Kod: 27307 WKLEJTO.PL Darmowa wklejka, na zawsze!

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119. 120. 121. 122. 123. 124. 125. 126. 127. 128. 129. 130. 131. 132. 133. 134. 135. 136. 137. 138. 139. 140. 141. 142. 143. 144. 145. 146. 147. 148. 149. 150. 151. 152. 153. 154. 155. 156. 157. 158. 159. 160. 161. 162. 163. 164. 165. 166. 167. 168. 169. 170. 171. 172. 173. 174. 175. 176. 177. 178. 179. 180. 181. 182. 183. 184. 185. 186. 187. 188. 189. 190. 191. 192. 193. 194. 195. 196. 197. 198. 199. 200. 201. 202. 203. 204. 205. 206. 207. 208. 209. 210. 211. 212. 213. 214. 215. 216. 217. 218. 219. 220. 221. 222. 223. 224. 225. 226. 227. 228. 229. 230. 231. 232. 233. 234. 235. 236. 237. 238. 239. 240. 241. 242. 243. 244. 245. 246. 247. 248. 249. 250. 251. 252. 253. 254. 255. 256. 257. 258. 259.

ComboFix 09-02-21.01 - Adasz 2009-02-24 10:26:49.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2046.1439 [GMT 1:00] Uruchomiony z: c:\\documents and settings\\Adasz\\Pulpit\\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) FW: Sygate Personal Firewall *enabled* * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-24 do 2009-02-24 ))))))))))))))))))))))))))))))) . 2009-02-20 10:40 . 2008-10-10 04:52 4,379,984 --a------ c:\\windows\\system32\\D3DX9_40.dll 2009-02-20 10:40 . 2008-10-10 04:52 2,036,576 --a------ c:\\windows\\system32\\D3DCompiler_40.dll 2009-02-20 10:40 . 2008-10-27 10:04 514,384 --a------ c:\\windows\\system32\\XAudio2_3.dll 2009-02-20 10:40 . 2008-10-10 04:52 452,440 --a------ c:\\windows\\system32\\d3dx10_40.dll 2009-02-20 10:40 . 2008-10-27 10:04 235,856 --a------ c:\\windows\\system32\\xactengine3_3.dll 2009-02-20 10:40 . 2008-10-27 10:04 70,992 --a------ c:\\windows\\system32\\XAPOFX1_2.dll 2009-02-20 10:40 . 2008-10-27 10:04 23,376 --a------ c:\\windows\\system32\\X3DAudio1_5.dll 2009-02-19 22:59 . 2009-02-23 23:19 54,156 --ah----- c:\\windows\\QTFont.qfn 2009-02-19 22:59 . 2009-02-19 22:59 1,409 --a------ c:\\windows\\QTFont.for 2009-02-07 09:41 . 2009-02-07 09:41 10,520 --a------ c:\\windows\\system32\\avgrsstx.dll 2009-02-01 17:36 . 2009-02-01 17:59 <DIR> d-------- c:\\program files\\SmokersCalc 2009-01-25 20:33 . 2009-01-25 20:34 <DIR> d-------- c:\\documents and settings\\Adasz\\Dane aplikacji\\Workrave 2009-01-25 20:27 . 2009-02-15 13:26 <DIR> d-------- c:\\program files\\ATS2 2009-01-25 20:26 . 2009-01-26 13:55 <DIR> d-------- c:\\program files\\The Cleaner Demo 2009-01-25 20:19 . 2009-01-25 20:19 <DIR> d-------- C:\\RootkitRevealer v1.71 2009-01-25 20:12 . 2009-01-25 20:12 <DIR> d-------- c:\\program files\\Alwil Software 2009-01-25 20:10 . 2009-01-25 20:10 <DIR> d-------- c:\\program files\\Systweak 2009-01-25 20:10 . 2009-01-25 20:10 <DIR> d-------- c:\\documents and settings\\All Users\\Dane aplikacji\\Systweak 2009-01-25 20:10 . 2009-01-25 20:15 <DIR> d-------- c:\\documents and settings\\Adasz\\Dane aplikacji\\Systweak 2009-01-25 20:09 . 2008-11-10 19:49 17,136 --a------ c:\\windows\\system32\\sasnative32.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-24 09:28 --------- d-----w c:\\documents and settings\\Adasz\\Dane aplikacji\\Skype 2009-02-24 08:36 --------- d-----w c:\\documents and settings\\Adasz\\Dane aplikacji\\WTablet 2009-02-24 08:36 --------- d-----w c:\\documents and settings\\Adasz\\Dane aplikacji\\skypePM 2009-02-20 09:21 --------- d--h--w c:\\program files\\InstallShield Installation Information 2009-02-13 13:12 --------- d-----w c:\\documents and settings\\Adasz\\Dane aplikacji\\Hamachi 2009-02-07 08:41 325,128 ----a-w c:\\windows\\system32\\drivers\\avgldx86.sys 2009-02-04 18:25 --------- d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\avg8 2009-01-28 20:23 --------- d-----w c:\\program files\\CyberLink 2009-01-26 10:45 --------- d-----w c:\\program files\\Macromedia 2009-01-26 09:32 --------- d-----w c:\\program files\\Common Files\\Macromedia 2009-01-26 09:09 --------- d-----w c:\\program files\\Crayon Physics Deluxe 2009-01-26 08:57 --------- d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\Spybot - Search & Destroy 2009-01-25 19:23 --------- d-----w c:\\program files\\Spybot - Search & Destroy 2009-01-15 09:36 --------- d-----w c:\\program files\\Common Files\\Wise Installation Wizard 2009-01-15 09:35 --------- d-----w c:\\program files\\AGEIA Technologies 2009-01-14 18:49 11,973 ----a-w c:\\windows\\system32\\drivers\\secdrv.sys 2009-01-12 15:00 --------- d-----w c:\\program files\\Opera 10 Preview 2009-01-12 12:35 --------- d-----w c:\\program files\\HD Tune 2009-01-11 14:53 --------- d-----w c:\\documents and settings\\Adasz\\Dane aplikacji\\Crayon Physics Deluxe 2008-12-27 19:07 --------- d-----w c:\\program files\\Futuremark 2008-12-18 20:03 319,488 ----a-w c:\\windows\\HideWin.exe 2008-12-16 15:10 606,848 ----a-w c:\\windows\\flashax.exe 2008-12-16 15:10 503,808 ----a-w c:\\windows\\leogeo_timebeat.scr 2008-12-16 15:10 12,288 ----a-w c:\\windows\\impborl.dll 2008-03-25 19:10 0 ---ha-w c:\\documents and settings\\Adasz\\hpothb07.dat 2008-02-15 11:31 2 --shatr c:\\windows\\winstart.bat 2008-07-22 05:17 3,911,712 --sha-w c:\\windows\\system32\\drivers\\fidbox.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"Skype\"=\"c:\\program files\\Skype\\Phone\\Skype.exe\" [2008-09-23 21755688] \"ctfmon.exe\"=\"c:\\windows\\system32\\ctfmon.exe\" [2004-08-03 15360] \"supervisor.exe\"=\"c:\\windows\\supervisor.exe\" [2005-06-17 1077248] [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"Gainward\"=\"c:\\program files\\VDOTool\\TBPanel.exe\" [2007-11-01 2165272] \"NvCplDaemon\"=\"c:\\windows\\system32\\NvCpl.dll\" [2008-10-07 13574144] \"GrooveMonitor\"=\"c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2006-10-27 31016] \"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre1.6.0_06\\bin\\jusched.exe\" [2008-03-25 144784] \"CoolSwitch\"=\"c:\\windows\\system32\\taskswitch.exe\" [2002-03-19 45632] \"NeroFilterCheck\"=\"c:\\windows\\system32\\NeroCheck.exe\" [2006-01-12 155648] \"SmcService\"=\"c:\\progra~1\\Sygate\\SPF\\smc.exe\" [2004-10-15 2577632] \"WinFast Schedule\"=\"c:\\program files\\WinFast\\WFTVFM\\WFWIZ.exe\" [2006-04-27 344064] \"PCSuiteTrayApplication\"=\"c:\\program files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" [2007-06-18 271360] \"AVG8_TRAY\"=\"c:\\progra~1\\AVG\\AVG8\\avgtray.exe\" [2009-02-07 1601304] \"RegDoctor\"=\"c:\\program files\\RegDoctor\\RegDoctor.exe\" [2008-08-27 2256896] \"QuickTime Task\"=\"c:\\program files\\QuickTime\\QTTask.exe\" [2007-06-29 286720] \"NvMediaCenter\"=\"c:\\windows\\system32\\NvMcTray.dll\" [2008-10-07 86016] \"RemoteControl\"=\"c:\\program files\\CyberLink\\PowerDVD\\PDVDServ.exe\" [2003-10-31 32768] \"Advanced System Protector\"=\"c:\\program files\\Systweak\\Advanced System Protector\\ASP.exe\" [2009-01-03 15585512] \"nwiz\"=\"nwiz.exe\" [2008-10-07 c:\\windows\\system32\\nwiz.exe] [HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run] \"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2004-08-03 15360] \"Nokia.PCSync\"=\"c:\\program files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" [2007-06-19 1241088] c:\\docume~1\\ALLUSE~1\\MENUST~1\\Programy\\AUTOST~1\\ Adobe Reader Speed Launch.lnk - c:\\program files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe [2005-09-24 29696] hp psc 1000 series.lnk - c:\\program files\\Hewlett-Packard\\Digital Imaging\\bin\\hpohmr08.exe [2003-04-06 147456] hpoddt01.exe.lnk - c:\\program files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe [2003-04-06 28672] [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\avgrsstarter] 2009-02-07 09:41 10520 c:\\windows\\system32\\avgrsstx.dll [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32] \"vidc.wmv3\"= c:\\progra~1\\COMBIN~1\\Filters\\wmv9vcm.dll [HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\\[u]0[/u]lsdelete\\[u]0[/u]sasnative32 [HKEY_LOCAL_MACHINE\\software\\microsoft\\security center] \"UpdatesDisableNotify\"=dword:00000001 [HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile] \"EnableFirewall\"= 0 (0x0) [HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List] \"c:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"= \"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"= \"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"= \"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"= \"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"= \"c:\\\\Program Files\\\\Bonjour\\\\mDNSResponder.exe\"= \"c:\\\\Program Files\\\\AVG\\\\AVG8\\\\avgupd.exe\"= \"c:\\\\Program Files\\\\TVAnts\\\\Tvants.exe\"= \"c:\\\\Program Files\\\\SopCast\\\\SopCast.exe\"= \"c:\\\\xampplite\\\\mysql\\\\bin\\\\mysqld.exe\"= \"c:\\\\xampplite\\\\apache\\\\bin\\\\apache.exe\"= \"d:\\\\Gry\\\\PES2009\\\\pes2009.exe\"= \"d:\\\\Gry\\\\Sports Interactive\\\\Football Manager 2009\\\\fm.exe\"= \"d:\\\\Gry\\\\Activision\\\\Call of Duty 4 - Modern Warfare\\\\iw3mp.exe\"= \"d:\\\\Gry\\\\EA Games\\\\Mirror\'s Edge\\\\Binaries\\\\MirrorsEdge.exe\"= \"c:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"= \"d:\\\\Gry\\\\Electronic Arts\\\\Burnout(TM) Paradise The Ultimate Box\\\\BurnoutLauncher.exe\"= \"d:\\\\Gry\\\\Electronic Arts\\\\Burnout(TM) Paradise The Ultimate Box\\\\BurnoutConfigTool.exe\"= \"d:\\\\Gry\\\\Electronic Arts\\\\Burnout(TM) Paradise The Ultimate Box\\\\BurnoutParadise.exe\"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\\windows\\system32\\drivers\\avgldx86.sys [2008-07-15 325128] R2 avg8wd;AVG8 WatchDog;c:\\progra~1\\AVG\\AVG8\\avgwdsvc.exe [2009-02-07 298264] R2 TabletServicePen;TabletServicePen;c:\\windows\\system32\\Pen_Tablet.exe [2008-08-31 1373480] R3 BCASPROT;Advanced System Protector;c:\\program files\\Systweak\\Advanced System Protector\\sasprot32.sys [2009-01-25 6656] S3 ATE_PROCMON;ATE_PROCMON;\\??\\c:\\program files\\Anti Trojan Elite\\ATEPMon.sys --> c:\\program files\\Anti Trojan Elite\\ATEPMon.sys [?] S3 WFIOCTL;WFIOCTL;\\??\\c:\\program files\\WinFast\\WFTVFM\\WFIOCTL.SYS --> c:\\program files\\WinFast\\WFTVFM\\WFIOCTL.SYS [?] [HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{279e68fb-fc9c-11dc-8051-0050bfff53c6}] \\Shell\\AutoRun\\command - J:\\Autorun.exe [HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{93b8cad7-0c6d-11dd-807f-0050bfff53c6}] \\Shell\\AutoRun\\command - setup.exe . Zawartość folderu \'Zaplanowane zadania\' 2009-02-14 c:\\windows\\Tasks\\AppleSoftwareUpdate.job - c:\\program files\\Apple Software Update\\SoftwareUpdate.exe [2007-06-03 12:42] 2008-06-18 c:\\windows\\Tasks\\FRU Task #Hewlett-Packard#hp psc 1000 series#1205759890.job - c:\\program files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqfrucl.exe [2003-04-06 00:52] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-Anti Trojan Elite - c:\\program files\\Anti Trojan Elite\\TJEnder.exe . ------- Skan uzupełniający ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: E&ksportuj do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\Office12\\EXCEL.EXE/3000 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\\documents and settings\\Adasz\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\nzq763ue.default\\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - component: c:\\program files\\AVG\\AVG8\\Firefox\\components\\avgssff.dll FF - plugin: c:\\documents and settings\\Adasz\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\nzq763ue.default\\extensions\\firefox@tvunetworks.com\\plugins\\npTVUAx.dll FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npganymedenet.dll FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\NPPOKER.dll FF - plugin: c:\\program files\\Opera 10 Preview\\program\\plugins\\npdsplay.dll FF - plugin: c:\\program files\\Opera 10 Preview\\program\\plugins\\NPSWF32.dll FF - plugin: c:\\program files\\Opera 10 Preview\\program\\plugins\\npwmsdrm.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-24 10:28:49 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\\System\\ControlSet004\\Services\\vsdatant] \"ImagePath\"=\"\" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\\S-1-5-21-343818398-1004336348-725345543-1003\\Software\\G*e*n*i*e*\"!\\FM Genie Scout 2009 XE] \"GameDir\"=\"c:\\\\Documents and Settings\\\\Adasz\\\\Moje dokumenty\\\\Sports Interactive\\\\Football Manager 2009\\\\games\" \"ShortlistDir\"=\"\" \"ScreenshotsDir\"=\"c:\\\\Documents and Settings\\\\Adasz\\\\Moje dokumenty\\\\Sports Interactive\\\\Football Manager 2009\" \"SaveDir\"=\"c:\\\\Documents and Settings\\\\Adasz\\\\Moje dokumenty\\\\Sports Interactive\\\\Football Manager 2009\\\\\" \"HistoryDir\"=\"h:\\\\FM Genie Scout 2009 XE\\\\History Points\" \"LangDB\"=\"d:\\\\Gry\\\\Sports Interactive\\\\Football Manager 2009\\\\data\\\\updates\\\\update-910\\\\db\\\\910\\\\lang_db.dat\" \"LastSaveGame\"=\"\" \"Language\"=\"English\" \"LoadLangDB\"=dword:00000001 \"CompressHistoryPoints\"=dword:00000000 \"HighlightedAttributes\"=dword:00000000 \"MinCondition\"=dword:00000050 \"SkinName\"=\"Champions League\" \"LastUpdateCheck\"=dword:00000000 \"HighQualityGUI\"=dword:00000001 \"AutomaticallyUpdateCheck\"=dword:00000001 \"AdvancedGeneration\"=dword:00000000 \"TranslateStaffSkills\"=dword:00000001 \"TranslatePlayerSkills\"=dword:00000001 \"TranslatePositions\"=dword:00000001 \"ShowHistory\"=dword:00000001 \"Version\"=dword:00000066 \"UniqueID\"=\"84-8600-E22F\" \"Currency\"=dword:00000056 \"UseProxy\"=dword:00000000 \"ProxyHost\"=\"\" \"ProxyPort\"=\"\" \"UseAuthentication\"=dword:00000000 \"UserName\"=\"\" \"UserPassword\"=\"\" [HKEY_USERS\\S-1-5-21-343818398-1004336348-725345543-1003\\Software\\SecuROM\\!CAUTION! NEVER A OR CHANGE ANY KEY*] \"??\"=hex:65,e3,a8,0e,60,34,fe,d2,d9,8e,0c,3f,38,26,fb,c6,18,0b,28,52,2d,fb,29, 4d,17,c5,12,14,29,79,a3,26,57,81,a0,99,d7,8c,0a,c9,58,e7,57,81,a9,94,6e,e6,\\ \"??\"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\\S-1-5-21-343818398-1004336348-725345543-1003\\Software\\SecuROM\\License information*] \"datasecu\"=hex:a7,93,ae,ac,38,42,09,53,0f,b6,5a,da,ca,1a,f4,2c,e8,1b,78,c0,2a, f7,f9,3a,c0,e1,99,48,f0,4f,2b,d1,77,41,93,c8,45,a3,48,96,b1,7b,b0,5d,8f,9a,\\ \"rkeysecu\"=hex:cc,d9,41,8c,96,6a,05,20,7e,04,7e,21,78,5f,d3,28 . Czas ukończenia: 2009-02-24 10:30:30 ComboFix-quarantined-files.txt 2009-02-24 09:30:28 ComboFix2.txt 2008-07-17 09:11:49 Przed: 4 515 590 144 bajtów wolnych Po: 4,743,720,960 bajtów wolnych Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 221

Nowy Komentarz:

Komentarze: