ComboFix 11-01-15.01 - Gosiaaa 2011-01-16 22:05:08.1.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.446.291 [GMT 1:00] Uruchomiony z: c:\documents and settings\Gosiaaa\Pulpit\Nowy folder\ComboFix.exe FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dane aplikacji\hPmFf04300 c:\documents and settings\All Users\Dane aplikacji\hPmFf04300\hPmFf04300 c:\documents and settings\All Users\Dane aplikacji\hPmFf04300\hPmFf04300.exe c:\documents and settings\Gosiaaa\Dane aplikacji\oekx.exe c:\documents and settings\Gosiaaa\Menu Start\Programy\System Tool c:\documents and settings\Gosiaaa\Menu Start\Programy\System Tool\System Tool 2011.lnk c:\windows\cfdrive32.exe c:\windows\gwdrive32.exe . ((((((((((((((((((((((((( Pliki utworzone od 2010-12-16 do 2011-01-16 ))))))))))))))))))))))))))))))) . 2011-01-15 13:29 . 2011-01-16 15:36 -------- d-----w- c:\documents and settings\Gosiaaa\Dane aplikacji\skypePM 2011-01-15 13:26 . 2011-01-15 13:26 -------- d-----w- c:\program files\Common Files\Skype 2011-01-15 13:26 . 2011-01-15 13:27 -------- d-----r- c:\program files\Skype 2011-01-15 13:26 . 2011-01-16 15:37 -------- d-----w- c:\documents and settings\Gosiaaa\Dane aplikacji\Skype 2011-01-15 13:26 . 2011-01-15 13:26 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype 2011-01-05 19:37 . 2011-01-05 19:37 -------- dc-h--w- c:\documents and settings\All Users\Dane aplikacji\{0A63553F-CD47-45A0-BC8E-48CB7D13EB53} 2011-01-04 22:20 . 2011-01-04 22:20 -------- d-----w- c:\program files\Windows Media Connect 2 2011-01-04 22:17 . 2011-01-04 22:18 -------- d-----w- c:\windows\system32\drivers\UMDF 2011-01-04 22:17 . 2011-01-04 22:17 -------- d-----w- c:\windows\system32\LogFiles 2010-12-29 22:17 . 2010-12-29 22:24 -------- d-----w- c:\documents and settings\Gosiaaa\.netbeans 2010-12-29 22:17 . 2010-12-29 22:17 -------- d-----w- c:\documents and settings\Gosiaaa\.netbeans-registration 2010-12-29 22:12 . 2011-01-16 18:12 -------- d-----w- c:\documents and settings\Gosiaaa\.nbi 2010-12-29 22:11 . 2010-12-29 22:11 -------- d-----w- c:\program files\Sun . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 c:\documents and settings\Marian\Menu Start\Programy\Autostart\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [N/A] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32 [HKLM\~\startupfolder\C:^Documents and Settings^Gosiaaa^Menu Start^Programy^Autostart^OpenOffice.org 3.2.lnk] path=c:\documents and settings\Gosiaaa\Menu Start\Programy\Autostart\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2005-04-16 15:08 172032 ----a-w- c:\program files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-01-15 14:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FuncKey] 2006-07-27 13:06 122880 ----a-w- c:\program files\Hotkey 1.0.4\FuncKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10] 2010-12-16 05:19 12984928 ----a-w- e:\program files\Gadu-Gadu 10\gg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!] 2010-11-15 12:56 18633728 ----a-w- c:\program files\ipla\ipla.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-08-03 22:55 1667584 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-01-03 14:44 15028104 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 135664] S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - MDMXSDK . Zawartość folderu 'Zaplanowane zadania' 2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 14:12] 2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 14:12] . . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\documents and settings\Gosiaaa\Dane aplikacji\Mozilla\Firefox\Profiles\ucy3df2d.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-Advanced DDTML Enable - c:\docume~1\Gosiaaa\USTAWI~1\Temp\362.exe MSConfigStartUp-Advanced DHTML Enable - c:\docume~1\Gosiaaa\USTAWI~1\Temp\6473145.exe MSConfigStartUp-Advanced System Protector - c:\program files\Systweak\Advanced System Protector\ASP.exe MSConfigStartUp-bad - c:\documents and settings\Gosiaaa\Dane aplikacji\bad.exe MSConfigStartUp-Microsoft Driver Setup - c:\windows\gwdrive32.exe MSConfigStartUp-psysnew - c:\recycler\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe MSConfigStartUp-S3Trayp - S3trayp.exe MSConfigStartUp-Tnaww - c:\recycler\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe MSConfigStartUp-VTTimer - VTTimer.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-16 22:09 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2011-01-16 22:11:47 ComboFix-quarantined-files.txt 2011-01-16 21:11 Przed: 2 813 607 936 bajtów wolnych Po: 4 120 399 872 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 5894128785C9F516E3127C0C40DA061D