241088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336] "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048] "P17Helper"="P17.dll" [2004-04-08 60928] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "OFFICEKB"="c:\program files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2010-07-15 387584] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\TeVeo\\TeVeo VIDiO Suite\\Live\\TeVeoLive.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\IQ Publishing\\Dance Party Dance X-Treme\\Program\\DancePartyXT.exe"= S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-06-17 165456] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/20 22:32];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 12:58 87536] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-06-17 17744] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 135664] S2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2010-07-18 47616] . Zawartość folderu 'Zaplanowane zadania' 2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 14:50] 2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 14:50] 2010-09-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.ask.com?o=14780&l=dis IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\yjptalnc.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14778&locale=en_US&apn_uid=FD774854-F863-436B-B55E-F8D6D31C4FC2&apn_ptnrs=VX&apn_sauid=75369DAF-E98F-48A2-91D3-9E9D210AA5A1&apn_dtid=YYYYYYYYPL&q= FF - component: c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\yjptalnc.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\Tracker Software\PDF Viewer\nppl3260.dll FF - plugin: c:\program files\Tracker Software\PDF Viewer\nprpjplug.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-30 22:52 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN] "ImagePath"="\Sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(1632) c:\windows\system32\WININET.dll . Czas ukończenia: 2010-09-30 22:56:05 ComboFix-quarantined-files.txt 2010-09-30 20:56 Przed: 13 284 937 728 bajtów wolnych Po: 13 246 345 216 bajtów wolnych - - End Of File - - 548627D1A241BCCB8712A9EAC4841690