ComboFix 10-08-22.01 - Tomasz-Szpony 2010-08-23 0:11.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3582.3194 [GMT 2:00] Uruchomiony z: c:\documents and settings\Tomasz-Szpony\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Pliki utworzone od 2010-07-22 do 2010-08-22 ))))))))))))))))))))))))))))))) . 2010-08-22 22:01 . 2008-04-13 22:15 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys 2010-08-15 13:07 . 2010-08-15 13:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation 2010-08-15 13:07 . 2010-08-15 13:07 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-08-15 12:50 . 2010-08-15 12:50 -------- d-----w- c:\program files\AllMySoftware 2010-08-15 12:43 . 2010-08-15 12:43 570016 ----a-w- c:\windows\system32\drivers\timntr.sys 2010-08-15 12:43 . 2010-08-15 12:43 158272 ----a-w- c:\windows\system32\drivers\snapman.sys 2010-08-15 12:43 . 2010-08-15 12:43 -------- d-----w- c:\program files\Common Files\Acronis 2010-08-15 12:43 . 2010-08-15 12:43 -------- d-----w- c:\program files\Acronis 2010-08-15 12:14 . 2010-05-05 11:47 40368 ----a-w- c:\windows\system32\drivers\hotcore3.sys 2010-08-15 12:14 . 2010-05-05 11:47 4244744 ----a-w- c:\windows\system32\qtp-mt334.dll 2010-08-15 12:14 . 2010-05-05 11:47 13576 ----a-w- c:\windows\system32\wnaspi32.dll 2010-08-15 12:14 . 2010-05-05 11:47 247560 ----a-w- c:\windows\system32\prgiso.dll 2010-08-15 12:14 . 2010-08-15 12:14 -------- d-----w- c:\program files\Paragon Software 2010-08-15 12:12 . 2010-08-15 12:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\explauncher 2010-08-14 09:47 . 2010-08-14 09:47 -------- d-----w- c:\program files\IZArc 2010-08-14 09:46 . 2010-08-15 12:56 -------- d-----w- c:\documents and settings\Tomasz-Szpony\Ustawienia lokalne\Dane aplikacji\Adobe 2010-08-14 09:38 . 2010-08-14 09:38 64200 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2010-08-14 09:38 . 2010-08-14 09:38 -------- d-----w- c:\program files\MSBuild 2010-08-14 09:38 . 2010-08-14 09:38 -------- d-----w- c:\windows\system32\XPSViewer 2010-08-14 09:38 . 2010-08-14 09:38 -------- d-----w- c:\program files\Reference Assemblies 2010-08-14 09:38 . 2007-03-22 18:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-08-14 09:37 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2010-08-14 09:33 . 2010-08-14 09:39 -------- d-----w- c:\program files\Windows Unattended CD Creator 2010-08-14 09:25 . 2008-04-14 20:50 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll 2010-08-14 09:25 . 2008-04-14 20:50 1306624 ------w- c:\windows\system32\msxml6.dll 2010-08-14 09:25 . 2008-04-14 19:52 89600 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2010-08-14 09:25 . 2008-04-14 19:52 89600 ------w- c:\windows\system32\msxml6r.dll 2010-08-14 09:25 . 2007-06-26 09:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip 2010-08-14 09:25 . 2007-06-26 09:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip 2010-08-14 09:25 . 2008-04-14 20:50 10752 ------w- c:\windows\system32\smtpapi.dll 2010-08-14 09:25 . 2008-04-14 20:50 9728 ------w- c:\windows\system32\rwnh.dll 2010-08-14 09:25 . 2008-04-13 22:15 46592 ------w- c:\windows\system32\drivers\irbus.sys 2010-08-14 09:25 . 2008-04-13 22:13 9728 ------w- c:\windows\system32\comsdupd.exe 2010-08-14 09:23 . 2010-08-14 09:23 -------- d-----w- c:\windows\ServicePackFiles 2010-08-14 09:23 . 2008-04-14 20:51 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2010-08-14 09:21 . 2007-08-10 18:53 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2010-08-14 09:20 . 2010-08-14 09:20 -------- d-----w- c:\documents and settings\Tomasz-Szpony\Dane aplikacji\Search Settings 2010-08-14 09:20 . 2010-08-14 09:20 -------- d-----w- c:\documents and settings\Tomasz-Szpony\Dane aplikacji\pdfforge 2010-08-14 09:13 . 2008-10-16 12:09 43544 ----a-w- c:\windows\system32\wups2.dll 2010-08-12 20:52 . 2010-08-12 20:52 -------- d-----w- C:\Boot 2010-08-12 19:23 . 2010-08-12 19:23 -------- d-----w- c:\windows\system32\wbem\Repository 2010-08-12 19:22 . 2010-08-12 19:22 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-12 19:22 . 2010-08-14 09:39 13104 ----a-w- c:\documents and settings\Tomasz-Szpony\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-08-12 19:22 . 2010-08-12 19:23 -------- d-----w- c:\documents and settings\Tomasz-Szpony\Dane aplikacji\ViGlance 2010-08-12 19:22 . 2010-08-12 19:22 -------- d-----w- c:\documents and settings\Tomasz-Szpony\Dane aplikacji\ViStart 2010-08-12 19:15 . 2010-08-12 19:23 -------- d-----w- c:\program files\WinFlip 2010-08-12 19:15 . 2010-08-12 19:23 -------- d-----w- c:\program files\ViStart 2010-08-12 19:15 . 2010-08-12 19:23 -------- d-----w- c:\program files\ViSplore 2010-08-12 19:15 . 2010-08-12 19:23 -------- d-----w- c:\program files\ViGlance 2010-08-12 19:15 . 2010-08-12 19:23 -------- d-----w- c:\program files\TrueTransparency 2010-08-12 19:15 . 2010-08-12 19:23 -------- d-----w- c:\program files\Vista Rainbar 2010-08-12 19:05 . 2010-08-12 19:05 -------- d-----w- c:\windows\system32\config\systemprofile\Dane aplikacji\Application Updater 2010-08-12 19:05 . 2010-08-12 19:05 -------- d-----w- c:\program files\Application Updater 2010-08-12 19:05 . 2010-08-22 22:09 -------- d-----w- c:\program files\pdfforge Toolbar 2010-08-12 19:05 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2010-08-12 19:05 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2010-08-12 19:05 . 2010-08-12 19:05 -------- d-----w- c:\program files\PDFCreator 2010-08-12 19:02 . 2010-08-12 19:02 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-12 18:59 . 2010-08-12 18:59 -------- d-----w- c:\windows\Logs 2010-08-12 18:57 . 2010-08-12 18:57 0 ----a-w- c:\windows\nsreg.dat 2010-08-12 18:57 . 2010-08-12 18:57 -------- d-----w- c:\documents and settings\Tomasz-Szpony\Ustawienia lokalne\Dane aplikacji\Mozilla 2010-08-12 18:52 . 2010-08-12 18:52 -------- d-s---w- c:\documents and settings\Tomasz-Szpony\UserData . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-22 22:01 . 2010-08-12 14:02 -------- d-----w- c:\program files\DialNet 2010-08-15 13:07 . 2010-08-15 13:06 -------- d-----w- c:\program files\NVIDIA Corporation 2010-08-15 13:07 . 2010-08-15 13:06 1 ----a-w- c:\windows\system32\nvdrssel.bin 2010-07-09 22:38 . 2010-08-14 09:24 6343040 ----a-w- c:\windows\system32\nv4_disp.dll 2010-07-09 22:38 . 2010-08-14 09:22 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-07-07 11:46 . 2010-08-12 13:50 604776 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\9163\AdobeARM.exe 2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\9163\AdobeExtractFiles.dll 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\9163\ReaderUpdater.exe 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\9163\AcrobatUpdater.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "a-winpoet-service"="c:\program files\DialNet\winpppoverethernet.exe" [2007-07-06 405504] "z-WrDialer"="c:\program files\DialNet\wrdialer.exe" [2007-07-11 561152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-11 2209552] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Harmonogram2\schedhlp.exe" [2010-03-11 357656] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2010-08-15 40368] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928] R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:\windows\system32\drivers\WrKPoET2000.sys [2010-08-12 52214] R3 FPD;Fine Point Packet Service;c:\windows\system32\drivers\fpd.sys [2010-08-12 30336] R3 WrKPoET2000;WrKPoET2000;c:\program files\DialNet\WrKPoET2000.sys [2010-08-12 52214] R3 WRSWanDD;WinPoET PPPoE Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [2010-08-12 65604] . . ------- Skan uzupełniający ------- . TCP: {1C6F0573-FBAE-4680-BE2C-298D2C9FC03F} = 217.30.129.149 217.30.137.200 FF - ProfilePath - c:\documents and settings\Tomasz-Szpony\Dane aplikacji\Mozilla\Firefox\Profiles\wptl8jc6.default\ FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-23 00:13 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(2368) c:\windows\system32\msi.dll . Czas ukończenia: 2010-08-23 00:13:30 ComboFix-quarantined-files.txt 2010-08-22 22:13 ComboFix2.txt 2010-08-22 22:10 Przed: 29 384 065 024 bajtów wolnych Po: 29 377 609 728 bajtów wolnych - - End Of File - - C38F2FC7FCA297790037E8D9D4ABAC48