ComboFix 10-05-15.03 - Administrator 2010-05-16 17:44:17.15.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3070.2614 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Rezydentny antywirus jest aktywny
.
((((((((((((((((((((((((( Pliki utworzone od 2010-04-16 do 2010-05-16 )))))))))))))))))))))))))))))))
.
2010-05-15 20:53 . 2010-05-15 22:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-15 20:53 . 2010-05-15 22:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2010-05-15 20:47 . 2010-05-15 20:47 -------- d-----w- c:\program files\kj
2010-05-15 20:42 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-05-12 16:47 . 2010-05-12 16:48 -------- d-----w- c:\program files\Guitar FX BOX 2.6
2010-05-12 11:59 . 2010-05-12 12:16 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Rockstar Games
2010-05-12 11:40 . 2010-05-12 11:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-12 11:36 . 2010-05-12 11:36 -------- d-----w- c:\windows\system32\xlive
2010-05-12 11:36 . 2010-05-12 11:36 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-05-12 11:21 . 2010-05-12 12:09 -------- d-----w- c:\program files\Rockstar Games
2010-05-11 15:33 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-10 18:11 . 2010-05-10 18:11 -------- d-----w- c:\documents and settings\Nowy folder
2010-05-10 18:02 . 2010-05-10 18:02 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Cimaware
2010-05-09 21:27 . 2010-05-09 21:27 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Real Desktop
2010-05-09 21:27 . 2010-05-10 13:57 -------- d-----w- c:\program files\Real Desktop
2010-05-06 11:47 . 2010-05-06 11:47 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\ABBYY
2010-05-06 11:41 . 2010-05-11 19:42 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\ABBYY
2010-05-06 11:41 . 2010-05-06 11:49 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ABBYY
2010-05-05 09:26 . 2010-05-05 09:26 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader
2010-05-03 17:46 . 2008-04-13 22:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-05-03 17:46 . 2008-04-13 22:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-05-03 17:46 . 2008-04-14 20:50 54784 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll
2010-05-03 17:45 . 2010-05-03 17:45 -------- d-----w- c:\program files\CyberLink
2010-05-03 17:17 . 2010-05-03 18:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\CyberLink
2010-05-03 17:16 . 2010-05-03 17:16 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\CyberLink
2010-05-03 17:16 . 2010-05-03 17:16 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\CyberLink
2010-05-03 17:15 . 2010-05-03 17:45 -------- d-----w- c:\documents and settings\kuba\Pulpit
2010-05-03 17:15 . 2010-05-03 17:15 -------- d-----w- c:\documents and settings\kuba\Menu Start
2010-05-03 17:12 . 2010-05-03 17:42 36864 ----a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2010-04-28 17:47 . 2010-04-28 18:09 1925088 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-04-26 08:35 . 2010-04-26 08:35 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\FindeXer
2010-04-26 08:31 . 2010-04-26 08:31 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Stardock
2010-04-26 08:30 . 2010-04-26 08:29 153877 ----a-w- c:\windows\BricoPackUninst.cmd
2010-04-26 08:23 . 2010-04-26 08:23 -------- d-----w- c:\program files\RK Launcher
2010-04-26 08:22 . 2010-05-11 19:41 -------- d-----w- c:\program files\CursorXP
2010-04-26 08:19 . 2010-05-02 21:00 -------- d-----w- c:\program files\iColorFolder
2010-04-26 08:13 . 2010-04-26 08:30 8256 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-04-26 08:12 . 2010-05-02 20:59 -------- d-----w- c:\windows\BricoPacks
2010-04-21 18:47 . 2010-04-21 18:47 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-21 18:34 . 2010-04-21 18:43 7028 --sha-w- c:\windows\system32\sys_drv.dat
2010-04-21 18:34 . 2010-04-21 18:43 6024 --sha-w- c:\windows\system32\sys_drv_2.dat
2010-04-21 18:32 . 2010-05-02 20:58 -------- d-----w- c:\program files\Folder Lock 6
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 15:52 . 2009-11-20 14:20 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-16 15:43 . 2009-11-19 18:30 16608 ----a-w- c:\windows\gdrv.sys
2010-05-15 12:22 . 2010-01-23 19:25 871992 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2010-05-15 12:05 . 2010-03-29 17:30 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-05-14 15:00 . 2009-11-19 18:19 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-12 12:09 . 2009-11-19 18:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-11 15:33 . 2009-11-19 18:22 -------- d-----w- c:\program files\Java
2010-05-10 17:37 . 2010-01-03 18:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-05-10 16:52 . 2009-12-09 17:50 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Skype
2010-05-05 17:24 . 2009-11-27 21:16 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\skypePM
2010-05-03 17:12 . 2010-04-09 21:25 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-05-02 21:01 . 2009-11-20 21:01 -------- d-----w- c:\program files\JDownloader
2010-04-26 08:29 . 2004-08-03 22:44 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-04-21 21:30 . 2010-01-23 21:39 -------- d-----w- c:\program files\ALLPlayer
2010-04-09 21:24 . 2010-04-09 21:24 -------- d-----w- c:\program files\SourceTec
2010-04-07 20:02 . 2009-11-19 18:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-06 16:11 . 2009-11-21 01:00 48656 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-04-06 09:51 . 2010-04-06 09:51 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Solidshield
2010-04-06 09:42 . 2010-04-06 09:42 -------- d-----w- c:\program files\Ubisoft
2010-03-30 20:40 . 2010-01-23 19:45 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Sony
2010-03-30 18:36 . 2010-03-30 18:36 503808 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6033264a-n\msvcp71.dll
2010-03-30 18:36 . 2010-03-30 18:36 499712 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6033264a-n\jmc.dll
2010-03-30 18:36 . 2010-03-30 18:36 348160 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6033264a-n\msvcr71.dll
2010-03-30 18:36 . 2010-03-30 18:36 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 18:36 . 2010-03-30 18:36 61440 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5bc63d2a-n\decora-sse.dll
2010-03-30 18:36 . 2010-03-30 18:36 12800 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5bc63d2a-n\decora-d3d.dll
2010-03-30 18:35 . 2001-10-26 18:15 87418 ----a-w- c:\windows\system32\perfc015.dat
2010-03-30 18:35 . 2001-10-26 18:15 494278 ----a-w- c:\windows\system32\perfh015.dat
2010-03-30 11:59 . 2010-03-30 11:53 -------- d-----w- c:\program files\Bloodrayne
2010-03-29 21:56 . 2010-03-29 21:56 -------- d-----w- c:\program files\Electronic Arts
2010-03-29 17:30 . 2010-03-07 21:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-03-26 21:36 . 2010-03-26 21:36 -------- d-----w- c:\program files\SEGA
2010-03-26 21:04 . 2010-01-09 15:32 -------- d-----w- c:\program files\EA GAMES
2010-03-26 20:51 . 2009-12-08 12:54 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2010-03-26 18:33 . 2010-01-24 12:54 -------- d-----w- c:\program files\Metin2_PL
2010-03-24 15:15 . 2010-03-24 15:15 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Sony Creative Software
2010-03-22 23:10 . 2010-03-09 15:39 -------- d-----w- c:\program files\Astrum Online Entertainment
2010-03-22 15:35 . 2010-03-22 15:25 -------- d-----w- c:\program files\ChrisTV PVR
2010-03-19 20:16 . 2010-01-14 22:10 -------- d-----w- c:\program files\Winamp
2010-03-18 15:25 . 2010-03-18 14:50 -------- d-----w- c:\program files\Password Protect USB
2010-03-11 22:14 . 2010-03-11 22:14 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-03-11 22:13 . 2010-03-11 22:13 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
2010-02-10 14:00 . 2010-02-10 14:00 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\kopia sp2\$ntservicepackuninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-10-21 2154496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-21 13574144]
"nwiz"="nwiz.exe" [2008-10-21 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-21 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-28 1800464]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2010-01-25 224352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Scheduler for OEM.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Scheduler for OEM.lnk
backup=c:\windows\pss\Scheduler for OEM.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Card Remote Control Device Monitor]
2008-06-17 07:10 352256 ----a-r- c:\windows\713xRMTMon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Documents and Settings\\Administrator\\Pulpit\\programy\\gry\\?????\\RuSro\\RuSro\\_riBot_Beta_Released_v1.0.53\\riBot.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Metin2_PL\\metin2client.bin"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\Avatar.exe"=
"c:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\AvatarLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 9.0\\VegSrv90.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14393:TCP"= 14393:TCP:BitComet 14393 TCP
"14393:UDP"= 14393:UDP:BitComet 14393 UDP
"7762:TCP"= 7762:TCP:BitComet 7762 TCP
"7762:UDP"= 7762:UDP:BitComet 7762 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-11-21 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-11-21 5248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-11-19 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-11-19 25160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-15 18816]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2009-11-25 279552]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2009-11-19 80392]
R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2009-11-25 25984]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-01-25 27504]
S2 Passwdrenew;Passwdrenew;System32\rnpasswd.exe --> System32\rnpasswd.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1CE6.tmp --> c:\windows\system32\1CE6.tmp [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-19 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 119.115.136.62:8080
uInternet Settings,ProxyOverride = <local>
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Menu Start\Programy\IMVU\Run IMVU.lnk
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5090alu2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.astrona.pl/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5090alu2.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5090alu2.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-05-16 18:00
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B807320]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb7f58cb8
\Driver\atapi -> 0x8b807320
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1CE6.tmp"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-861567501-1409082233-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Czas ukończenia: 2010-05-16 18:05:08
ComboFix-quarantined-files.txt 2010-05-16 16:04
Przed: 127 430 139 904 bajtów wolnych
Po: 127 388 823 552 bajtów wolnych
- - End Of File - - 23E5D60688180683673A0FD7051B608D