ComboFix 10-06-07.01 - paulina 2010-06-07 21:17:40.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.671 [GMT 2:00] Uruchomiony z: c:\documents and settings\paulina\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\paulina\Pulpit\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . [i] ADS - Help: deleted 23944 bytes in 1 streams. [/i] [i] ADS - Temp: deleted 388091 bytes in 1 streams. [/i] ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1238.exe C:\12gn6id2.exe C:\1thes92p.exe C:\2u923g01.exe C:\3dcs9.exe C:\9qqigqwf.exe C:\9rfpp.exe C:\affi8l.exe C:\autorun.inf C:\ba.exe C:\bbjl2g.exe C:\chxnxyx.exe C:\df.exe c:\docume~1\paulina\USTAWI~1\Temp\cvasds1.dll c:\documents and settings\paulina\cbv.exe c:\documents and settings\paulina\Dane aplikacji\chrtmp c:\documents and settings\paulina\frgmh.exe c:\documents and settings\paulina\kvo.exe c:\documents and settings\paulina\mdsys.s c:\documents and settings\paulina\mdusys.s c:\documents and settings\paulina\shux.exe C:\dqm.exe C:\e9naq.exe C:\ey.exe C:\f2kmj.exe C:\fk.exe C:\ggpw.exe C:\h0.exe C:\hc3hvi0.exe C:\i8ikdjwt.exe C:\img8hi.exe C:\ji83j.exe C:\k1d.exe C:\kmj.exe C:\mi9al8rs.exe C:\n6eyw.exe C:\p3vwxx.exe C:\P6XEBRNT.EXE C:\p9rs.exe C:\pbyqfn.exe C:\QHBFQX.EXE C:\r3fhr.exe C:\rpw.exe C:\s1.exe C:\sd.exe C:\SDFQH.EXE C:\tgt.exe C:\twhvna.exe C:\utcddeq.exe C:\vgyn6ewc.exe c:\windows\mds.sys c:\windows\mdsys.s c:\windows\mdt.sys c:\windows\mdusys.s c:\windows\system32\drivers\ndisrd.sys c:\windows\system32\ndisapi.dll c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job C:\ws.exe C:\yqq8eqil.exe C:\ysyjq1bs.exe D:\12gn6id2.exe D:\1thes92p.exe D:\2u923g01.exe D:\3dcs9.exe D:\9qqigqwf.exe D:\9rfpp.exe D:\affi8l.exe D:\Autorun.inf D:\bbjl2g.exe D:\ey.exe D:\fk.exe D:\ggpw.exe D:\hc3hvi0.exe D:\i8ikdjwt.exe D:\img8hi.exe D:\ji83j.exe D:\k1d.exe D:\mi9al8rs.exe D:\n6eyw.exe D:\p3vwxx.exe D:\p6xebrnt.exe D:\qhbfqx.exe D:\r3fhr.exe D:\rpw.exe D:\s1.exe D:\sdfqh.exe D:\tgt.exe D:\twhvna.exe D:\vgyn6ewc.exe D:\yqq8eqil.exe D:\ysyjq1bs.exe Zainfekowana kopia c:\windows\system32\drivers\dmio.sys została znaleziona. Problem naprawiono Plik odzyskano z - Kitty had a snack :p Zainfekowana kopia c:\windows\system32\drivers\dmio.sys została znaleziona. Problem naprawiono Plik odzyskano z - Kitty ate it :p Zainfekowana kopia c:\windows\system32\drivers\dmio.sys została znaleziona. Problem naprawiono Plik odzyskano z - Kitty had a snack :p Zainfekowana kopia c:\windows\system32\drivers\dmio.sys została znaleziona. Problem naprawiono Plik odzyskano z - Kitty had a snack :p Zainfekowana kopia c:\windows\system32\drivers\dmio.sys została znaleziona. Problem naprawiono Plik odzyskano z - Kitty ate it :p Zainfekowana kopia c:\windows\system32\drivers\dmio.sys została znaleziona. Problem naprawiono Plik odzyskano z - Kitty had a snack :p Zainfekowana kopia c:\windows\system32\drivers\dmio.sys została znaleziona. Problem naprawiono Plik odzyskano z - Kitty had a snack :p Zainfekowana kopia c:\windows\system32\drivers\dmio.sys została znaleziona. Problem naprawiono Plik odzyskano z - Kitty ate it :p Zainfekowana kopia c:\windows\system32\drivers\dmio.sys została znaleziona. Problem naprawiono Plik odzyskano z - Kitty had a snack :p . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NDISRD -------\Legacy_RTIIXOJD -------\Legacy_SSHNAS -------\Service_NDISRD -------\Service_rtiixojd -------\Service_SSHNAS -------\Service_tdvakmcw ((((((((((((((((((((((((( Pliki utworzone od 2010-05-07 do 2010-06-07 ))))))))))))))))))))))))))))))) . 2010-06-07 16:36 . 2010-06-07 16:36 39936 ----a-w- c:\windows\system32\drivers\exephtas.sys 2010-06-07 12:52 . 2010-06-07 16:13 -------- d-----w- c:\windows\system32\NtmsData 2010-06-07 12:47 . 2010-06-07 12:47 -------- d-----w- c:\documents and settings\paulina\Dane aplikacji\Avira 2010-06-07 12:45 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-07 12:45 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-07 12:45 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-07 12:45 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-07 12:45 . 2010-06-07 12:45 -------- d-----w- c:\program files\Avira 2010-06-07 12:45 . 2010-06-07 12:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira 2010-05-29 18:15 . 2010-05-29 18:15 503808 ----a-w- c:\documents and settings\paulina\Dane aplikacji\Sun\Java\Deployment\cache\6.0\46\f84c6ae-17a4b03d-n\msvcp71.dll 2010-05-29 18:15 . 2010-05-29 18:15 499712 ----a-w- c:\documents and settings\paulina\Dane aplikacji\Sun\Java\Deployment\cache\6.0\46\f84c6ae-17a4b03d-n\jmc.dll 2010-05-29 18:15 . 2010-05-29 18:15 348160 ----a-w- c:\documents and settings\paulina\Dane aplikacji\Sun\Java\Deployment\cache\6.0\46\f84c6ae-17a4b03d-n\msvcr71.dll 2010-05-14 18:05 . 2010-05-14 18:05 95759 --sh--r- C:\gf6ffsds.exe 2010-05-13 19:21 . 2010-05-13 19:21 175104 ----a-w- c:\windows\Vkuloa.exe 2010-05-13 04:41 . 2010-05-13 04:40 111104 --sh--r- C:\xjb3.exe 2010-05-08 22:21 . 2010-05-08 22:21 417911 ----a-w- C:\asdj.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-06 11:10 . 2009-03-29 21:59 -------- d-----w- c:\documents and settings\paulina\Dane aplikacji\Winamp 2010-06-05 16:00 . 2001-10-26 14:15 84916 ----a-w- c:\windows\system32\perfc015.dat 2010-06-05 16:00 . 2001-10-26 14:15 493632 ----a-w- c:\windows\system32\perfh015.dat 2010-05-17 18:15 . 2010-03-14 15:33 -------- d-----w- c:\documents and settings\paulina\Dane aplikacji\Hamachi 2010-05-17 18:09 . 2009-09-23 08:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2010-05-16 18:38 . 2010-01-01 04:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2010-05-15 16:35 . 2010-03-11 11:35 -------- d-----w- c:\documents and settings\paulina\Dane aplikacji\Moje pliki zapisu Bitwy o Śródziemie 2010-05-10 15:37 . 2009-03-29 21:55 -------- d-----w- c:\documents and settings\paulina\Dane aplikacji\Nowe Gadu-Gadu 2010-05-07 18:50 . 2010-05-07 18:50 83598 --sh--r- C:\hxf.exe 2010-05-07 18:25 . 2010-05-07 18:25 5347 ----a-w- C:\hxgfhd.exe 2010-05-07 18:18 . 2010-05-07 18:11 5419 ----a-w- C:\hgfhd.exe 2010-04-20 13:18 . 2010-04-20 11:51 -------- d-----w- c:\program files\kED 2010-04-17 21:08 . 2010-04-17 21:08 127488 --sh--r- C:\lhhr8.exe 2010-04-09 21:46 . 2010-02-20 19:17 -------- d-----w- c:\program files\MioNet 2010-04-03 06:08 . 2010-04-03 06:08 89231 --sh--r- C:\menu.exe 2010-03-17 14:18 . 2010-01-06 11:03 68456 ----a-w- c:\documents and settings\paulina\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-03-16 13:59 . 2010-03-16 14:00 119808 --sh--r- C:\y6cqb2is.exe 2010-03-14 15:27 . 2010-03-14 15:27 116736 --sh--r- C:\nhx.exe 2010-03-10 19:36 . 2010-03-10 19:35 1025992 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NOS\Adobe_Downloads\SecurityScan_Release.exe 2010-03-10 19:35 . 2010-03-10 19:35 86016 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NOS\Adobe_Downloads\arh.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-07-27 10719848] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-09-04 6856704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "nwiz"="nwiz.exe" [2008-10-07 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "phc710"="c:\windows\system32\vphc700.exe" [2005-07-20 339968] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Raconfig.lnk - c:\program files\RALINK\RT2400 Wireless LAN Card\Installer\WINXP\RaConfig.exe [2009-3-29 479232] TrayMin710.exe.lnk - c:\program files\Philips\Philips SPC710NC Webcam\TrayMin710.exe [2010-2-20 278528] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\call\\Call of Duty 4 - Modern Warfare\\Cod4 na dragan\\iw3mp.exe"= "d:\\gry\\Bitwa o Śródziemie\\game.dat"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2009-03-29 25067] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-06-07 135336] R2 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [2005-07-15 139264] R3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2009-03-29 62848] S3 ayeomkhd;ayeomkhd;\??\c:\windows\System32\Drivers\ayeomkhd.sys --> c:\windows\System32\Drivers\ayeomkhd.sys [?] S3 bimvmvwx;bimvmvwx;\??\c:\windows\System32\Drivers\bimvmvwx.sys --> c:\windows\System32\Drivers\bimvmvwx.sys [?] S3 btbldaqy;btbldaqy;\??\c:\windows\System32\Drivers\btbldaqy.sys --> c:\windows\System32\Drivers\btbldaqy.sys [?] S3 bzmlmylk;bzmlmylk;\??\c:\windows\System32\Drivers\bzmlmylk.sys --> c:\windows\System32\Drivers\bzmlmylk.sys [?] S3 cpahsbaa;cpahsbaa;\??\c:\windows\System32\Drivers\cpahsbaa.sys --> c:\windows\System32\Drivers\cpahsbaa.sys [?] S3 cwoodjjf;cwoodjjf;\??\c:\windows\System32\Drivers\cwoodjjf.sys --> c:\windows\System32\Drivers\cwoodjjf.sys [?] S3 dyskslro;dyskslro;\??\c:\windows\System32\Drivers\dyskslro.sys --> c:\windows\System32\Drivers\dyskslro.sys [?] S3 ebggbogv;ebggbogv;\??\c:\windows\System32\Drivers\ebggbogv.sys --> c:\windows\System32\Drivers\ebggbogv.sys [?] S3 ecacsqcx;ecacsqcx;\??\c:\windows\System32\Drivers\ecacsqcx.sys --> c:\windows\System32\Drivers\ecacsqcx.sys [?] S3 fsxkaeup;fsxkaeup;\??\c:\windows\System32\Drivers\fsxkaeup.sys --> c:\windows\System32\Drivers\fsxkaeup.sys [?] S3 ftftuike;ftftuike;\??\c:\windows\System32\Drivers\ftftuike.sys --> c:\windows\System32\Drivers\ftftuike.sys [?] S3 giylfkyq;giylfkyq;\??\c:\windows\System32\Drivers\giylfkyq.sys --> c:\windows\System32\Drivers\giylfkyq.sys [?] S3 gjaereco;gjaereco;\??\c:\windows\System32\Drivers\gjaereco.sys --> c:\windows\System32\Drivers\gjaereco.sys [?] S3 gkyyzzmd;gkyyzzmd;\??\c:\windows\System32\Drivers\gkyyzzmd.sys --> c:\windows\System32\Drivers\gkyyzzmd.sys [?] S3 hcqvvwgz;hcqvvwgz;\??\c:\windows\System32\Drivers\hcqvvwgz.sys --> c:\windows\System32\Drivers\hcqvvwgz.sys [?] S3 hkxklanh;hkxklanh;\??\c:\windows\System32\Drivers\hkxklanh.sys --> c:\windows\System32\Drivers\hkxklanh.sys [?] S3 hnmqdbjo;hnmqdbjo;\??\c:\windows\System32\Drivers\hnmqdbjo.sys --> c:\windows\System32\Drivers\hnmqdbjo.sys [?] S3 jtkwmair;jtkwmair;\??\c:\windows\System32\Drivers\jtkwmair.sys --> c:\windows\System32\Drivers\jtkwmair.sys [?] S3 lrucuvku;lrucuvku;\??\c:\windows\System32\Drivers\lrucuvku.sys --> c:\windows\System32\Drivers\lrucuvku.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 mjrlaety;mjrlaety;\??\c:\windows\System32\Drivers\mjrlaety.sys --> c:\windows\System32\Drivers\mjrlaety.sys [?] S3 mmfojgjb;mmfojgjb;\??\c:\windows\System32\Drivers\mmfojgjb.sys --> c:\windows\System32\Drivers\mmfojgjb.sys [?] S3 mvkpnxbs;mvkpnxbs;\??\c:\windows\System32\Drivers\mvkpnxbs.sys --> c:\windows\System32\Drivers\mvkpnxbs.sys [?] S3 nfoaqqoa;nfoaqqoa;\??\c:\windows\System32\Drivers\nfoaqqoa.sys --> c:\windows\System32\Drivers\nfoaqqoa.sys [?] S3 nimqiznu;nimqiznu;\??\c:\windows\System32\Drivers\nimqiznu.sys --> c:\windows\System32\Drivers\nimqiznu.sys [?] S3 ntwjpjzv;ntwjpjzv;\??\c:\windows\System32\Drivers\ntwjpjzv.sys --> c:\windows\System32\Drivers\ntwjpjzv.sys [?] S3 oavxfmub;oavxfmub;\??\c:\windows\System32\Drivers\oavxfmub.sys --> c:\windows\System32\Drivers\oavxfmub.sys [?] S3 pfilxmgl;pfilxmgl;\??\c:\windows\System32\Drivers\pfilxmgl.sys --> c:\windows\System32\Drivers\pfilxmgl.sys [?] S3 scorjrxy;scorjrxy;\??\c:\windows\System32\Drivers\scorjrxy.sys --> c:\windows\System32\Drivers\scorjrxy.sys [?] S3 smofzbbr;smofzbbr;\??\c:\windows\System32\Drivers\smofzbbr.sys --> c:\windows\System32\Drivers\smofzbbr.sys [?] S3 sujxnjjs;sujxnjjs;\??\c:\windows\System32\Drivers\sujxnjjs.sys --> c:\windows\System32\Drivers\sujxnjjs.sys [?] S3 tljefaae;tljefaae;\??\c:\windows\System32\Drivers\tljefaae.sys --> c:\windows\System32\Drivers\tljefaae.sys [?] S3 tpbtdxim;tpbtdxim;\??\c:\windows\System32\Drivers\tpbtdxim.sys --> c:\windows\System32\Drivers\tpbtdxim.sys [?] S3 tyjbeeoe;tyjbeeoe;\??\c:\windows\System32\Drivers\tyjbeeoe.sys --> c:\windows\System32\Drivers\tyjbeeoe.sys [?] S3 uossidqf;uossidqf;\??\c:\windows\System32\Drivers\uossidqf.sys --> c:\windows\System32\Drivers\uossidqf.sys [?] S3 uouwrqzq;uouwrqzq;\??\c:\windows\System32\Drivers\uouwrqzq.sys --> c:\windows\System32\Drivers\uouwrqzq.sys [?] S3 vdktwjmr;vdktwjmr;\??\c:\windows\System32\Drivers\vdktwjmr.sys --> c:\windows\System32\Drivers\vdktwjmr.sys [?] S3 vkfqridq;vkfqridq;\??\c:\windows\System32\Drivers\vkfqridq.sys --> c:\windows\System32\Drivers\vkfqridq.sys [?] S3 wrmnfedx;wrmnfedx;\??\c:\windows\System32\Drivers\wrmnfedx.sys --> c:\windows\System32\Drivers\wrmnfedx.sys [?] S3 xjvcimev;xjvcimev;\??\c:\windows\System32\Drivers\xjvcimev.sys --> c:\windows\System32\Drivers\xjvcimev.sys [?] S3 yhcmrwbd;yhcmrwbd;\??\c:\windows\System32\Drivers\yhcmrwbd.sys --> c:\windows\System32\Drivers\yhcmrwbd.sys [?] S3 zfyvqtiq;zfyvqtiq;\??\c:\windows\System32\Drivers\zfyvqtiq.sys --> c:\windows\System32\Drivers\zfyvqtiq.sys [?] . Zawartość folderu 'Zaplanowane zadania' 2010-06-07 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-01-07 21:18] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.a2articles.com IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: {02B44E22-2F9D-4AE2-BB0F-720FAF330604} = 194.204.159.1,192.168.0.1 TCP: {358D5AD6-49D2-42D7-9852-2F48124A32A9} = 194.204.159.1,192.168.0.1 FF - ProfilePath - c:\documents and settings\paulina\Dane aplikacji\Mozilla\Firefox\Profiles\mpya4vjv.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\paulina\Dane aplikacji\Mozilla\Firefox\Profiles\mpya4vjv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: c:\documents and settings\paulina\Dane aplikacji\Facebook\npfbplugin_1_0_1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-07 21:27 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(3608) c:\windows\system32\msi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\wdfmgr.exe c:\program files\MioNet\jvm\bin\MioNet.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE . ************************************************************************** . Czas ukończenia: 2010-06-07 21:32:02 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-06-07 19:32 Przed: 13 194 305 536 bajtów wolnych Po: 14 065 090 560 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 3DDEE2FF66CEBE949818B83AE17339DC