wklejto.pl

Dodane przez: ~tomekch97 (2010-08-31 13:13) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
ComboFix 10-08-30.02 - Tomek xD 2010-08-31  12:39:01.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1023.792 [GMT 2:00]
Uruchomiony z: d:\pobrane z mozilla firefox\ComboFix.exe
.
 
(((((((((((((((((((((((((((((((((((((((   Usunito   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\0w.com
C:\Autorun.inf
c:\windows\system32\explorer.exe
c:\windows\system32\gasretyw0.dll
c:\windows\system32\kamsoft.exe
D:\0w.com
D:\Autorun.inf
E:\0w.com
E:\autorun.inf
 
.
(((((((((((((((((((((((((   Pliki utworzone od 2010-07-28 do 2010-08-31  )))))))))))))))))))))))))))))))
.
 
2010-08-31 09:46 . 2010-08-31 09:46     --------        d-----w-        c:\program files\IrfanView
2010-08-31 09:21 . 2010-08-31 09:21     --------        d-----w-        c:\program files\Google
2010-08-31 08:46 . 2010-08-31 08:51     --------        d-----w-        c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\Temp
2010-08-31 08:46 . 2010-08-31 10:16     --------        d-----w-        c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\Google
2010-08-31 07:20 . 2010-08-31 07:20     --------        d-----w-        c:\documents and settings\Tomek xD\Dane aplikacji\Media Player Classic
2010-08-30 08:38 . 2010-08-30 08:39     --------        d-----w-        c:\program files\Common Files\Real
2010-08-30 08:38 . 2010-08-30 08:39     --------        d-----w-        c:\program files\Real
2010-08-29 07:24 . 2010-08-29 07:27     --------        d--h--w-        c:\documents and settings\All Users\Dane aplikacji\WebDrive
2010-08-29 07:23 . 2010-08-29 07:23     --------        d-----w-        c:\windows\Downloaded Installations
2010-08-28 20:46 . 2010-08-28 20:46     --------        d-----w-        c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\PCHealth
2010-08-28 13:52 . 2009-10-28 12:44     42088   ----a-w-        c:\documents and settings\Tomek xD\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.1.dll
2010-08-28 13:52 . 2009-10-28 12:04     11264   ----a-w-        c:\documents and settings\Tomek xD\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.1.dll
2010-08-28 13:52 . 2010-08-28 13:52     --------        d-----w-        c:\documents and settings\Tomek xD\Dane aplikacji\Gadu-Gadu 10
2010-08-28 13:52 . 2010-08-28 13:52     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-08-28 10:02 . 2010-08-28 10:02     --------        d-----w-        c:\documents and settings\Tomek xD\Dane aplikacji\gtk-2.0
2010-08-28 10:01 . 2010-08-28 10:01     --------        d-----w-        c:\documents and settings\Tomek xD\.thumbnails
2010-08-28 09:50 . 2010-08-29 09:56     --------        d-----w-        c:\documents and settings\Tomek xD\.gimp-2.6
2010-08-28 09:47 . 2010-08-28 09:47     --------        d-----w-        c:\program files\GIMP-2.0
2010-08-28 07:46 . 2010-08-28 08:14     --------        d-----w-        c:\program files\Registry Victor
2010-08-27 11:09 . 2010-08-27 11:09     --------        d-----w-        c:\windows\system32\LogFiles
2010-08-26 20:34 . 2010-08-26 20:34     --------        d-----w-        c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\Adobe
2010-08-26 20:26 . 2010-08-26 20:34     --------        d-----w-        c:\program files\Common Files\Adobe
2010-08-26 20:23 . 2010-08-26 20:23     --------        d-----w-        c:\windows\Cache
2010-08-26 10:11 . 2010-08-26 11:21     --------        d-----w-        c:\program files\Sony Ericsson
2010-08-24 22:45 . 2010-08-24 22:45     --------        d-----w-        c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\Thunderbird
2010-08-24 22:45 . 2010-08-24 22:45     --------        d-----w-        c:\documents and settings\Tomek xD\Dane aplikacji\Thunderbird
2010-08-24 21:59 . 2010-08-24 21:59     --------        d-----w-        c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\Opera
2010-08-24 14:27 . 2010-08-24 14:27     --------        d-----w-        c:\windows\Sun
2010-08-24 12:41 . 2010-08-24 12:41     --------        d-----w-        c:\documents and settings\Tomek xD\Dane aplikacji\Lavasoft
2010-08-24 12:40 . 2010-08-24 12:40     --------        d-----w-        c:\program files\Lavasoft
2010-08-24 11:59 . 2010-08-24 11:59     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\Fighters
2010-08-24 11:48 . 2010-08-24 11:49     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2010-08-24 11:26 . 2010-08-24 11:26     --------        d-----w-        c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\SpeedUpMyPC
2010-08-24 11:26 . 2010-08-24 11:26     --------        d-----w-        c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\Przyspiesz_Komputer
2010-08-24 11:21 . 2006-06-29 11:07     14048   ------w-        c:\windows\system32\spmsg2.dll
2010-08-24 11:16 . 2008-07-06 12:06     89088   ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-24 11:16 . 2008-07-06 12:06     89088   -c----w-        c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-24 11:16 . 2008-07-06 12:06     117760  ------w-        c:\windows\system32\prntvpt.dll
2010-08-24 11:16 . 2008-07-06 10:50     597504  -c----w-        c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-24 11:16 . 2008-07-06 10:50     597504  ------w-        c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-08-24 11:16 . 2008-07-06 12:06     575488  -c----w-        c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-24 11:16 . 2008-07-06 12:06     575488  ------w-        c:\windows\system32\xpsshhdr.dll
2010-08-24 11:16 . 2008-07-06 12:06     1676288 -c----w-        c:\windows\system32\dllcache\xpssvcs.dll
2010-08-24 11:16 . 2008-07-06 12:06     1676288 ------w-        c:\windows\system32\xpssvcs.dll
2010-08-24 10:41 . 2010-08-24 10:41     --------        d-----r-        C:\AHCache
2010-08-24 10:15 . 2010-08-24 10:15     56      ---ha-w-        c:\windows\system32\ezsidmv.dat
2010-08-24 10:15 . 2010-08-24 10:15     --------        d-----w-        c:\documents and settings\Tomek xD\Dane aplikacji\skypePM
2010-08-24 10:14 . 2010-08-24 10:17     --------        d-----w-        c:\documents and settings\Tomek xD\Dane aplikacji\Skype
2010-08-24 10:13 . 2010-08-24 10:13     --------        d-----w-        c:\program files\Common Files\Skype
2010-08-24 10:13 . 2010-08-24 10:14     --------        d-----r-        c:\program files\Skype
2010-08-24 10:13 . 2010-08-24 10:13     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\Skype
2010-08-24 10:10 . 2010-08-24 10:10     604416  ----a-w-        c:\windows\system32\TUProgSt.exe
2010-08-24 10:10 . 2009-04-27 12:21     28928   ----a-w-        c:\windows\system32\uxtuneup.dll
2010-08-24 10:10 . 2010-08-24 10:10     361216  ----a-w-        c:\windows\system32\TuneUpDefragService.exe
2010-08-24 10:10 . 2010-08-24 10:10     --------        d-----w-        c:\documents and settings\Tomek xD\Dane aplikacji\TuneUp Software
2010-08-24 10:10 . 2010-08-24 10:10     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\TuneUp Software
2010-08-24 10:10 . 2010-08-24 10:10     --------        d-----w-        c:\program files\TuneUp Utilities 2009
2010-08-24 10:10 . 2010-08-24 10:10     --------        d-sh--w-        c:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}
2010-08-24 09:37 . 2010-08-24 09:38     --------        d-----w-        c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\cache
2010-08-24 09:12 . 2010-08-24 09:48     --------        d-----w-        c:\documents and settings\Tomek xD\Dane aplikacji\Nowe Gadu-Gadu
2010-08-24 09:12 . 2010-08-24 09:12     --------        d-----w-        c:\program files\Nowe Gadu-Gadu
2010-08-24 09:08 . 2008-04-13 21:15     26368   -c--a-w-        c:\windows\system32\dllcache\usbstor.sys
2010-08-24 09:03 . 2010-08-24 12:38     --------        d-----w-        c:\windows\system32\URTTemp
2010-08-24 08:52 . 2010-08-24 08:52     --------        d-----w-        c:\documents and settings\Tomek xD\Dane aplikacji\Ahead
2010-08-24 08:42 . 2010-08-24 08:42     --------        d-----w-        c:\program files\ToniArts
2010-08-24 08:41 . 2010-08-24 09:28     --------        d-----w-        c:\program files\CCleaner
2010-08-24 08:35 . 2007-09-04 15:56     164352  ----a-w-        c:\windows\system32\unrar.dll
2010-08-24 08:35 . 2007-12-24 11:49     7680    ----a-w-        c:\windows\system32\ff_vfw.dll
2010-08-24 08:35 . 2010-08-30 08:38     348160  ----a-w-        c:\windows\system32\msvcr71.dll
2010-08-24 08:35 . 2010-08-24 08:35     --------        d-----w-        c:\program files\K-Lite Codec Pack
2010-08-24 08:25 . 2010-07-07 05:55     545     ----a-w-        c:\windows\UC.PIF
2010-08-24 08:25 . 2010-07-07 05:55     545     ----a-w-        c:\windows\RAR.PIF
2010-08-24 08:25 . 2010-07-07 05:55     545     ----a-w-        c:\windows\PKZIP.PIF
2010-08-24 08:25 . 2010-07-07 05:55     545     ----a-w-        c:\windows\PKUNZIP.PIF
2010-08-24 08:25 . 2010-07-07 05:55     545     ----a-w-        c:\windows\NOCLOSE.PIF
2010-08-24 08:25 . 2010-07-07 05:55     545     ----a-w-        c:\windows\LHA.PIF
2010-08-24 08:25 . 2010-07-07 05:55     545     ----a-w-        c:\windows\ARJ.PIF
2010-08-24 08:25 . 2010-08-24 08:29     --------        d-----w-        c:\program files\totalcmd
2010-08-24 08:25 . 2010-08-24 08:25     --------        d-----w-        c:\documents and settings\Tomek xD\Dane aplikacji\GHISLER
2010-08-24 08:13 . 2006-10-26 17:56     33104   ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-08-24 08:13 . 2006-10-26 17:56     32592   ----a-w-        c:\windows\system32\msonpmon.dll
2010-08-24 08:06 . 2010-08-24 08:06     --------        d-----w-        c:\program files\Microsoft Works
2010-08-24 08:06 . 2010-08-24 12:30     --------        d-----w-        c:\program files\MSBuild
2010-08-24 07:56 . 2010-08-24 08:03     --------        d-----w-        c:\windows\SHELLNEW
2010-08-24 07:55 . 2010-08-24 07:55     --------        d-----w-        c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2010-08-24 07:55 . 2010-08-28 12:39     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-08-24 07:54 . 2010-08-24 07:54     --------        d-----r-        C:\MSOCache
2010-08-24 07:51 . 2010-08-24 07:51     --------        d-----w-        c:\program files\Alcohol Soft
2010-08-24 07:31 . 2010-08-30 13:20     --------        d-----w-        c:\program files\Winamp
2010-08-24 07:18 . 2008-04-14 19:50     54784   -c--a-w-        c:\windows\system32\dllcache\vfwwdm32.dll
2010-08-24 07:18 . 2008-04-14 19:50     54784   ----a-w-        c:\windows\system32\vfwwdm32.dll
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 08:39 . 2010-08-30 08:39     49152   ----a-w-        c:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-08-30 08:39 . 2010-08-30 08:39     45056   ----a-w-        c:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-08-30 08:39 . 2010-08-30 08:39     45056   ----a-w-        c:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-08-30 08:39 . 2010-08-30 08:39     45056   ----a-w-        c:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-08-30 08:39 . 2010-08-30 08:39     45056   ----a-w-        c:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-08-30 08:39 . 2010-08-30 08:39     40960   ----a-w-        c:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-08-30 08:39 . 2010-08-30 08:39     341600  ----a-w-        c:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-08-30 08:39 . 2010-08-30 08:39     308808  ----a-w-        c:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-08-30 08:39 . 2010-08-30 08:39     14848   ----a-w-        c:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-08-30 08:39 . 2010-08-30 08:39     --------        d-----w-        c:\program files\Common Files\xing shared
2010-08-30 08:38 . 2010-08-24 08:48     499712  ----a-w-        c:\windows\system32\msvcp71.dll
2010-08-29 20:42 . 2010-08-23 21:11     --------        d-----w-        c:\program files\JDownloader
2010-08-28 12:49 . 2010-08-23 20:17     --------        d-----w-        c:\program files\Lx_cats
2010-08-28 08:16 . 2010-08-23 20:32     --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-08-24 13:20 . 2010-01-17 20:37     67368   ----a-w-        c:\windows\system32\perfc015.dat
2010-08-24 13:20 . 2010-01-17 20:37     391510  ----a-w-        c:\windows\system32\perfh015.dat
2010-08-24 13:19 . 2010-08-23 20:04     68456   ----a-w-        c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-08-24 08:49 . 2010-08-24 08:48     --------        d-----w-        c:\program files\Nero
2010-08-24 08:49 . 2010-08-24 08:48     --------        d-----w-        c:\program files\Common Files\Ahead
2010-08-24 08:42 . 2010-08-23 20:08     --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-08-24 07:10 . 2010-08-23 20:16     --------        d-----w-        c:\program files\Lexmark 2300 Series
2010-08-23 21:55 . 2010-08-23 19:54     86327   ----a-w-        c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-23 21:31 . 2010-08-23 21:31     --------        d-----w-        c:\program files\SkaWit
2010-08-23 21:16 . 2010-08-23 21:16     503808  ----a-w-        c:\documents and settings\Tomek xD\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6cca4f66-n\msvcp71.dll
2010-08-23 21:16 . 2010-08-23 21:16     499712  ----a-w-        c:\documents and settings\Tomek xD\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6cca4f66-n\jmc.dll
2010-08-23 21:16 . 2010-08-23 21:16     348160  ----a-w-        c:\documents and settings\Tomek xD\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6cca4f66-n\msvcr71.dll
2010-08-23 21:16 . 2010-08-23 21:16     61440   ----a-w-        c:\documents and settings\Tomek xD\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-57c945e3-n\decora-sse.dll
2010-08-23 21:16 . 2010-08-23 21:16     12800   ----a-w-        c:\documents and settings\Tomek xD\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-57c945e3-n\decora-d3d.dll
2010-08-23 21:16 . 2010-08-23 21:16     --------        d-----w-        c:\program files\Common Files\Java
2010-08-23 21:15 . 2010-08-23 21:16     411368  ----a-w-        c:\windows\system32\deployJava1.dll
2010-08-23 21:15 . 2010-08-23 21:15     --------        d-----w-        c:\program files\Java
2010-08-23 20:33 . 2010-08-23 20:33     0       ----a-w-        c:\windows\nsreg.dat
2010-08-23 20:19 . 2010-08-23 20:19     --------        d-----w-        c:\program files\Abbyy FineReader 6.0 Sprint
2010-08-23 20:19 . 2010-08-23 20:18     --------        d-----w-        c:\program files\Lexmark Fax Solutions
2010-08-23 20:19 . 2010-08-23 20:19     --------        d-----w-        c:\documents and settings\All Users\Dane aplikacji\FaxCtr
2010-08-23 20:15 . 2010-08-23 20:08     --------        d-----w-        c:\program files\Common Files\InstallShield
2010-08-23 20:08 . 2010-08-23 20:08     --------        d-----w-        c:\program files\C-Media
2010-08-23 20:08 . 2010-08-23 20:08     --------        d-----w-        c:\program files\C-Media 3D Audio
2010-08-23 19:57 . 2010-08-23 19:57     --------        d-----w-        c:\program files\microsoft frontpage
2010-08-23 19:53 . 2010-08-23 19:53     --------        d-----w-        c:\program files\Usugi online
2010-08-23 19:50 . 2010-08-23 19:50     21856   ----a-w-        c:\windows\system32\emptyregdb.dat
2010-08-23 19:49 . 2010-08-23 19:49     --------        d-----w-        c:\program files\Windows Media Connect 2
2010-07-21 23:23 . 2010-07-21 23:23     364544  ----a-w-        c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.3.dll
2010-07-21 23:23 . 2010-07-21 23:23     397312  ----a-w-        c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.3.dll
.
 
------- Sigcheck -------
 
[-] 2010-01-17 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawidowe wpisy nie s pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2010-08-31 136176]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-30 202256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-30 4628480]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2010-01-17 15360]
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
 
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2010-01-17 69248]
R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2010-01-17 212520]
S0 mv91xx;mv91xx; [x]
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Zawarto folderu 'Zaplanowane zadania'
 
2010-08-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
 
2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-412668190-842925246-1003Core.job
- c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-08-31 08:46]
 
2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-412668190-842925246-1003UA.job
- c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-08-31 08:46]
 
2010-08-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-412668190-842925246-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
 
2010-08-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-412668190-842925246-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
 
2010-08-28 c:\windows\Tasks\Registry Victor Schedule.job
- c:\program files\Registry Victor\RegistryVictor.exe [2010-08-28 11:08]
.
.
------- Skan uzupeniajcy -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Tomek xD\Dane aplikacji\Mozilla\Firefox\Profiles\2kut4b0o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.3.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Tomek xD\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
 
---- FIREFOX - SPOSB POSTPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - USUNITO PUSTE WPISY - - - -
 
HKCU-Run-wsctf.exe - wsctf.exe
 
 
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 12:44
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
skanowanie ukrytych procesw ...  
 
skanowanie ukrytych wpisw autostartu ... 
 
skanowanie ukrytych plikw ...  
 
skanowanie pomylnie ukoczone
ukryte pliki: 0
 
**************************************************************************
 
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
 
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8659D168]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7883f28
\Driver\ACPI -> ACPI.sys @ 0xf77e5cb8
\Driver\atapi -> 0x8659d168
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS:  -> SendCompleteHandler -> 0x0
 PacketIndicateHandler -> 0x0
 SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK 
 
**************************************************************************
.
Czas ukoczenia: 2010-08-31  12:47:00
ComboFix-quarantined-files.txt  2010-08-31 10:46
 
Przed: 15293100032 bajtw wolnych
Po: 15298224128 bajtw wolnych
 
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
 
- - End Of File - - 6BE282FB479469F47184B7C2AE6B48A1
 
Wygenerowano w 0.140s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!