ComboFix 10-06-07.01 - paulina 2010-06-08 11:40:37.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.582 [GMT 2:00] Uruchomiony z: c:\documents and settings\paulina\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\paulina\Pulpit\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "C:\asdj.exe" "C:\gf6ffsds.exe" "C:\hgfhd.exe" "C:\hxf.exe" "C:\hxgfhd.exe" "C:\lhhr8.exe" "C:\menu.exe" "C:\nhx.exe" "c:\windows\Vkuloa.exe" "C:\xjb3.exe" "C:\y6cqb2is.exe" "D:\asdj.exe" "D:\gf6ffsds.exe" "D:\hgfhd.exe" "D:\hxf.exe" "D:\hxgfhd.exe" "D:\lhhr8.exe" "D:\menu.exe" "D:\nhx.exe" "D:\xjb3.exe" "D:\y6cqb2is.exe" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\hgfhd.exe C:\hxgfhd.exe D:\lhhr8.exe D:\nhx.exe D:\xjb3.exe D:\y6cqb2is.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ayeomkhd -------\Service_bimvmvwx -------\Service_btbldaqy -------\Service_bzmlmylk -------\Service_cpahsbaa -------\Service_cwoodjjf -------\Service_dyskslro -------\Service_ebggbogv -------\Service_ecacsqcx -------\Service_fsxkaeup -------\Service_ftftuike -------\Service_giylfkyq -------\Service_gjaereco -------\Service_gkyyzzmd -------\Service_hcqvvwgz -------\Service_hkxklanh -------\Service_hnmqdbjo -------\Service_jtkwmair -------\Service_lrucuvku -------\Service_mjrlaety -------\Service_mmfojgjb -------\Service_mvkpnxbs -------\Service_nfoaqqoa -------\Service_nimqiznu -------\Service_ntwjpjzv -------\Service_oavxfmub -------\Service_pfilxmgl -------\Service_scorjrxy -------\Service_smofzbbr -------\Service_sujxnjjs -------\Service_tljefaae -------\Service_tpbtdxim -------\Service_tyjbeeoe -------\Service_uossidqf -------\Service_uouwrqzq -------\Service_vdktwjmr -------\Service_vkfqridq -------\Service_wrmnfedx -------\Service_xjvcimev -------\Service_yhcmrwbd -------\Service_zfyvqtiq ((((((((((((((((((((((((( Pliki utworzone od 2010-05-08 do 2010-06-08 ))))))))))))))))))))))))))))))) . 2010-06-07 12:52 . 2010-06-07 16:13 -------- d-----w- c:\windows\system32\NtmsData 2010-06-07 12:47 . 2010-06-07 12:47 -------- d-----w- c:\documents and settings\paulina\Dane aplikacji\Avira 2010-06-07 12:45 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-07 12:45 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-07 12:45 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-07 12:45 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-07 12:45 . 2010-06-07 12:45 -------- d-----w- c:\program files\Avira 2010-06-07 12:45 . 2010-06-07 12:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira 2010-05-29 18:15 . 2010-05-29 18:15 503808 ----a-w- c:\documents and settings\paulina\Dane aplikacji\Sun\Java\Deployment\cache\6.0\46\f84c6ae-17a4b03d-n\msvcp71.dll 2010-05-29 18:15 . 2010-05-29 18:15 499712 ----a-w- c:\documents and settings\paulina\Dane aplikacji\Sun\Java\Deployment\cache\6.0\46\f84c6ae-17a4b03d-n\jmc.dll 2010-05-29 18:15 . 2010-05-29 18:15 348160 ----a-w- c:\documents and settings\paulina\Dane aplikacji\Sun\Java\Deployment\cache\6.0\46\f84c6ae-17a4b03d-n\msvcr71.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-08 09:35 . 2010-01-01 04:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2010-06-06 11:10 . 2009-03-29 21:59 -------- d-----w- c:\documents and settings\paulina\Dane aplikacji\Winamp 2010-06-05 16:00 . 2001-10-26 14:15 84916 ----a-w- c:\windows\system32\perfc015.dat 2010-06-05 16:00 . 2001-10-26 14:15 493632 ----a-w- c:\windows\system32\perfh015.dat 2010-05-17 18:15 . 2010-03-14 15:33 -------- d-----w- c:\documents and settings\paulina\Dane aplikacji\Hamachi 2010-05-17 18:09 . 2009-09-23 08:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2010-05-15 16:35 . 2010-03-11 11:35 -------- d-----w- c:\documents and settings\paulina\Dane aplikacji\Moje pliki zapisu Bitwy o Śródziemie 2010-05-10 15:37 . 2009-03-29 21:55 -------- d-----w- c:\documents and settings\paulina\Dane aplikacji\Nowe Gadu-Gadu 2010-04-20 13:18 . 2010-04-20 11:51 -------- d-----w- c:\program files\kED 2010-04-09 21:46 . 2010-02-20 19:17 -------- d-----w- c:\program files\MioNet 2010-03-17 14:18 . 2010-01-06 11:03 68456 ----a-w- c:\documents and settings\paulina\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-03-10 19:36 . 2010-03-10 19:35 1025992 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NOS\Adobe_Downloads\SecurityScan_Release.exe 2010-03-10 19:35 . 2010-03-10 19:35 86016 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NOS\Adobe_Downloads\arh.exe . ((((((((((((((((((((((((((((( SnapShot@2010-06-07_19.29.18 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-08 09:46 . 2010-06-08 09:46 16384 c:\windows\Temp\Perflib_Perfdata_7fc.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-07-27 10719848] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-09-04 6856704] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "nwiz"="nwiz.exe" [2008-10-07 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "phc710"="c:\windows\system32\vphc700.exe" [2005-07-20 339968] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Raconfig.lnk - c:\program files\RALINK\RT2400 Wireless LAN Card\Installer\WINXP\RaConfig.exe [2009-3-29 479232] TrayMin710.exe.lnk - c:\program files\Philips\Philips SPC710NC Webcam\TrayMin710.exe [2010-2-20 278528] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\call\\Call of Duty 4 - Modern Warfare\\Cod4 na dragan\\iw3mp.exe"= "d:\\gry\\Bitwa o Śródziemie\\game.dat"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2009-03-29 25067] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-06-07 135336] R2 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [2005-07-15 139264] R3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2009-03-29 62848] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] . Zawartość folderu 'Zaplanowane zadania' 2010-06-08 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-01-07 21:18] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.a2articles.com IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: {02B44E22-2F9D-4AE2-BB0F-720FAF330604} = 194.204.159.1,192.168.0.1 TCP: {358D5AD6-49D2-42D7-9852-2F48124A32A9} = 194.204.159.1,192.168.0.1 FF - ProfilePath - c:\documents and settings\paulina\Dane aplikacji\Mozilla\Firefox\Profiles\mpya4vjv.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\paulina\Dane aplikacji\Mozilla\Firefox\Profiles\mpya4vjv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: c:\documents and settings\paulina\Dane aplikacji\Facebook\npfbplugin_1_0_1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-08 11:47 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(3668) c:\windows\system32\msi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\wdfmgr.exe c:\program files\MioNet\jvm\bin\MioNet.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE . ************************************************************************** . Czas ukończenia: 2010-06-08 11:51:11 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-06-08 09:51 ComboFix2.txt 2010-06-07 19:32 Przed: 14 047 903 744 bajtów wolnych Po: 14 015 782 912 bajtów wolnych - - End Of File - - 5CE932C6D314FEC6149BC4E339D3CFAA