Kod: 25810 WKLEJTO.PL Darmowa wklejka, na zawsze!

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119. 120. 121. 122. 123. 124. 125. 126. 127. 128. 129. 130. 131. 132. 133. 134. 135. 136. 137. 138. 139. 140. 141. 142. 143. 144. 145. 146. 147. 148. 149. 150. 151. 152. 153. 154. 155. 156. 157. 158. 159. 160. 161. 162. 163. 164. 165. 166. 167. 168. 169. 170. 171. 172. 173. 174. 175. 176. 177. 178. 179. 180. 181. 182. 183. 184. 185. 186. 187. 188. 189. 190. 191. 192. 193. 194. 195. 196. 197. 198. 199. 200. 201. 202. 203. 204. 205. 206. 207. 208. 209. 210. 211. 212. 213. 214. 215. 216. 217. 218. 219. 220. 221. 222. 223. 224. 225. 226. 227. 228. 229. 230. 231. 232. 233. 234. 235. 236. 237. 238. 239. 240. 241. 242. 243. 244. 245. 246. 247. 248. 249. 250. 251. 252. 253. 254. 255. 256. 257. 258. 259. 260. 261. 262. 263.

ComboFix 09-02-08.02 - Daniel 2009-02-10 17:49:27.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1015.653 [GMT 1:00] Uruchomiony z: c:\\documents and settings\\Daniel\\Pulpit\\ComboFix.exe Użyto następujących komend :: c:\\documents and settings\\Daniel\\Pulpit\\CFScript.txt * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! FILE :: c:\\documents and settings\\gościu\\Pulpit\\1.exe c:\\documents and settings\\gościu\\Pulpit\\Wavosaur.1.0.0.9000(en)\\setupwavtomp3.exe.part c:\\windows\\OLD13B.tmp c:\\windows\\system32\\afmain0.dll c:\\windows\\system32\\afmain0.dll/c:\\windows\\system32\\afmain0.dll c:\\windows\\system32\\config\\systemprofile\\Ustawienia lokalne\\Temporary Internet Files\\Content.IE5\\1I0HV5BO\\Server[1].dll d:\\prem\\rozne\\Wavosaur.1.0.0.9000(en)\\setupwavtomp3.exe.part . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\\documents and settings\\gościu\\Pulpit\\Wavosaur.1.0.0.9000(en)\\setupwavtomp3.exe.part c:\\windows\\system32\\afmain0.dll c:\\windows\\system32\\config\\systemprofile\\Ustawienia lokalne\\Temporary Internet Files\\Content.IE5\\1I0HV5BO\\Server[1].dll d:\\prem\\rozne\\Wavosaur.1.0.0.9000(en)\\setupwavtomp3.exe.part . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\\Service_PDIDRV ((((((((((((((((((((((((( Pliki utworzone od 2009-01-10 do 2009-02-10 ))))))))))))))))))))))))))))))) . 2009-02-10 10:54 . 2009-02-10 10:55 979,760 --a------ C:\\cc_20090210_105414.reg 2009-02-10 10:50 . 2009-02-10 10:50 <DIR> d-------- c:\\program files\\CCleaner 2009-02-10 09:46 . 2009-02-10 09:46 109,006 -r-hs---- C:\\2aaxaiy.exe 2009-02-09 18:09 . 2009-02-09 18:09 <DIR> d-------- c:\\documents and settings\\Wiktor\\Dane aplikacji\\Gadu-Gadu 2009-02-09 16:51 . 2008-04-14 18:21 70,144 --a------ c:\\windows\\AhnRpta.exe 2009-02-06 19:15 . 2001-10-26 17:29 87,040 --a------ c:\\windows\\system32\\wiafbdrv.dll 2009-02-06 19:11 . 2002-11-01 01:12 49,152 --a------ c:\\windows\\AutoSet.dll 2009-02-06 19:11 . 2002-08-08 02:09 45,056 --a------ c:\\windows\\system32\\micdrv.dll 2009-02-06 19:11 . 2003-02-27 05:55 17,376 --a------ c:\\windows\\system32\\drivers\\GT680x.SYS 2009-02-06 19:11 . 2009-02-06 19:11 267 --a------ c:\\windows\\SCNDRVU.INI 2009-02-06 19:10 . 2009-02-06 19:47 <DIR> d-------- c:\\program files\\ScannerU 2009-01-27 15:02 . 2009-01-27 15:02 301,204 --ah----- c:\\windows\\system32\\mlfcache.dat 2009-01-17 17:07 . 2009-01-17 17:07 <DIR> d-------- c:\\documents and settings\\All Users\\Dane aplikacji\\Keronsoft 2009-01-14 17:43 . 2009-01-14 17:43 <DIR> d-------- c:\\documents and settings\\tomek\\Dane aplikacji\\.clamwin 2009-01-13 23:10 . 2009-01-13 23:10 <DIR> d-------- c:\\documents and settings\\gościu\\Dane aplikacji\\Windows Search . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-09 17:20 --------- d-----w c:\\documents and settings\\tomek\\Dane aplikacji\\OpenOffice.ux.pl2 2009-02-09 17:18 --------- d-----w c:\\documents and settings\\Wiktor\\Dane aplikacji\\OpenOffice.ux.pl2 2009-02-09 14:29 --------- d-----w c:\\documents and settings\\Daniel\\Dane aplikacji\\OpenOffice.ux.pl2 2009-02-06 17:34 --------- d-----w c:\\documents and settings\\gościu\\Dane aplikacji\\OpenOffice.ux.pl2 2009-02-05 14:17 --------- d-----w c:\\program files\\Common Files\\Seagate 2009-01-09 19:47 --------- d-----w c:\\documents and settings\\Wiktor\\Dane aplikacji\\ipla 2009-01-01 15:01 --------- d-----w c:\\program files\\Nokia 2009-01-01 15:01 --------- d-----w c:\\program files\\Common Files\\Nokia 2009-01-01 15:00 --------- d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\NokiaMusic 2009-01-01 14:24 --------- d-----w c:\\documents and settings\\Daniel\\Dane aplikacji\\Nokia 2009-01-01 13:47 --------- d-----w c:\\documents and settings\\Daniel\\Dane aplikacji\\PC Suite 2009-01-01 13:46 0 ---ha-w c:\\windows\\system32\\drivers\\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-01-01 13:46 0 ---ha-w c:\\windows\\system32\\drivers\\Msft_Kernel_ccdcmb_01005.Wdf 2009-01-01 13:32 --------- d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\Installations 2009-01-01 13:31 --------- d-----w c:\\program files\\Common Files\\PCSuite 2009-01-01 13:30 --------- d-----w c:\\program files\\PC Connectivity Solution 2008-12-22 13:47 --------- d-----w c:\\documents and settings\\Daniel\\Dane aplikacji\\ipla 2008-12-22 13:47 --------- d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\ipla 2008-12-19 16:12 --------- d-----w c:\\program files\\Opera 2008-12-16 13:55 --------- d-----w c:\\documents and settings\\Daniel\\Dane aplikacji\\Corel 2008-12-12 03:51 --------- d-----w c:\\documents and settings\\gościu\\Dane aplikacji\\Windows Desktop Search 2008-12-11 14:05 --------- d-----w c:\\documents and settings\\Daniel\\Dane aplikacji\\Windows Search 2008-12-11 13:08 --------- d-----w c:\\documents and settings\\Daniel\\Dane aplikacji\\Windows Desktop Search 2008-12-11 13:07 --------- d-----w c:\\program files\\Windows Desktop Search 2008-12-11 10:57 333,952 ----a-w c:\\windows\\system32\\drivers\\srv.sys 2008-04-08 16:51 454,656 ----a-w c:\\program files\\putty.exe 2008-12-19 15:50 67,688 ----a-w c:\\program files\\mozilla firefox\\components\\jar50.dll 2008-12-19 15:50 54,368 ----a-w c:\\program files\\mozilla firefox\\components\\jsd3250.dll 2008-12-19 15:50 34,944 ----a-w c:\\program files\\mozilla firefox\\components\\myspell.dll 2008-12-19 15:50 46,712 ----a-w c:\\program files\\mozilla firefox\\components\\spellchk.dll 2008-12-19 15:50 172,136 ----a-w c:\\program files\\mozilla firefox\\components\\xpinstal.dll 2008-08-28 10:19 16,384 --sha-w c:\\windows\\system32\\config\\systemprofile\\Cookies\\index.dat 2008-08-28 10:19 32,768 --sha-w c:\\windows\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\index.dat 2008-08-28 10:19 32,768 --sha-w c:\\windows\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\MSHist012008082820080829\\index.dat 2008-08-28 10:19 32,768 --sha-w c:\\windows\\system32\\config\\systemprofile\\Ustawienia lokalne\\Temporary Internet Files\\Content.IE5\\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\1TortoiseNormal] @=\"{C5994560-53D9-4125-87C9-F193FC689CB2}\" [HKEY_CLASSES_ROOT\\CLSID\\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 --a------ c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\2TortoiseModified] @=\"{C5994561-53D9-4125-87C9-F193FC689CB2}\" [HKEY_CLASSES_ROOT\\CLSID\\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 --a------ c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\3TortoiseConflict] @=\"{C5994562-53D9-4125-87C9-F193FC689CB2}\" [HKEY_CLASSES_ROOT\\CLSID\\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 --a------ c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\4TortoiseLocked] @=\"{C5994563-53D9-4125-87C9-F193FC689CB2}\" [HKEY_CLASSES_ROOT\\CLSID\\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 --a------ c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\5TortoiseReadOnly] @=\"{C5994564-53D9-4125-87C9-F193FC689CB2}\" [HKEY_CLASSES_ROOT\\CLSID\\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 --a------ c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\6TortoiseDeleted] @=\"{C5994565-53D9-4125-87C9-F193FC689CB2}\" [HKEY_CLASSES_ROOT\\CLSID\\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 --a------ c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\7TortoiseAdded] @=\"{C5994566-53D9-4125-87C9-F193FC689CB2}\" [HKEY_CLASSES_ROOT\\CLSID\\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 --a------ c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\8TortoiseIgnored] @=\"{C5994567-53D9-4125-87C9-F193FC689CB2}\" [HKEY_CLASSES_ROOT\\CLSID\\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 --a------ c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\9TortoiseUnversioned] @=\"{C5994568-53D9-4125-87C9-F193FC689CB2}\" [HKEY_CLASSES_ROOT\\CLSID\\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 16:52 80384 --a------ c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"CTFMON.EXE\"=\"c:\\windows\\system32\\ctfmon.exe\" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"IgfxTray\"=\"c:\\windows\\system32\\igfxtray.exe\" [2005-06-21 155648] \"HotKeysCmds\"=\"c:\\windows\\system32\\hkcmd.exe\" [2005-06-21 126976] \"Smapp\"=\"c:\\program files\\Analog Devices\\SoundMAX\\SMTray.exe\" [2003-05-05 143360] \"DrvLsnr\"=\"c:\\program files\\Analog Devices\\SoundMAX\\DrvLsnr.exe\" [2003-05-08 69632] \"UnlockerAssistant\"=\"c:\\program files\\Unlocker\\UnlockerAssistant.exe\" [2006-09-07 15872] \"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre6\\bin\\jusched.exe\" [2008-12-03 136600] \"LXSUPMON\"=\"c:\\windows\\system32\\LXSUPMON.EXE\" [2002-01-28 885760] \"Acronis Scheduler2 Service\"=\"c:\\program files\\Common Files\\Seagate\\Schedule2\\schedhlp.exe\" [2007-09-04 148760] \"ClamWin\"=\"c:\\program files\\ClamWin\\bin\\ClamTray.exe\" [2008-11-04 86016] \"Adobe Reader Speed Launcher\"=\"c:\\program files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\" [2008-01-11 39792] [HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run] \"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-14 15360] c:\\documents and settings\\gociu\\Menu Start\\Programy\\Autostart\\ OpenOffice.ux.pl 2.4.0.lnk - c:\\program files\\OpenOffice.ux.pl 2.4.0\\program\\quickstart.exe [2008-04-02 19456] c:\\documents and settings\\tomek\\Menu Start\\Programy\\Autostart\\ OpenOffice.ux.pl 2.4.0.lnk - c:\\program files\\OpenOffice.ux.pl 2.4.0\\program\\quickstart.exe [2008-04-02 19456] c:\\documents and settings\\Daniel\\Menu Start\\Programy\\Autostart\\ Adobe Gamma.lnk - c:\\program files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe [2005-03-16 113664] [hkey_local_machine\\software\\microsoft\\windows\\currentversion\\explorer\\ShellExecuteHooks] \"{56F9679E-7826-4C84-81F3-532071A8BCC5}\"= \"c:\\program files\\Windows Desktop Search\\MSNLNamespaceMgr.dll\" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32] \"vidc.ffds\"= c:\\progra~1\\COMBIN~1\\Filters\\FFDShow\\ff_vfw.dll [HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Search.lnk] path=c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\Windows Search.lnk backup=c:\\windows\\pss\\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\\software\\microsoft\\security center] \"AntiVirusOverride\"=dword:00000001 [HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List] \"%windir%\\\\system32\\\\sessmgr.exe\"= \"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"= \"c:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"= \"c:\\\\Program Files\\\\EditPlus 2\\\\editplus.exe\"= \"c:\\\\WINDOWS\\\\system32\\\\ftp.exe\"= \"c:\\\\WINDOWS\\\\system32\\\\LEXPPS.EXE\"= \"c:\\\\Program Files\\\\Media Player Classic\\\\mplayerc.exe\"= \"c:\\\\Program Files\\\\Mozilla Firefox\\\\firefox.exe\"= \"c:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"= \"c:\\\\Program Files\\\\Bonjour\\\\mDNSResponder.exe\"= \"c:\\\\Program Files\\\\WinSCP\\\\WinSCP.exe\"= R3 vmscekb1;Virtual Media Center Keyboard;c:\\windows\\system32\\drivers\\vmscekb1.sys [2006-06-01 36224] R3 vmscekb2;Virtual Media Center Remote Control;c:\\windows\\system32\\drivers\\vmscekb2.sys [2006-06-01 36224] R3 vmscekb3;Virtual Media Center Control;c:\\windows\\system32\\drivers\\vmscekb3.sys [2006-06-01 36224] S3 GT680xNT;715 USB Scanner Driver;c:\\windows\\system32\\drivers\\GT680x.SYS [2009-02-06 17376] S3 NPF;NetGroup Packet Filter Driver;c:\\windows\\system32\\drivers\\npf.sys [2007-01-25 42000] S3 rtkbflt1;rtkbflt1;c:\\windows\\system32\\drivers\\rtkbflt1.sys [2006-03-17 25472] S3 rtkbflt2;rtkbflt2;c:\\windows\\system32\\drivers\\rtkbflt2.sys [2006-03-17 25472] . Zawartość folderu \'Zaplanowane zadania\' 2009-02-09 c:\\windows\\Tasks\\AppleSoftwareUpdate.job - c:\\program files\\Apple Software Update\\SoftwareUpdate.exe [2008-04-11 16:57] . . ------- Skan uzupełniający ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: Display Toolbar and Menubar - c:\\program files\\IEInspector\\IEWebDeveloperV2\\cmd_display.html TCP: {A4EA3BC6-5145-400E-A529-830A7E3D0773} = 10.42.42.1 FF - ProfilePath - c:\\documents and settings\\Daniel\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\sd0hez84.default\\ FF - prefs.js: browser.startup.homepage - blank FF - component: c:\\documents and settings\\Daniel\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\sd0hez84.default\\extensions\\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\\platform\\WINNT\\components\\ColorZilla.dll FF - component: c:\\program files\\Mozilla Firefox\\components\\xpinstal.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-10 17:54:35 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\\windows\\system32\\LEXBCES.EXE c:\\windows\\system32\\LEXPPS.EXE c:\\program files\\Common Files\\Seagate\\Schedule2\\schedul2.exe c:\\program files\\Bonjour\\mDNSResponder.exe c:\\program files\\Common Files\\InterVideo\\DeviceService\\DevSvc.exe c:\\program files\\Java\\jre6\\bin\\jqs.exe c:\\program files\\Common Files\\LightScribe\\LSSrvc.exe c:\\program files\\Analog Devices\\SoundMAX\\SMAgent.exe c:\\windows\\system32\\searchindexer.exe c:\\program files\\TortoiseSVN\\bin\\TSVNCache.exe . ************************************************************************** . Czas ukończenia: 2009-02-10 17:58:26 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-02-10 16:58:23 ComboFix2.txt 2009-02-10 09:42:29 Przed: 2 511 376 384 bajtów wolnych Po: 2,558,558,208 bajtów wolnych 219 --- E O F --- 2009-01-14 08:45:24

Nowy Komentarz:

Komentarze: