ComboFix 10-09-21.01 - Parqr 2010-09-22 12:26:42.1.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2047.1538 [GMT 2:00] Uruchomiony z: c:\documents and settings\Parqr\Pulpit\ComboFix.exe AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\raboya.pif c:\windows\Alcmtr.exe c:\windows\system32\spool\prtprocs\w32x86\CNMPDA4.DLL c:\windows\system32\spool\prtprocs\w32x86\CNMPPA4.DLL D:\Autorun.inf D:\dlkjn.pif E:\autorun.inf E:\puofjq.pif . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AMSINT32 -------\Legacy_ASC3360PR -------\Service_amsint32 -------\Service_asc3360pr ((((((((((((((((((((((((( Pliki utworzone od 2010-08-22 do 2010-09-22 ))))))))))))))))))))))))))))))) . 2010-09-22 10:31 . 2010-09-22 10:31 -------- d-----w- C:\FOUND.015 2010-09-20 11:49 . 2010-09-20 11:49 -------- d-----r- C:\MSOCache 2010-09-14 16:07 . 2010-09-14 16:07 -------- d-----w- C:\FOUND.014 2010-09-12 08:52 . 2010-09-12 08:52 -------- d-----w- C:\FOUND.013 2010-09-11 14:24 . 2010-09-11 14:24 -------- d-----w- C:\FOUND.012 2010-09-11 14:09 . 2010-09-11 14:09 -------- d-----w- C:\FOUND.011 2010-09-11 14:05 . 2010-09-11 14:05 -------- d-----w- C:\FOUND.010 2010-09-10 17:48 . 2008-09-10 19:56 144960 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\nppl3260.dll 2010-09-10 17:48 . 2008-09-10 19:37 94208 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\nprpjplug.dll 2010-09-10 17:48 . 2010-09-10 17:48 -------- d-----w- c:\program files\Real Alternative 2010-09-10 17:48 . 2010-09-10 17:48 -------- d-----w- c:\documents and settings\Parqr\Ustawienia lokalne\Dane aplikacji\Real 2010-09-09 19:34 . 2010-09-09 19:34 -------- d-----w- C:\FOUND.009 2010-09-08 17:18 . 2010-09-08 17:18 -------- d-----w- C:\FOUND.008 2010-09-02 11:17 . 2010-09-02 11:17 -------- d-----w- c:\documents and settings\Parqr\.gstreamer-0.10 2010-09-02 11:15 . 2010-09-02 11:15 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2010-09-02 11:15 . 2010-09-02 11:15 -------- d-----w- c:\documents and settings\Parqr\Dane aplikacji\OpenFM 2010-09-02 11:14 . 2010-09-02 11:14 -------- d-----w- c:\documents and settings\Parqr\Dane aplikacji\Gadu-Gadu 10 2010-09-02 11:14 . 2010-09-02 11:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-09-02 11:13 . 2010-09-02 11:13 -------- d-----w- c:\windows\SxsCaPendDel 2010-09-02 11:12 . 2010-09-02 11:12 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-08-31 15:08 . 2009-12-08 03:00 276992 ----a-w- c:\windows\system32\CNMLMA4.DLL 2010-08-30 18:54 . 2010-08-30 18:54 -------- d-----w- c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-16 14:31 . 2010-08-18 10:31 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-04 17:31 . 2010-08-04 17:31 503808 ----a-w- c:\documents and settings\Parqr\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37ebc78a-n\msvcp71.dll 2010-08-04 17:31 . 2010-08-04 17:31 499712 ----a-w- c:\documents and settings\Parqr\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37ebc78a-n\jmc.dll 2010-08-04 17:31 . 2010-08-04 17:31 348160 ----a-w- c:\documents and settings\Parqr\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37ebc78a-n\msvcr71.dll 2010-08-04 17:31 . 2010-08-04 17:31 61440 ----a-w- c:\documents and settings\Parqr\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a0f7b6b-n\decora-sse.dll 2010-08-04 17:31 . 2010-08-04 17:31 12800 ----a-w- c:\documents and settings\Parqr\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a0f7b6b-n\decora-d3d.dll 2010-07-25 11:04 . 2010-07-25 11:03 503808 ----a-w- c:\documents and settings\Parqr\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-49e9913c-n\msvcp71.dll 2010-07-25 11:04 . 2010-07-25 11:03 499712 ----a-w- c:\documents and settings\Parqr\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-49e9913c-n\jmc.dll 2010-07-25 11:04 . 2010-07-25 11:03 348160 ----a-w- c:\documents and settings\Parqr\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-49e9913c-n\msvcr71.dll 2010-07-25 11:03 . 2010-07-25 11:03 61440 ----a-w- c:\documents and settings\Parqr\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-208c0053-n\decora-sse.dll 2010-07-25 11:03 . 2010-07-25 11:03 12800 ----a-w- c:\documents and settings\Parqr\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-208c0053-n\decora-d3d.dll 2010-07-25 11:03 . 2010-07-25 11:03 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-21 23:23 . 2010-07-21 23:23 364544 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.3.dll 2010-07-21 23:23 . 2010-07-21 23:23 397312 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.3.dll 2010-07-12 23:21 . 2010-01-25 22:17 13112 ----a-w- c:\documents and settings\Parqr\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-07-12 21:40 . 2001-10-26 16:15 84208 ----a-w- c:\windows\system32\perfc015.dat 2010-07-12 21:40 . 2001-10-26 16:15 491152 ----a-w- c:\windows\system32\perfh015.dat 2010-07-12 21:40 . 2010-07-12 21:39 65472 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 2043904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-03 135168] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 329960] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 105904] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 2172864] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 122880] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 159744] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 233472] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 288088] BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2010-1-27 1265664] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-24 191488] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"= "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"= "c:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe"= "c:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\hid2hci.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= "c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"= "c:\\WINDOWS\\system32\\NeroCheck.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"= "c:\\WINDOWS\\system32\\chkdsk.exe"= "c:\\WINDOWS\\system32\\dwwin.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\crashreporter.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqbam08.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_FlashUtil.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "427:UDP"= 427:UDP:SLP_Port(427) R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-06-17 20744] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-01-26 164048] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-01-26 19024] S?2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 213488] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-06-17 29192] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-06-17 25480] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - AVAST!_ANTIVIRUS [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' 2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:15] 2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:15] . . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\documents and settings\Parqr\Dane aplikacji\Mozilla\Firefox\Profiles\87b53cha.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.3.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\nppl3260.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\nprpjplug.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-22 12:33 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(820) c:\windows\system32\Ati2evxx.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\wdfmgr.exe c:\windows\RTHDCPL.EXE c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\imapi.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe . ************************************************************************** . Czas ukończenia: 2010-09-22 12:33:42 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-09-22 10:33 Przed: 8 807 006 208 bajtów wolnych Po: 9 160 835 072 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut - - End Of File - - D1E0FF4AA8509CF688FE3DF2713194E6