ComboFix 10-01-21.08 - Adam 2010-01-23 0:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1917.1579 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Adam\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1220945662-1637723038-682003330-1003
c:\windows\system32\hattric
.
((((((((((((((((((((((((( Pliki utworzone od 2009-12-22 do 2010-01-22 )))))))))))))))))))))))))))))))
.
2010-01-22 23:13 . 2010-01-22 23:13 -------- d-----w- c:\documents and settings\Adam\Dane aplikacji\Hewlett-Packard
2010-01-22 23:12 . 2010-01-22 23:12 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-01-22 23:11 . 2003-04-07 06:21 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2010-01-22 23:11 . 2003-04-07 06:21 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2010-01-22 23:11 . 2003-04-07 06:21 167936 ----a-r- c:\windows\system32\HPZipr12.dll
2010-01-22 23:11 . 2003-04-07 06:21 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2010-01-22 23:11 . 2003-04-07 06:21 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2010-01-22 23:11 . 2003-04-07 06:21 16080 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-22 23:11 . 2003-04-07 06:21 233528 ----a-r- c:\windows\system32\HPZidr12.dll
2010-01-22 23:11 . 2003-04-07 06:21 51024 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2010-01-22 23:10 . 2003-04-07 06:21 21456 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-01-22 23:10 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-22 23:10 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-22 23:05 . 2010-01-22 23:05 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-01-22 23:04 . 2010-01-22 23:12 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-22 23:03 . 2010-01-22 23:13 20458 ----a-w- c:\windows\hpoins01.dat
2010-01-22 23:03 . 2003-04-07 06:31 16622 ------w- c:\windows\hpomdl01.dat
2010-01-22 22:27 . 2010-01-22 22:27 -------- d-----w- c:\program files\MSBuild
2010-01-22 22:27 . 2010-01-22 22:27 -------- d-----w- c:\program files\Reference Assemblies
2010-01-22 22:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-22 22:26 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-22 22:26 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-22 22:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-22 22:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-22 22:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-22 22:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-22 22:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-22 22:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-22 22:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-22 19:04 . 2010-01-22 19:04 80400 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-22 19:04 . 2010-01-22 19:04 315408 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-22 19:04 . 2010-01-22 19:04 109072 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-22 19:04 . 2010-01-22 19:04 80400 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-22 19:04 . 2010-01-22 19:04 109072 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-22 19:04 . 2010-01-22 19:04 315408 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-22 18:59 . 2010-01-22 18:59 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-22 18:59 . 2010-01-22 18:59 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-22 18:59 . 2010-01-22 19:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2010-01-22 18:59 . 2010-01-22 18:59 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-22 18:57 . 2010-01-22 18:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2010-01-22 17:09 . 2010-01-22 17:09 503808 ----a-w- c:\documents and settings\Adam\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-782c0ea1-n\msvcp71.dll
2010-01-22 17:09 . 2010-01-22 17:09 499712 ----a-w- c:\documents and settings\Adam\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-782c0ea1-n\jmc.dll
2010-01-22 17:09 . 2010-01-22 17:09 348160 ----a-w- c:\documents and settings\Adam\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-782c0ea1-n\msvcr71.dll
2010-01-22 17:09 . 2010-01-22 17:09 61440 ----a-w- c:\documents and settings\Adam\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-51a7eb69-n\decora-sse.dll
2010-01-22 17:09 . 2010-01-22 17:09 12800 ----a-w- c:\documents and settings\Adam\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-51a7eb69-n\decora-d3d.dll
2010-01-22 17:09 . 2010-01-22 17:09 -------- d-----w- c:\program files\Common Files\Java
2010-01-22 17:09 . 2010-01-22 17:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-22 17:09 . 2010-01-22 17:09 -------- d-----w- c:\program files\Java
2010-01-22 17:02 . 2010-01-22 17:02 -------- d-----w- c:\program files\GRETECH
2010-01-22 17:02 . 2010-01-22 17:02 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-22 17:01 . 2010-01-22 17:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-22 17:01 . 2010-01-22 19:16 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-22 17:01 . 2010-01-22 17:01 -------- d-----w- c:\documents and settings\Adam\Dane aplikacji\DAEMON Tools Lite
2010-01-22 17:01 . 2010-01-22 17:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2010-01-22 16:43 . 2010-01-22 16:43 -------- d-----w- c:\program files\Microsoft FrontPage
2010-01-22 16:42 . 2010-01-22 16:42 -------- d-----w- c:\windows\ShellNew
2010-01-22 16:41 . 2010-01-22 16:41 -------- d-----w- c:\documents and settings\Adam\Dane aplikacji\Microsoft Web Folders
2010-01-22 16:38 . 2003-06-18 16:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-01-22 16:38 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-01-22 16:06 . 2010-01-22 16:06 15872 ----a-r- c:\documents and settings\Adam\Dane aplikacji\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2010-01-22 15:20 . 2010-01-22 15:20 -------- d-----w- c:\documents and settings\Adam\.gstreamer-0.10
2010-01-22 15:20 . 2010-01-22 23:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2010-01-22 15:20 . 2010-01-22 15:20 -------- d-----w- c:\documents and settings\Adam\Dane aplikacji\OpenFM
2010-01-22 15:14 . 2010-01-22 15:14 -------- d-----w- c:\documents and settings\Adam\Ustawienia lokalne\Dane aplikacji\cache
2010-01-22 15:13 . 2010-01-22 19:14 -------- d-----w- c:\documents and settings\Adam\Dane aplikacji\Gadu-Gadu 10
2010-01-22 15:13 . 2010-01-22 15:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-01-22 15:13 . 2010-01-22 15:13 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-01-22 15:09 . 2010-01-22 15:09 0 ----a-w- c:\windows\nsreg.dat
2010-01-22 15:09 . 2010-01-22 15:09 -------- d-----w- c:\documents and settings\Adam\Ustawienia lokalne\Dane aplikacji\Mozilla
2010-01-22 14:58 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-01-22 14:58 . 2008-04-14 22:50 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-22 14:57 . 2008-04-14 21:35 58880 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-01-22 14:57 . 2008-04-14 22:50 77312 ----a-w- c:\windows\system32\usbui.dll
2010-01-22 14:53 . 2010-01-22 23:03 -------- d--h--r- c:\documents and settings\All Users\Dane aplikacji
2010-01-22 14:53 . 2010-01-22 23:40 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2010-01-22 14:53 . 2010-01-22 14:03 -------- d-----w- c:\documents and settings\All Users
2010-01-22 14:27 . 2010-01-22 14:27 -------- d-----w- c:\windows\Profiles
2010-01-22 14:27 . 2010-01-22 14:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-22 14:27 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-01-22 14:27 . 2010-01-22 14:27 -------- d-----w- c:\documents and settings\Adam\WINDOWS
2010-01-22 14:26 . 2010-01-22 14:26 -------- d-----w- c:\program files\viewsonic
2010-01-22 14:13 . 2007-11-28 03:26 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-22 14:11 . 2007-12-28 15:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-01-22 14:07 . 2010-01-22 14:07 -------- d-sh--w- c:\documents and settings\LocalService.ZARZĄDZANIE NT.003
2010-01-22 14:06 . 2010-01-22 14:06 -------- d-sh--w- c:\documents and settings\NetworkService.ZARZĄDZANIE NT.003
2010-01-22 14:04 . 2007-03-05 19:39 50105 ----a-w- c:\windows\activ.exe
2010-01-22 14:04 . 2010-01-22 22:26 -------- d-----w- c:\windows\system32\dllcache
2010-01-22 14:04 . 2010-01-22 14:04 -------- d-s---w- c:\documents and settings\Default User.WINDOWS\Ustawienia lokalne\Dane aplikacji\Microsoft
2010-01-22 14:03 . 2010-01-22 14:03 -------- d-sh--w- c:\documents and settings\All Users\DRM
2010-01-22 14:03 . 2010-01-22 14:03 -------- d-----w- c:\program files\Usługi online
2010-01-22 14:01 . 2010-01-22 14:01 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-21 22:37 . 2010-01-21 22:37 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Szablony
2010-01-21 22:15 . 2010-01-21 22:15 -------- d-s---w- c:\documents and settings\Adam.SAJDUDA-A78852D\Ustawienia lokalne\Dane aplikacji\Microsoft
2010-01-21 22:15 . 2010-01-21 22:15 -------- d-----r- c:\documents and settings\Adam.SAJDUDA-A78852D\Ulubione
2010-01-21 22:15 . 2010-01-21 22:15 -------- d-----r- c:\documents and settings\Adam.SAJDUDA-A78852D\Moje dokumenty
2010-01-21 22:15 . 2010-01-21 22:15 -------- d--h--r- c:\documents and settings\Adam.SAJDUDA-A78852D\Dane aplikacji
2010-01-21 22:15 . 2010-01-21 22:15 -------- d-----w- c:\documents and settings\Adam.SAJDUDA-A78852D
2010-01-21 22:15 . 2010-01-21 21:46 -------- d--h--w- c:\documents and settings\Adam.SAJDUDA-A78852D\Szablony
2010-01-21 22:08 . 2010-01-21 22:08 -------- d-sh--w- c:\documents and settings\LocalService.ZARZĄDZANIE NT.002
2010-01-21 21:52 . 2010-01-21 21:52 -------- d-sh--w- c:\documents and settings\NetworkService.ZARZĄDZANIE NT.002
2010-01-21 21:49 . 2010-01-21 21:49 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
2010-01-21 19:26 . 2010-01-21 19:26 -------- d-sh--w- c:\documents and settings\LocalService.ZARZĄDZANIE NT.001
2010-01-21 19:20 . 2010-01-21 19:20 -------- d-sh--w- c:\documents and settings\NetworkService.ZARZĄDZANIE NT.001
2010-01-21 18:01 . 2010-01-21 18:01 -------- d-sh--w- c:\documents and settings\LocalService.ZARZĄDZANIE NT.000
2010-01-21 18:01 . 2010-01-21 18:01 -------- d-sh--w- c:\documents and settings\NetworkService.ZARZĄDZANIE NT.000
2010-01-21 15:07 . 2010-01-21 15:07 -------- d-sh--w- c:\documents and settings\LocalService.ZARZĄDZANIE NT
2010-01-21 15:06 . 2010-01-21 15:06 -------- d-sh--w- c:\documents and settings\NetworkService.ZARZĄDZANIE NT
2010-01-20 12:05 . 2010-01-20 12:05 42088 ----a-w- c:\documents and settings\Adam\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-01-20 12:03 . 2010-01-20 12:03 11776 ----a-w- c:\documents and settings\Adam\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 23:16 . 2010-01-22 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 22:28 . 2001-10-26 16:15 83880 ----a-w- c:\windows\system32\perfc015.dat
2010-01-22 22:28 . 2001-10-26 16:15 490628 ----a-w- c:\windows\system32\perfh015.dat
2010-01-22 17:05 . 2010-01-22 17:04 -------- d-----w- c:\program files\Winamp
2010-01-22 17:04 . 2010-01-22 17:04 -------- d-----w- c:\program files\Winamp Detect
2010-01-22 17:04 . 2010-01-22 17:04 -------- d-----w- c:\documents and settings\Adam\Dane aplikacji\Winamp
2010-01-22 16:44 . 2010-01-22 16:44 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2010-01-22 14:26 . 2010-01-22 14:21 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-22 14:21 . 2010-01-22 14:21 -------- d-----w- c:\program files\VIA
2010-01-22 14:12 . 2010-01-22 14:12 -------- d-----w- c:\documents and settings\Adam\Dane aplikacji\InstallShield
2010-01-22 14:03 . 2010-01-22 14:03 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-22 14:00 . 2010-01-22 14:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-24 15:39 . 2009-11-24 15:39 1093064 ----a-w- c:\documents and settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\zhw1bj1y.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-02 15:02 . 2009-11-02 15:02 59976 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\Polish\setup.exe
.
------- Sigcheck -------
[-] 2008-05-02 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\gry\steam\steam.exe" [2010-01-22 1217808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8491008]
"nwiz"="nwiz.exe" [2007-11-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-28 81920]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-03-01 124928]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"e:\\Programy\\DC++\\DCPlusPlus.exe"=
"e:\\Gry\\Steam\\SteamApps\\adamus203\\counter-strike\\hl.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-22 691696]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-22 238080]
.
Zawartość folderu 'Zaplanowane zadania'
2010-01-22 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8264201986.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\zhw1bj1y.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Adam\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 00:46
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spnv.sys >>UNKNOWN [0x89B7C938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba673cb8
\Driver\atapi -> atapi.sys @ 0xba608b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xba511bb0
PacketIndicateHandler -> NDIS.sys @ 0xba51ea21
SendHandler -> NDIS.sys @ 0xba4fc87b
user & kernel MBR OK
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(1456)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Czas ukończenia: 2010-01-23 00:48:28 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-01-22 23:48
Przed: 89 632 829 440 bajtów wolnych
Po: 89 632 452 608 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4E4CF83F92D52D5A26E2AA4573CC8F49
ComboFix – Dodane 23.01.2010 (So) 1:18 –
OTL Extras logfile created on: 2010-01-23 01:08:06 - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\Adam\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 80,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 83,49 Gb Free Space | 85,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 368,10 Gb Total Space | 353,65 Gb Free Space | 96,07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SAJDUDA-2C7958C
Current User Name: Adam
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"E:\Programy\DC++\DCPlusPlus.exe" = E:\Programy\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"E:\Gry\Steam\SteamApps\adamus203\counter-strike\hl.exe" = E:\Gry\Steam\SteamApps\adamus203\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5CA7899B-FFEC-4254-A05B-448420831F37}" = Championship Manager 2010
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Nawigator obrazów i fotografii HP 2.0 - All-in-One Sterowniki
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Nawigator obrazów i fotografii HP 2.0 - All-in-One
"{9C748279-288D-11D7-928D-00C0CA129740}" = Robin Hood - Legenda Sherwood
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = Dysk wspomnieniowy HP
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DC++" = DC++ 0.699
"Gadu-Gadu 10" = Gadu-Gadu 10
"GOM Player" = GOM Player
"HP PSC 1200 Series" = Nawigator obrazów i fotografii HP 2.0 - hp psc 1200 series
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NVIDIA Drivers" = NVIDIA Drivers
"Winamp" = Winamp
"WinRAR archiver" = Archiwizator WinRAR
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Detektor Winampa
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[Application Events]
Error - 2010-01-22 13:01:05 | Computer Name = SAJDUDA-2C7958C | Source = crypt32 | ID = 131083
Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej
aktualizacji z: ,
wystąpił błąd: Wystąpił wewnętrzny błąd obsługi łańcucha certyfikatów.
Error - 2010-01-22 14:58:56 | Computer Name = SAJDUDA-2C7958C | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: ,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.
[System Events]
Error - 2010-01-22 11:13:19 | Computer Name = SAJDUDA-2C7958C | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC80.CRT. Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .
Error - 2010-01-22 11:13:19 | Computer Name = SAJDUDA-2C7958C | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\DOCUME~1\Adam\USTAWI~1\Temp\nsmB.tmp\CloseGG.dll.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .
Error - 2010-01-22 11:13:47 | Computer Name = SAJDUDA-2C7958C | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC80.CRT; ostatni błąd:
Odnośny zestaw nie jest zainstalowany w tym systemie.
Error - 2010-01-22 11:13:47 | Computer Name = SAJDUDA-2C7958C | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC80.CRT. Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie. .
Error - 2010-01-22 11:13:47 | Computer Name = SAJDUDA-2C7958C | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\DOCUME~1\Adam\USTAWI~1\Temp\nsmB.tmp\CloseGG.dll.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie. .
Error - 2010-01-22 15:14:54 | Computer Name = SAJDUDA-2C7958C | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
Błąd:
„%193”
wystąpił
podczas uruchamiania tego polecenia: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding
Error - 2010-01-22 15:14:54 | Computer Name = SAJDUDA-2C7958C | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
Błąd:
„%193”
wystąpił
podczas uruchamiania tego polecenia: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding
Error - 2010-01-22 15:16:47 | Computer Name = SAJDUDA-2C7958C | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Si3112
Error - 2010-01-22 19:39:44 | Computer Name = SAJDUDA-2C7958C | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Si3112
Error - 2010-01-22 19:46:32 | Computer Name = SAJDUDA-2C7958C | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Si3112
< End of report >
OTL
– Dodane 23.01.2010 (So) 16:38 –
Jakieś pomysły?