ComboFix 10-05-13.04 - ja 2010-05-14 18:48:48.1.2 - x86 Uruchomiony z: c:\documents and settings\ja\Moje dokumenty\Pobieranie\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\jestertb.dll c:\windows\system32\Vb40032.dll . ((((((((((((((((((((((((( Pliki utworzone od 2010-04-14 do 2010-05-14 ))))))))))))))))))))))))))))))) . 2010-05-12 19:21 . 2010-05-12 19:23 -------- d-----w- c:\program files\Kaspersky Lab 2010-05-12 19:20 . 2010-05-12 19:20 -------- d-----w- C:\KAV . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-14 16:45 . 2009-03-06 21:36 16608 ----a-w- c:\windows\gdrv.sys 2010-05-12 19:02 . 2009-03-11 16:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2010-04-25 10:31 . 2009-07-03 18:52 -------- d-----w- c:\program files\Java 2010-04-07 19:21 . 2009-03-06 15:24 66904 ----a-w- c:\documents and settings\ja\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-04-07 17:00 . 2010-04-07 16:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Backup 2010-04-07 16:08 . 2009-03-06 21:37 -------- d–h--w- c:\program files\InstallShield Installation Information 2010-04-04 20:40 . 2009-10-02 21:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Electronic Arts 2010-04-04 20:39 . 2010-04-04 20:39 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-04 20:39 . 2010-04-04 20:40 38784 ----a-w- c:\documents and settings\ja\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-03 11:42 . 2010-04-03 11:42 -------- d-----w- c:\program files\Microsoft Silverlight 2010-03-30 21:38 . 2010-04-10 16:23 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys 2010-03-30 17:07 . 2009-12-17 18:12 -------- d-----w- c:\program files\Common Files\Java 2010-03-29 22:46 . 2009-09-26 18:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 22:45 . 2009-09-26 18:29 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-25 16:30 . 2010-03-25 16:30 -------- d-----w- c:\documents and settings\ja\Dane aplikacji\Thunderbird 2010-03-25 15:06 . 2010-03-25 15:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles 2010-03-18 15:07 . 2009-12-24 18:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ScanSoft 2010-03-15 17:55 . 2010-03-15 17:55 -------- d-----w- c:\documents and settings\ja\Dane aplikacji\ScanSoft 2010-03-10 06:17 . 2008-04-15 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:19 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2008-04-15 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:09 . 2008-04-15 12:00 2147840 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2008-04-14 21:59 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Twoje TVN24”=“e:\program files\Aplikacje\Pasek TVN24\tvn-ustawienia.exe” [2009-11-30 2744975] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RTHDCPL”=“RTHDCPL.EXE” [2008-06-27 16875008] “SoundMan”=“SOUNDMAN.EXE” [2008-06-18 77824] “AlcWzrd”=“ALCWZRD.EXE” [2008-06-19 2808832] “NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-09-17 13574144] “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-02-18 248040] “SSBkgdUpdate”=“c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 210472] “PaperPort PTD”=“c:\program files\ScanSoft\PaperPort\pptd40nt.exe” [2007-10-11 29984] “IndexSearch”=“c:\program files\ScanSoft\PaperPort\IndexSearch.exe” [2007-10-11 46368] “PPort11reminder”=“c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe” [2007-08-31 328992] “BrMfcWnd”=“c:\program files\Brother\Brmfcmon\BrMfcWnd.exe” [2008-02-19 1089536] “ControlCenter3”=“c:\program files\Brother\ControlCenter3\brctrcen.exe” [2007-12-21 86016] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360] c:\documents and settings\ja\Menu Start\Programy\Autostart\ Spis treci programu OneNote.onetoc2 [2009-11-5 3656] [HKLM~\startupfolder\C:^Documents and Settings^ja^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk] backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-09-17 07:55 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-09-17 07:55 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\Network Diagnostic\xpnetdiag.exe”= “%windir%\system32\sessmgr.exe”= “e:\Program Files\Gry\Valve\Cs 1.6\hl.exe”= R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-30 721904] S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968] S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu ‘Zaplanowane zadania’ 2010-04-07 c:\windows\Tasks\GlaryInitialize.job - e:\program files\Aplikacje\Glary Utilities\initialize.exe [2010-04-07 21:01] 2009-11-18 c:\windows\Tasks\User_Feed_Synchronization-{0C592973-4A39-4CFA-8CCA-4D60BA8D5ABF}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Skan uzupełniający ------- . TCP: {B9FB093D-7F11-46BD-BAD2-8178F24082C5} = 192.168.1.1 DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://83.19.25.131/NetCamPlayerWeb11gv2.cab FF - ProfilePath - c:\documents and settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\mn14u7ej.default\ FF - component: c:\documents and settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\mn14u7ej.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- e:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true); e:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false); e:\program files\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref”, true); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.renego_unrestricted_hosts”, “”); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.treat_unsafe_negotiation_as_broken”, false); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.require_safe_negotiation”, false); e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”); e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”); e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false); . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe HKLM-Run-NiwradSoft Welcome - c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe ************************************************************************** skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1606980848-926492609-1801674531-1004\Software\SecuROM\License information*] “datasecu”=hex:ac,6e,25,12,ed,4f,5b,29,f2,19,77,fc,51,7a,03,65,75,1c,b5,c8,af, e3,ea,5d,dc,1c,b8,35,90,eb,e1,28,cd,42,8b,9c,b1,6e,07,58,ff,59,5c,07,a1,22,\ “rkeysecu”=hex:70,c7,bb,e2,93,81,66,96,99,49,bc,cc,97,b3,92,51 . Czas ukończenia: 2010-05-14 18:51:30 ComboFix-quarantined-files.txt 2010-05-14 16:51 Przed: 55 020 265 472 bajtów wolnych Po: 55 097 081 856 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect - - End Of File - - 2D72755C1B9B1566C270CBF32F58F974