ComboFix 11-08-01.02 - Agnieszka Pelczarska 2011-08-01 19:18:51.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1015.512 [GMT 2:00] Uruchomiony z: c:\documents and settings\Agnieszka Pelczarska\Pulpit\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Agnieszka Pelczarska\WINDOWS c:\windows\IsUn0415.exe c:\windows\XSxS . . ((((((((((((((((((((((((( Pliki utworzone od 2011-07-01 do 2011-08-01 ))))))))))))))))))))))))))))))) . . 2011-07-27 17:18 . 2011-07-27 17:18 -------- d-----w- c:\program files\Xenocode 2011-07-27 17:18 . 2011-07-27 17:18 -------- d-----w- c:\documents and settings\Agnieszka Pelczarska\Ustawienia lokalne\Dane aplikacji\Xenocode 2011-07-17 14:05 . 2011-07-17 14:05 -------- d-----w- c:\documents and settings\Agnieszka Pelczarska\Ustawienia lokalne\Dane aplikacji\ConduitEngine 2011-07-17 14:05 . 2011-07-17 14:05 -------- d-----w- c:\program files\ConduitEngine 2011-07-17 14:05 . 2011-07-17 14:05 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-07-17 13:59 . 2008-09-23 09:13 735232 ----a-w- c:\windows\system32\drivers\ZD1211BU.SYS 2011-07-17 13:59 . 2011-07-17 13:59 -------- d-----w- c:\program files\WLAN_Software 2011-07-17 13:53 . 2008-04-14 21:50 26624 ----a-w- c:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2011-07-16 19:08 . 2011-07-17 13:59 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys 2011-07-16 19:08 . 2011-07-17 13:59 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys 2011-07-16 19:07 . 2011-07-16 19:07 -------- d-----w- c:\program files\AutoInstall . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-06 11:35 . 2004-08-04 08:00 1859200 ----a-w- c:\windows\system32\win32k.sys 2011-03-27 17:02 . 2011-03-27 17:02 13255749 ----a-w- c:\program files\instaluj_pity_format_2010.exe 2010-10-26 18:43 . 2010-10-26 18:37 98354288 ----a-w- c:\program files\DVESetup_EN.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\prxtbfre2.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2011-01-17 14:54 175912 ----a-w- c:\program files\free-downloads.net\prxtbfre2.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\prxtbfre2.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\prxtbfre2.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 68856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-05 395640] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656] "CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "ZDWLan_Utility"="c:\program files\WLAN_Software\ZD1211B\ZDWLan.EXE" [2008-08-21 487424] "AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2011-07-17 40960] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll . [HKLM\~\startupfolder\C:^Documents and Settings^Agnieszka Pelczarska^Menu Start^Programy^Autostart^Budzik.lnk] path=c:\documents and settings\Agnieszka Pelczarska\Menu Start\Programy\Autostart\Budzik.lnk backup=c:\windows\pss\Budzik.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DVD Check.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= . R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-26 294608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-11-30 108289] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-26 17744] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-10-05 8704] S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [?] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-10-05 3072] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2010-10-20 39048] S3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.SYS [2011-07-17 735232] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-15 721904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel . Zawartość folderu 'Zaplanowane zadania' . 2010-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 14:55] . 2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 14:55] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.ask.com?o=15187&l=dis uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Wyślij do interfejsu &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 62.179.1.63 62.179.1.62 . . ------- Skojarzenia plików ------- . .scr=AutoCADScriptFile . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-NWEReboot - (no file) AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0415.EXE AddRemove-ReflexGB - c:\windows\IsUn0415.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-01 19:28 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???`N??????(?@???????@ . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(860) c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll c:\windows\system32\msi.dll c:\program files\HPQ\IAM\Bin\ASChnl.dll c:\program files\HPQ\IAM\Bin\ItMsg.dll . - - - - - - - > 'explorer.exe'(3192) c:\program files\HPQ\IAM\Bin\SFSShell.dll c:\program files\HPQ\IAM\bin\ItMsg.dll c:\progra~1\WINDOW~1\wmpband.dll c:\windows\system32\msi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\DllHost.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\HPQ\IAM\bin\asghost.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wdfmgr.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\igfxsrvc.exe c:\progra~1\HPQ\Shared\HPQTOA~1.EXE c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2011-08-01 19:31:15 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-08-01 17:31 . Przed: 268 378 112 bajtów wolnych Po: 343 306 240 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - BB05B1333B906401DCEC58FE60D6EBD4