Kod: 60115 WKLEJTO.PL Darmowa wklejka, na zawsze!

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119. 120. 121. 122. 123. 124. 125. 126. 127. 128. 129. 130. 131. 132. 133. 134. 135. 136. 137. 138. 139. 140. 141. 142. 143. 144. 145. 146. 147. 148. 149. 150. 151. 152. 153. 154. 155. 156. 157. 158. 159. 160. 161. 162. 163. 164. 165. 166. 167.

ComboFix 10-03-10.02 - Grzesiek 2010-03-10 23:07:24.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.511.102 [GMT 1:00] Uruchomiony z: c:\\documents and settings\\Grzesiek\\Moje dokumenty\\Pobieranie\\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100310-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((( Pliki utworzone od 2010-02-10 do 2010-03-10 ))))))))))))))))))))))))))))))) . 2010-03-10 22:00 . 2010-03-10 22:00 -------- d-----w- C:\\!KillBox 2010-03-09 22:57 . 2010-03-09 22:57 -------- d-sh--w- c:\\documents and settings\\LocalService\\IETldCache 2010-03-09 22:56 . 2010-03-10 22:12 802304 ----a-w- c:\\windows\\system32\\drivers\\ludvbnit.sys . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-10 18:51 . 2009-11-23 13:14 -------- d-----w- c:\\documents and settings\\Grzesiek\\Dane aplikacji\\teamspeak2 2010-02-12 05:25 . 2009-09-24 19:42 -------- d-----w- c:\\program files\\Lexmark X1100 Series 2010-02-10 18:31 . 2009-06-16 17:19 -------- d-----w- c:\\documents and settings\\All Users\\Dane aplikacji\\Microsoft Help 2010-02-10 00:24 . 2009-06-15 10:50 -------- d-----w- c:\\documents and settings\\Grzesiek\\Dane aplikacji\\Skype 2010-02-09 23:06 . 2009-06-15 10:51 -------- d-----w- c:\\documents and settings\\Grzesiek\\Dane aplikacji\\skypePM 2010-01-21 01:44 . 2009-12-17 15:04 -------- d---a-w- c:\\documents and settings\\All Users\\Dane aplikacji\\TEMP 2010-01-13 23:41 . 2009-06-15 10:49 -------- d-----r- c:\\program files\\Skype 2010-01-13 23:41 . 2010-01-13 23:41 -------- d-----w- c:\\program files\\Common Files\\Skype 2010-01-13 23:41 . 2009-06-15 10:49 -------- d-----w- c:\\documents and settings\\All Users\\Dane aplikacji\\Skype 2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\\windows\\system32\\drivers\\srv.sys 2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\\windows\\system32\\wininet.dll 2009-12-17 07:42 . 2009-06-15 09:54 345088 ----a-w- c:\\windows\\system32\\mspaint.exe 2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\\windows\\system32\\csrsrv.dll 2009-12-11 15:09 . 2006-03-02 12:00 84916 ----a-w- c:\\windows\\system32\\perfc015.dat 2009-12-11 15:09 . 2006-03-02 12:00 493632 ----a-w- c:\\windows\\system32\\perfh015.dat . ((((((((((((((((((((((((((((( SnapShot@2010-03-10_18.19.01 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-10 22:03 . 2010-03-10 22:03 16384 c:\\windows\\Temp\\Perflib_Perfdata_4f8.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks] \"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\"= \"c:\\program files\\Winamp Toolbar\\winamptb.dll\" [2009-02-19 1262888] [HKEY_CLASSES_ROOT\\clsid\\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\\TypeLib\\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"Nowe Gadu-Gadu\"=\"c:\\program files\\Nowe Gadu-Gadu\\gg.exe\" [2009-08-31 11391592] \"msnmsgr\"=\"c:\\program files\\Windows Live\\Messenger\\msnmsgr.exe\" [2009-02-06 3885408] \"SpybotSD TeaTimer\"=\"c:\\program files\\Spybot - Search & Destroy\\TeaTimer.exe\" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"Smapp\"=\"c:\\program files\\Analog Devices\\SoundMAX\\SMTray.exe\" [2003-05-05 143360] \"StartCCC\"=\"c:\\program files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" [2009-02-25 61440] \"ASUS Probe\"=\"c:\\program files\\ASUS\\Probe\\AsusProb.exe\" [2002-12-06 617984] \"SpeedTouch USB Diagnostics\"=\"c:\\program files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" [2004-03-23 888832] \"GrooveMonitor\"=\"c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2008-10-25 31072] \"WinampAgent\"=\"c:\\program files\\Winamp\\winampa.exe\" [2008-03-27 36352] \"MP10_EnsureFileVer\"=\"c:\\windows\\inf\\unregmp2.exe\" [2008-04-14 208896] \"Lexmark X1100 Series\"=\"c:\\program files\\Lexmark X1100 Series\\lxbkbmgr.exe\" [2003-08-19 57344] \"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre6\\bin\\jusched.exe\" [2009-10-08 149280] [HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run] \"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-14 15360] c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\ Adobe Reader Speed Launch.lnk - c:\\program files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe [2005-9-24 29696] [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\Wdf01000.sys] @=\"Driver\" [HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List] \"%windir%\\\\system32\\\\sessmgr.exe\"= \"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"= \"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"= \"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"= \"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"= \"c:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe\"= \"d:\\\\Rozrywka\\\\Gry\\\\CS\\\\hl.exe\"= \"d:\\\\Rozrywka\\\\Gry\\\\CS\\\\hlds.exe\"= \"d:\\\\Rozrywka\\\\Gry\\\\grota\\\\metin2.bin\"= \"c:\\\\Program Files\\\\Nowe Gadu-Gadu\\\\gg.exe\"= \"d:\\\\Rozrywka\\\\Gry\\\\Soldat\\\\Soldat.exe\"= \"d:\\\\Rozrywka\\\\Gry\\\\grota\\\\metin2client.bin\"= \"c:\\\\Program Files\\\\Veoh Networks\\\\VeohWebPlayer\\\\veohwebplayer.exe\"= \"c:\\\\Program Files\\\\Skype\\\\Plugin Manager\\\\skypePM.exe\"= \"c:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"= R0 viasraid;viasraid;c:\\windows\\system32\\drivers\\viasraid.sys [2004-04-13 77312] R1 aswSP;avast! Self Protection;c:\\windows\\system32\\drivers\\aswSP.sys [2009-06-15 114768] R2 aswFsBlk;aswFsBlk;c:\\windows\\system32\\drivers\\aswFsBlk.sys [2009-06-15 20560] S3 npggsvc;nProtect GameGuard Service;c:\\windows\\system32\\GameMon.des -service --> c:\\windows\\system32\\GameMon.des -service [?] S3 Revolution1;Revolution1;\\??\\c:\\documents and settings\\Grzesiek\\Moje dokumenty\\Pobieranie\\Revolution Engine v.8.3\\SHAK3.sys --> c:\\documents and settings\\Grzesiek\\Moje dokumenty\\Pobieranie\\Revolution Engine v.8.3\\SHAK3.sys [?] --- Inne Usługi/Sterowniki w Pamięci --- *Deregistered* - ludvbnit . . ------- Skan uzupełniający ------- . IE: &Winamp Search - c:\\documents and settings\\All Users\\Dane aplikacji\\Winamp Toolbar\\ieToolbar\\resources\\en-US\\local\\search.html IE: E&ksportuj do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\Office12\\EXCEL.EXE/3000 TCP: {3952EC9D-7EFC-4641-BD7C-EA013688DDB9} = 80.244.140.241 80.244.128.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - FF - ProfilePath - c:\\documents and settings\\Grzesiek\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\mawqhbgn.default\\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\\documents and settings\\Grzesiek\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\mawqhbgn.default\\extensions\\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\\components\\WinampTBPlayer.dll FF - plugin: c:\\documents and settings\\Grzesiek\\Dane aplikacji\\Nowe Gadu-Gadu\\_userdata\\npgg.1.dll FF - plugin: c:\\program files\\K-Lite Codec Pack\\real\\browser\\plugins\\nppl3260.dll FF - plugin: c:\\program files\\K-Lite Codec Pack\\real\\browser\\plugins\\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\\windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\DotNetAssistantExtension\\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-10 23:12 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\npggsvc] \"ImagePath\"=\"c:\\windows\\system32\\GameMon.des -service\" [HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\ludvbnit] . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > \'winlogon.exe\'(476) c:\\windows\\system32\\Ati2evxx.dll - - - - - - - > \'explorer.exe\'(1844) c:\\windows\\system32\\WININET.dll c:\\windows\\system32\\webcheck.dll c:\\windows\\system32\\WPDShServiceObj.dll c:\\windows\\system32\\PortableDeviceTypes.dll c:\\windows\\system32\\PortableDeviceApi.dll . Czas ukończenia: 2010-03-10 23:14:15 ComboFix-quarantined-files.txt 2010-03-10 22:14 ComboFix2.txt 2010-03-10 18:21 ComboFix3.txt 2010-03-10 14:48 Przed: 6 414 213 120 bajtów wolnych Po: 6 377 226 240 bajtów wolnych - - End Of File - - 7E99A25C7204F35B0236BE500D6DB106

Nowy Komentarz:

Komentarze: