ComboFix 10-10-07.02 - Andriej 2010-10-08 15:42:48.1.1 - x86 Uruchomiony z: c:\documents and settings\Andriej\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Andriej\Pulpit\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll c:\program files\Internet Explorer\Plugins\npqtplugin4.dll c:\program files\Internet Explorer\Plugins\npqtplugin5.dll c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll c:\program files\Mozilla Firefox\Plugins\npqtplugin2.dll c:\program files\Mozilla Firefox\Plugins\npqtplugin3.dll c:\program files\Mozilla Firefox\Plugins\npqtplugin4.dll c:\program files\Mozilla Firefox\Plugins\npqtplugin5.dll c:\program files\Mozilla Firefox\Plugins\npqtplugin6.dll c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll c:\program files\QuickTime\Plugins\npqtplugin2.dll c:\program files\QuickTime\Plugins\npqtplugin3.dll c:\program files\QuickTime\Plugins\npqtplugin4.dll c:\program files\QuickTime\Plugins\npqtplugin5.dll c:\program files\QuickTime\Plugins\npqtplugin6.dll c:\program files\QuickTime\Plugins\npqtplugin7.dll c:\windows\system32\winlogon.exe . . . jest zainfekowany!! Zainfekowana kopia c:\windows\explorer.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{EBC7360E-2541-4962-A964-5DEA5619A71B}\RP13\A0009711.exe Zainfekowana kopia c:\windows\system32\ctfmon.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\system volume information\_restore{EBC7360E-2541-4962-A964-5DEA5619A71B}\RP12\A0004224.exe . --------------- FCopy --------------- c:\pliki\winlogon.exe --> c:\windows\system32\winlogon.exe c:\pliki\winlogon.exe --> c:\windows\system32\dllcache\winlogon.exe c:\pliki\explorer.exe --> c:\windows\explorer.exe c:\pliki\explorer.exe --> c:\windows\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS -------\Service_SSHNAS ((((((((((((((((((((((((( Pliki utworzone od 2010-09-08 do 2010-10-08 ))))))))))))))))))))))))))))))) . 2010-10-08 16:02 . 2004-08-04 00:44 504832 ----a-w- c:\windows\winlogon.exe 2010-10-08 13:37 . 2010-10-08 13:37 -------- d-----w- C:\pliki 2010-10-08 13:37 . 2010-10-08 13:37 662166 ----a-w- C:\pliki.zip 2010-10-08 12:58 . 2010-10-08 13:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-10-08 12:58 . 2010-10-08 12:58 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Hitman Pro 2010-10-08 12:58 . 2010-10-08 12:58 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-10-08 10:15 . 2010-10-08 10:15 -------- d-----w- c:\program files\trend micro 2010-10-08 10:15 . 2010-10-08 10:15 -------- d-----w- C:\rsit 2010-10-06 17:45 . 2010-10-06 17:45 310208 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Azureus\plugins\mlab\ShaperProbeC.exe 2010-10-06 17:45 . 2010-10-06 19:17 -------- d-----w- c:\documents and settings\Andriej\Dane aplikacji\Azureus 2010-10-06 17:42 . 2010-10-06 17:43 -------- d-----w- c:\program files\Vuze 2010-10-06 17:21 . 2010-10-06 17:21 -------- d-----w- c:\windows\system32\wbem\Repository 2010-10-06 15:54 . 2010-10-06 15:54 -------- d-----w- c:\program files\adi 2010-10-06 14:07 . 2010-10-06 17:20 -------- d-----w- c:\documents and settings\Andriej\Dane aplikacji\Ventrilo 2010-10-06 12:16 . 2010-10-06 17:20 -------- d-----w- C:\RECYCLER(2) 2010-10-05 21:24 . 2010-10-05 21:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-10-05 21:23 . 2010-10-05 21:23 -------- d-----w- c:\program files\Common Files\Skype 2010-10-05 21:23 . 2010-10-05 21:23 -------- d-----r- c:\program files\Skype 2010-10-05 21:23 . 2010-10-05 21:23 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype 2010-10-04 18:48 . 2010-10-05 14:07 -------- d-----w- c:\documents and settings\Andriej\Dane aplikacji\Teleca 2010-10-04 18:46 . 2010-10-04 18:46 -------- d-----w- c:\documents and settings\Andriej\Ustawienia lokalne\Dane aplikacji\Sony Ericsson 2010-10-04 18:45 . 2010-10-04 18:45 -------- d-----w- c:\documents and settings\Andriej\Dane aplikacji\Sony Ericsson 2010-10-04 18:45 . 2010-10-04 18:45 -------- d-----w- c:\program files\Common Files\Sony Ericsson Shared 2010-10-04 18:45 . 2010-10-04 18:46 -------- d-----w- c:\program files\Common Files\Teleca Shared 2010-10-04 18:45 . 2010-10-04 18:45 -------- d-----w- c:\program files\Sony Ericsson 2010-10-04 18:44 . 2010-10-04 18:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Teleca 2010-10-04 18:44 . 2010-10-04 18:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson 2010-10-04 18:43 . 2010-10-04 18:43 -------- d-----w- c:\program files\QuickTime 2010-10-04 18:42 . 2010-10-04 18:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer 2010-10-04 17:58 . 2010-10-04 18:01 -------- d-----w- c:\documents and settings\Andriej\Ustawienia lokalne\Dane aplikacji\Adobe 2010-10-04 15:23 . 2010-10-04 15:23 -------- d-----w- c:\documents and settings\Andriej\Ustawienia lokalne\Dane aplikacji\Macromedia 2010-10-04 15:21 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-10-03 23:02 . 2010-10-03 23:02 -------- d-----w- c:\documents and settings\Andriej\Ustawienia lokalne\Dane aplikacji\ESET 2010-10-03 22:41 . 2010-10-03 22:46 -------- d-----w- c:\program files\The KMPlayer 2010-10-03 12:13 . 2010-10-03 12:43 -------- d-----w- c:\program files\Exterminate It! 2010-10-03 12:00 . 2010-10-04 14:30 -------- d-----w- c:\documents and settings\Andriej\Dane aplikacji\EditPlus 3 2010-10-03 12:00 . 2010-10-03 12:04 -------- d-----w- c:\program files\EditPlus 3 2010-10-03 11:56 . 2010-05-12 14:09 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-10-03 11:56 . 2010-10-03 11:56 -------- d-----w- c:\program files\ffdshow 2010-10-03 11:34 . 2010-10-03 11:34 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Tlen.pl 2010-10-03 11:33 . 2010-10-03 11:33 -------- d-----w- c:\program files\Tlen.pl 2010-10-03 11:13 . 2010-10-04 17:57 -------- d-----w- c:\program files\Common Files\Adobe 2010-10-03 10:55 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2010-10-03 10:55 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll 2010-10-03 10:51 . 2010-10-03 10:51 -------- d-----w- c:\program files\Microsoft.NET 2010-10-03 10:50 . 2010-10-03 10:50 -------- d-----w- c:\program files\Microsoft Works 2010-10-03 10:50 . 2010-10-03 10:51 -------- d-----w- c:\windows\SHELLNEW 2010-10-03 10:39 . 2010-10-03 10:39 -------- d-----w- c:\documents and settings\Andriej\Ustawienia lokalne\Dane aplikacji\Cooliris 2010-10-03 10:39 . 2010-01-21 16:16 52224 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll 2010-10-03 10:39 . 2010-01-21 16:16 101376 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll 2010-10-03 10:39 . 2009-04-09 14:03 57407 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll 2010-10-03 10:39 . 2010-01-06 11:08 4725760 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\piclens@cooliris.com-trash\libs\cooliris192.dll 2010-10-03 10:39 . 2010-06-14 10:08 4687360 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\piclens@cooliris.com\libs\cooliris192.dll 2010-10-03 10:39 . 2010-06-14 10:08 425984 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2010-10-03 10:39 . 2010-06-14 10:08 152064 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2010-10-03 10:39 . 2010-06-14 10:08 103424 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2010-10-03 10:39 . 2010-06-14 10:08 57856 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2010-10-03 10:39 . 2010-06-14 10:08 4687872 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\piclens@cooliris.com\libs\cooliris190.dll 2010-10-03 10:39 . 2010-01-06 11:08 57856 ----a-w- c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll 2010-10-03 02:58 . 2005-10-21 01:47 12800 ------w- c:\windows\system32\drivers\usb8023x.sys 2010-10-03 02:58 . 2005-10-21 01:47 30592 ------w- c:\windows\system32\drivers\rndismpx.sys 2010-10-03 02:58 . 2010-10-03 11:36 -------- d-----w- c:\program files\Microsoft ActiveSync 2010-10-03 02:57 . 2010-10-04 18:45 -------- d-----w- c:\windows\Downloaded Installations 2010-10-03 02:57 . 2010-10-03 02:57 -------- d-----w- c:\program files\Damian Pasternak 2010-10-03 02:37 . 2010-10-08 12:56 -------- d-----w- c:\documents and settings\Andriej\Dane aplikacji\skypePM 2010-10-03 02:37 . 2010-10-08 13:45 -------- d-----w- c:\documents and settings\Andriej\Dane aplikacji\Skype 2010-10-03 02:36 . 2010-10-06 17:37 -------- d-----w- c:\documents and settings\Andriej\Dane aplikacji\Tlen.pl 2010-10-03 02:30 . 2010-10-03 02:30 -------- d-----w- c:\documents and settings\Andriej\Ustawienia lokalne\Dane aplikacji\Mozilla 2010-10-03 02:25 . 2010-10-03 02:25 -------- d-----r- c:\program files\SpyHunter 4 2010-10-03 02:24 . 2010-10-03 02:24 -------- d-----w- c:\documents and settings\Andriej\Ustawienia lokalne\Dane aplikacji\GHISLER 2010-10-03 02:14 . 2010-10-07 22:26 -------- d-----w- c:\documents and settings\Andriej\Dane aplikacji\foobar2000 2010-10-03 02:12 . 2010-10-03 11:17 -------- d-----w- c:\documents and settings\Andriej\Dane aplikacji\GHISLER 2010-10-03 02:11 . 2010-10-07 19:21 63592 ----a-w- c:\documents and settings\Andriej\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-10-03 02:11 . 2010-10-03 02:11 -------- d-----w- c:\documents and settings\Andriej\Dane aplikacji\ESET 2010-10-03 02:10 . 2010-10-03 02:10 -------- d-----w- c:\documents and settings\Andriej\Bluetooth Software 2010-10-03 01:52 . 2010-10-08 10:39 -------- d-----w- c:\program files\Steam 2010-10-03 01:25 . 2010-10-03 02:08 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\foobar2000 2010-10-03 01:24 . 2010-10-03 01:25 -------- d-----w- c:\program files\foobar2000 2010-10-03 00:57 . 2010-10-03 00:57 110080 ----a-r- c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconF7A21AF7.exe 2010-10-03 00:57 . 2010-10-03 00:57 110080 ----a-r- c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconD7F16134.exe 2010-10-03 00:56 . 2010-10-03 00:56 -------- d-----w- c:\program files\Enigma Software Group 2010-10-03 00:56 . 2010-10-03 00:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-10-03 00:39 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-10-03 00:39 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-10-03 00:38 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-10-03 00:38 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-10-03 00:38 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2010-10-03 00:38 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-10-03 00:37 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-10-03 00:37 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-10-03 00:37 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-10-03 00:37 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-10-03 00:37 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2010-10-03 00:37 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-10-03 00:36 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2010-10-03 00:36 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2010-10-03 00:36 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2010-10-03 00:36 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2010-10-03 00:36 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2010-10-03 00:35 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2010-10-03 00:35 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2010-10-03 00:35 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2010-10-03 00:35 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2010-10-03 00:35 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2010-10-03 00:35 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2010-10-03 00:35 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2010-10-03 00:34 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2010-10-03 00:34 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2010-10-03 00:34 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2010-10-03 00:34 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2010-10-03 00:34 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2010-10-03 00:34 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll 2010-10-03 00:34 . 2008-10-27 08:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll 2010-10-03 00:33 . 2008-10-27 08:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll 2010-10-03 00:33 . 2008-10-27 08:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll 2010-10-03 00:33 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2010-10-03 00:33 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2010-10-03 00:33 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll 2010-10-03 00:32 . 2008-07-10 09:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2010-10-03 00:32 . 2008-07-10 09:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2010-10-03 00:32 . 2008-07-10 09:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2010-10-03 00:32 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll 2010-10-03 00:32 . 2008-05-30 12:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll 2010-10-03 00:32 . 2008-05-30 12:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll 2010-10-03 00:32 . 2008-05-30 12:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-06 12:11 . 2002-09-29 00:00 49492 ----a-w- c:\windows\system32\perfc015.dat 2010-10-06 12:11 . 2002-09-29 00:00 355486 ----a-w- c:\windows\system32\perfh015.dat 2010-10-03 02:07 . 2010-10-01 22:31 12328 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-10-03 00:48 . 2010-10-01 22:51 -------- d-----w- c:\program files\totalcmd 2010-10-02 23:08 . 2010-08-06 15:10 1073152 ----a-w- c:\windows\system32\btrez.dll 2010-10-01 23:08 . 2010-10-01 23:08 -------- d-----w- c:\program files\xp-AntiSpy 2010-10-01 22:51 . 2010-10-01 22:51 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\GHISLER 2010-10-01 22:38 . 2010-10-01 22:38 -------- d-----w- c:\program files\Agnitum 2010-10-01 22:38 . 2010-10-01 22:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Agnitum 2010-10-01 22:20 . 2010-10-01 22:20 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\ESET 2010-10-01 22:20 . 2010-10-01 22:20 0 ----a-w- c:\windows\nsreg.dat 2010-10-01 22:18 . 2010-10-01 22:18 -------- d-----w- c:\program files\ESET 2010-10-01 22:18 . 2010-10-01 22:18 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET 2010-10-01 22:02 . 2010-10-01 22:02 -------- d-----w- c:\program files\microsoft frontpage 2010-10-01 22:01 . 2010-10-01 22:01 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-10-01 22:01 . 2010-10-01 22:01 -------- d-----w- c:\program files\Usługi online 2010-10-01 21:59 . 2010-10-01 21:59 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\23729\AdobeARM.exe 2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\11503\AdobeARM.exe 2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\23729\AdobeExtractFiles.dll 2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\11503\AdobeExtractFiles.dll 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\23729\ReaderUpdater.exe 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\23729\AcrobatUpdater.exe 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\11503\ReaderUpdater.exe 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\11503\AcrobatUpdater.exe 2010-08-13 09:48 . 2010-10-01 22:40 713672 ----a-w- c:\windows\system32\drivers\SandBox.sys 2010-08-11 16:24 . 2010-10-01 22:39 267752 ----a-w- c:\windows\system32\drivers\afwcore.sys . ------- Sigcheck ------- [7] 2004-08-04 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\windows\winlogon.exe [-] 2004-08-03 . 85FAFF305A2F36320CE4C7E8CA1B44BB . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2004-08-04 . 560CFAC83670DE0656AA350C09273FF6 . 1033728 . . [6.00.2900.2180] . . c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost] @="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" [HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}] 2010-08-27 11:13 283224 ----a-w- c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-09-22 2839888] "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2010-08-27 491272] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Andriej\Menu Start\Programy\Autostart\ Skr˘t do SpyHunter.lnk - c:\program files\SpyHunter 4\SpyHunter.exe [2010-10-3 13238272] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-8-6 607584] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2010-10-03 116264] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-09-11 108792] R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-10-02 713672] R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2010-10-02 2035512] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 735960] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-07-14 326488] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2010-10-02 34280] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-10-02 267752] S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2010-10-02 72232] S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2010-01-27 5248] S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-08 16968] . . ------- Skan uzupełniający ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.onet.pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Wyślij do interfejsu Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.3i2.rox.pl/ FF - component: c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll FF - component: c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\Andriej\Dane aplikacji\Mozilla\Firefox\Profiles\yp05i5h9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1312) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2364) c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll c:\windows\system32\btmmhook.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MICROS~2\rapimgr.exe c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Czas ukończenia: 2010-10-08 16:08:34 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-10-08 14:08 ComboFix2.txt 2010-10-06 12:13 Przed: 70 803 034 112 bajtów wolnych Po: 70 779 797 504 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - A3CFC3707682953033F89F782F392D79