dastin utworzono 11 stycznia 2009 utworzono 11 stycznia 2009 d:\windows\system32\cwabskqv.inid:\windows\system32\dsmcqokc.inid:\windows\system32\hhwicsvv.inid:\windows\system32\ibtadeld.inid:\windows\system32\jbojokmd.inid:\windows\system32\jdassksm.inid:\windows\system32\jlwmltyf.inid:\windows\system32\kiudffmr.inid:\windows\system32\lcqjhojq.inid:\windows\system32\lggchosu.inid:\windows\system32\mmugubqx.inid:\windows\system32\pdeocxqr.inid:\windows\system32\pqmtiiuj.inid:\windows\system32\pvoinsqj.inid:\windows\system32\qgofxtag.inid:\windows\system32\qknlpafw.inid:\windows\system32\rehjuhrk.inid:\windows\system32\rhwytjoi.inid:\windows\system32\rmnmmlrr.inid:\windows\system32\sivnxqqn.inid:\windows\system32\tbntuenx.inid:\windows\system32\tkpewxwo.inid:\windows\system32\totofels.inid:\windows\system32\uekwynny.inid:\windows\system32\uflyechy.inid:\windows\system32\upuussft.inid:\windows\system32\vpftlded.inid:\windows\system32\vrmvhoks.inid:\windows\system32\vulrqikw.inid:\windows\system32\xjowfsks.inid:\windows\system32\xmegksus.inid:\windows\system32\xmmemrjw.ini.---- Previous Run -------.d:\program files\myglobalsearchd:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JARd:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFESTd:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JARd:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFESTd:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLLd:\program files\myglobalsearch\bar\Cache\[u]0[/u]0BECF0Bd:\program files\myglobalsearch\bar\Cache\[u]0[/u]0BED0D0d:\program files\myglobalsearch\bar\Cache\[u]0[/u]0BED219.bind:\program files\myglobalsearch\bar\Cache\[u]0[/u]0BED3ED.bind:\program files\myglobalsearch\bar\Cache\[u]0[/u]0BED535.bind:\program files\myglobalsearch\bar\Cache\files.inid:\program files\myglobalsearch\bar\History\searchd:\program files\myglobalsearch\bar\Settings\prevcfg.htmd:\windows\system32\bKQtvGgh.inid:\windows\system32\bKQtvGgh.ini2d:\windows\system32\jqsniovp.dlld:\windows\system32\kmaspokd.dlld:\windows\system32\mcrh.tmpd:\windows\system32\wcjxci.dll.((((((((((((((((((((((((( Pliki utworzone od 2008-12-11 do 2009-01-11 ))))))))))))))))))))))))))))))).2009-01-10 17:20 . 1998-10-29 16:45 306,688 --a------ d:\windows\IsUninst.exe2009-01-04 15:02 . 2009-01-04 15:02 <DIR> d-------- d:\program files\Bonjour2009-01-04 14:51 . 2009-01-04 14:51 <DIR> d-------- d:\program files\Common Files\Macrovision Shared2008-12-28 17:07 . 2008-12-28 17:07 5,292,054 --a------ d:\windows\BricoPack Wallpaper.bmp2008-12-25 20:02 . 2008-12-26 00:24 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\BESTplayer2008-12-23 15:45 . 2008-12-23 17:08 786 --a------ d:\windows\eReg.dat2008-12-23 11:26 . 2008-12-23 11:26 <DIR> d-------- d:\documents and settings\dastin\WINDOWS2008-12-23 11:26 . 1998-01-23 14:15 304,640 --a------ d:\windows\IsUn0415.exe2008-12-22 00:22 . 2008-12-22 00:22 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Toribash2008-12-16 20:12 . 2006-11-11 04:47 527,136 -ra------ d:\windows\system32\LVUI2RC.dll2008-12-16 20:12 . 2006-11-11 04:43 487,328 -ra------ d:\windows\system32\drivers\LV561AV.SYS2008-12-16 20:12 . 2003-02-21 13:42 348,160 -ra------ d:\windows\system\msvcr71.dll2008-12-16 20:12 . 2006-11-11 04:44 264,992 -ra------ d:\windows\system32\lvcodec2.dll2008-12-16 20:12 . 2006-11-11 04:47 211,744 -ra------ d:\windows\system32\LVUI2.dll2008-12-16 20:12 . 2006-11-11 04:45 121,632 -ra------ d:\windows\system32\lvcoinst.dll2008-12-16 20:12 . 2006-11-11 03:31 42,594 -ra------ d:\windows\system32\lvcoinst.ini2008-12-16 20:12 . 2006-11-11 04:48 40,352 -ra------ d:\windows\system32\drivers\LVUSBSta.sys2008-12-16 20:12 . 2006-11-11 03:30 7,734 -ra------ d:\windows\system32\Repository.reg2008-12-16 20:09 . 2008-12-16 20:09 118,784 -r------- d:\windows\bwUnin-7.2.0.157-8876480SL.exe2008-12-16 20:04 . 2008-12-16 20:09 <DIR> d-------- d:\program files\Logitech2008-12-16 20:04 . 2008-12-16 20:08 <DIR> d-------- d:\program files\Common Files\Logitech2008-12-16 20:04 . 2008-12-16 20:04 <DIR> d-------- d:\program files\Common Files\Logishrd2008-12-16 20:04 . 2008-12-16 20:04 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Logitech2008-12-11 20:37 . 2008-12-11 20:37 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-11 21:14 --------- d-----w d:\program files\Mozilla Firefox 3.1 Beta 22009-01-11 13:47 --------- d--h--w d:\program files\InstallShield Installation Information2009-01-04 14:04 --------- d-----w d:\program files\Common Files\Adobe2008-12-24 22:20 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\skypePM2008-12-24 22:20 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Skype2008-12-23 20:55 219,648 ----a-w d:\windows\system32\uxtheme.dll2008-12-11 19:37 --------- d-----w d:\program files\Kaspersky Lab2008-12-09 09:28 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-12-07 16:30 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Mikrotik2008-12-07 12:54 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\TuneUp Software2008-12-07 12:53 --------- d-sh--w d:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}2008-12-07 12:53 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\TuneUp Software2008-12-06 11:24 60,416 ----a-w d:\windows\ALCFDRTM.EXE2008-12-05 20:51 --------- d-----w d:\program files\QuickTime Alternative2008-12-05 20:51 --------- d-----w d:\program files\K-Lite Codec Pack2008-12-05 20:51 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Apple Computer2008-12-04 17:30 --------- d-----w d:\program files\Panasonic2008-12-04 17:27 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Panasonic2008-12-03 13:28 --------- d-----w d:\program files\SAGEM WiFi manager2008-12-03 13:28 --------- d-----w d:\program files\SAGEM2008-11-30 21:45 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Any Video Converter2008-11-29 12:44 --------- d-----w d:\program files\Skype2008-11-29 12:44 --------- d-----w d:\program files\Common Files\Skype2008-11-29 12:44 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Skype2008-11-24 14:32 57,344 ----a-w d:\windows\system32\ff_vfw.dll2008-11-14 16:09 --------- d-----w d:\program files\DAEMON Tools Toolbar2008-11-14 16:08 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\DAEMON Tools2008-11-14 15:33 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro2008-11-14 15:30 717,296 ----a-w d:\windows\system32\drivers\sptd.sys2008-11-14 15:30 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\DAEMON Tools Pro2008-11-13 21:44 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Ahead2008-11-13 16:35 --------- d-----w d:\program files\BearShare2008-11-13 13:43 410,976 ----a-w d:\windows\system32\deploytk.dll2008-11-13 13:42 --------- d-----w d:\program files\Java2008-11-12 21:44 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2008-11-12 17:30 --------- d-----w d:\program files\Common Files\Ahead2008-11-12 17:28 --------- d-----w d:\program files\Nero2008-11-12 17:28 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Nero2008-11-12 17:22 --------- d-----w d:\program files\MSBuild2008-11-12 17:22 --------- d-----w d:\program files\Microsoft Works2008-11-12 17:15 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Media Player Classic2008-11-12 14:16 --------- d-----w d:\program files\Winamp2008-11-12 14:16 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Winamp2008-11-12 13:46 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Gadu-Gadu2008-11-12 13:30 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\INTERIAPL2008-11-12 13:15 --------- d-----w d:\program files\INTERIAPL2008-11-12 13:09 --------- d-----w d:\program files\honestech2008-11-12 13:09 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\InstallShield2008-11-12 13:07 --------- d-----w d:\program files\PlayTV MPEG 2 Vista Update2008-11-12 13:04 --------- d-----w d:\program files\Common Files\InstallShield2008-11-12 13:02 --------- d-----w d:\program files\Gadu-Gadu2008-11-12 12:49 --------- d-----w d:\program files\microsoft frontpage2008-11-12 12:48 --------- d-----w d:\program files\Usługi online2008-10-28 22:35 684,032 ----a-w d:\windows\system32\divx.dll2008-10-16 13:13 202,776 ----a-w d:\windows\system32\wuweb.dll2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll2008-10-16 13:12 561,688 ----a-w d:\windows\system32\wuapi.dll2008-10-16 13:12 323,608 ----a-w d:\windows\system32\wucltui.dll2008-10-16 13:09 92,696 ----a-w d:\windows\system32\cdm.dll2008-10-16 13:09 51,224 ----a-w d:\windows\system32\wuauclt.exe2008-10-16 13:09 43,544 ----a-w d:\windows\system32\wups2.dll2008-10-16 13:08 34,328 ----a-w d:\windows\system32\wups.dll.((((((((((((((((((((((((((((( snapshot@2008-12-21_18.32.25.93 ))))))))))))))))))))))))))))))))))))))))).+ 2007-04-20 17:16:00 1,117,184 ----a-w d:\windows\Resources\Themes\Inspirat2\Shell\AeroBlack\Shellstyle.dll+ 2007-04-20 17:16:00 1,117,184 ----a-w d:\windows\Resources\Themes\Inspirat2\Shell\AeroBlue\Shellstyle.dll+ 2007-04-21 09:07:00 894,464 ----a-w d:\windows\Resources\Themes\Inspirat2\Shell\ClassicXP\Shellstyle.dll+ 2007-04-20 17:16:00 1,117,184 ----a-w d:\windows\Resources\Themes\Inspirat2\Shell\NormalColor\Shellstyle.dll+ 2005-08-20 09:30:00 2,085,888 ----a-w d:\windows\Resources\Themes\Vista\Shell\NormalColor\shellstyle.dll+ 2005-08-20 11:48:00 1,201,664 ----a-w d:\windows\Resources\Themes\Vista\Shell\VISTA12\shellstyle.dll+ 2005-08-20 09:30:00 2,085,888 ----a-w d:\windows\Resources\Themes\Vista\Shell\VISTA2\shellstyle.dll+ 2005-08-20 11:48:00 1,201,664 ----a-w d:\windows\Resources\Themes\Vista\Shell\VISTA22\shellstyle.dll+ 2008-12-27 14:13:19 249,856 ----a-w d:\windows\system32\config\systemprofile\ntuser.dat+ 2004-08-03 23:44:18 101,376 -c--a-w d:\windows\system32\dllcache\ahui(2).exe+ 2004-08-03 23:43:54 28,672 -c--a-w d:\windows\system32\dllcache\batmeter(2).dll+ 2004-08-03 23:43:54 1,015,296 -c--a-w d:\windows\system32\dllcache\browseui(2).dll+ 2004-08-03 23:43:54 82,944 -c--a-w d:\windows\system32\dllcache\cabview(2).dll+ 2001-10-26 18:29:48 118,272 -c--a-w d:\windows\system32\dllcache\calc(2).exe- 2004-08-03 23:43:54 66,560 -c--a-w d:\windows\system32\dllcache\cdm.dll+ 2008-10-16 13:09:44 92,696 -c--a-w d:\windows\system32\dllcache\cdm.dll+ 2004-08-03 23:44:18 109,056 -c--a-w d:\windows\system32\dllcache\cleanmgr(2).exe+ 2004-08-03 23:44:18 422,400 -c--a-w d:\windows\system32\dllcache\cmd(2).exe+ 2004-08-03 23:43:56 453,120 -c--a-w d:\windows\system32\dllcache\cmdial32(2).dll+ 2001-10-26 18:29:28 69,632 -c--a-w d:\windows\system32\dllcache\console(2).dll+ 2004-08-03 23:43:56 189,952 -c--a-w d:\windows\system32\dllcache\credui(2).dll+ 2004-08-03 23:44:20 975,872 -c--a-w d:\windows\system32\dllcache\explorer(2).exe+ 2004-08-03 23:43:58 394,240 -c--a-w d:\windows\system32\dllcache\fontext(2).dll+ 2004-08-03 23:44:22 764,928 -c--a-w d:\windows\system32\dllcache\helpctr(2).exe+ 2004-08-03 23:44:00 161,280 -c--a-w d:\windows\system32\dllcache\hotplug(2).dll+ 2004-08-03 23:44:22 832,512 -c--a-w d:\windows\system32\dllcache\iexplore(2).exe+ 2001-10-26 18:28:06 288,256 -c--a-w d:\windows\system32\dllcache\inetcplc(2).dll+ 2004-08-03 23:44:02 404,480 -c--a-w d:\windows\system32\dllcache\keymgr(2).dll+ 2004-08-03 23:44:30 3,128,320 -c--a-w d:\windows\system32\dllcache\logon(2).scr+ 2004-08-03 23:44:22 5,650,944 -c--a-w d:\windows\system32\dllcache\logonui(2).exe+ 2004-08-03 23:44:22 540,672 -c--a-w d:\windows\system32\dllcache\migwiz(2).exe+ 2004-08-03 23:42:56 380,416 -c--a-w d:\windows\system32\dllcache\moricons(2).dll+ 2004-08-03 23:44:24 3,676,160 -c--a-w d:\windows\system32\dllcache\moviemk(2).exe+ 2004-08-03 23:44:06 1,105,920 -c--a-w d:\windows\system32\dllcache\msgina(2).dll+ 2004-08-03 23:44:06 3,444,224 -c--a-w d:\windows\system32\dllcache\mshtml(2).dll+ 2004-08-03 23:44:24 224,256 -c--a-w d:\windows\system32\dllcache\msimn(2).exe+ 2004-08-03 23:43:08 2,512,384 -c--a-w d:\windows\system32\dllcache\msoeres(2).dll+ 2004-08-03 23:44:26 442,368 -c--a-w d:\windows\system32\dllcache\mspaint(2).exe+ 2004-08-03 23:44:06 325,120 -c--a-w d:\windows\system32\dllcache\mstask(2).dll+ 2004-08-03 21:59:44 657,408 -c--a-w d:\windows\system32\dllcache\mstscax(2).dll+ 2004-08-03 23:44:08 86,528 -c--a-w d:\windows\system32\dllcache\mydocs(2).dll+ 2004-08-03 23:44:26 56,832 -c--a-w d:\windows\system32\dllcache\narrator(2).exe+ 2004-08-03 23:44:08 149,504 -c--a-w d:\windows\system32\dllcache\netid(2).dll+ 2004-08-03 23:44:08 2,130,432 -c--a-w d:\windows\system32\dllcache\netshell(2).dll+ 2004-08-03 23:44:08 415,232 -c--a-w d:\windows\system32\dllcache\newdev(2).dll+ 2004-08-03 23:44:26 156,160 -c--a-w d:\windows\system32\dllcache\notepad(2).exe+ 2004-08-03 23:44:08 233,472 -c--a-w d:\windows\system32\dllcache\ntshrui(2).dll+ 2004-08-03 23:44:08 147,456 -c--a-w d:\windows\system32\dllcache\occache(2).dll+ 2004-08-03 23:44:10 749,056 -c--a-w d:\windows\system32\dllcache\printui(2).dll+ 2004-08-03 23:44:10 1,247,232 -c--a-w d:\windows\system32\dllcache\rasdlg(2).dll+ 2004-08-03 23:44:28 227,328 -c--a-w d:\windows\system32\dllcache\regedit(2).exe+ 2004-08-03 23:43:20 680,448 -c--a-w d:\windows\system32\dllcache\shdoclc(2).dll+ 2004-08-03 23:44:10 1,762,816 -c--a-w d:\windows\system32\dllcache\shdocvw(2).dll+ 2004-08-03 23:44:10 12,826,624 -c--a-w d:\windows\system32\dllcache\shell32(2).dll+ 2004-08-03 23:44:12 1,789,440 -c--a-w d:\windows\system32\dllcache\shimgvw(2).dll+ 2004-08-03 23:44:12 498,176 -c--a-w d:\windows\system32\dllcache\shlwapi(2).dll+ 2004-08-03 23:44:28 181,248 -c--a-w d:\windows\system32\dllcache\sndrec32(2).exe+ 2001-10-26 18:30:02 152,576 -c--a-w d:\windows\system32\dllcache\sndvol32(2).exe+ 2004-08-03 23:44:12 147,968 -c--a-w d:\windows\system32\dllcache\stobject(2).dll+ 2004-08-03 23:44:28 182,784 -c--a-w d:\windows\system32\dllcache\sysocmgr(2).exe+ 2004-08-03 23:44:14 1,248,256 -c--a-w d:\windows\system32\dllcache\syssetup(2).dll+ 2004-08-03 23:44:28 185,856 -c--a-w d:\windows\system32\dllcache\taskmgr(2).exe+ 2004-08-03 23:44:14 391,168 -c--a-w d:\windows\system32\dllcache\themeui(2).dll+ 2004-08-03 23:44:14 59,392 -c--a-w d:\windows\system32\dllcache\url(2).dll+ 2004-08-03 23:44:14 675,840 -c--a-w d:\windows\system32\dllcache\urlmon(2).dll- 2004-08-03 23:44:14 219,648 -c--a-w d:\windows\system32\dllcache\uxtheme.dll+ 2008-12-23 20:55:19 219,648 -c--a-w d:\windows\system32\dllcache\uxtheme.dll+ 2004-08-03 23:44:14 440,832 -c--a-w d:\windows\system32\dllcache\webcheck(2).dll+ 2004-08-03 23:44:30 887,808 -c--a-w d:\windows\system32\dllcache\wiaacmgr(2).exe+ 2004-08-03 23:44:16 773,120 -c--a-w d:\windows\system32\dllcache\wiashext(2).dll+ 2004-08-03 23:44:16 693,248 -c--a-w d:\windows\system32\dllcache\wininet(2).dll+ 2004-08-03 23:43:42 1,466,368 -c--a-w d:\windows\system32\dllcache\winntbbu(2).dll+ 2004-08-03 23:44:16 292,352 -c--a-w d:\windows\system32\dllcache\winsrv(2).dll- 2004-08-03 23:44:16 431,616 -c--a-w d:\windows\system32\dllcache\wuapi.dll+ 2008-10-16 13:12:20 561,688 -c--a-w d:\windows\system32\dllcache\wuapi.dll+ 2008-10-16 13:09:44 66,584 -c--a-w d:\windows\system32\dllcache\wuauclt(2).exe- 2004-08-03 23:44:30 112,128 -c--a-w d:\windows\system32\dllcache\wuauclt.exe+ 2008-10-16 13:09:44 51,224 -c--a-w d:\windows\system32\dllcache\wuauclt.exe+ 2004-08-03 23:44:30 288,768 -c--a-w d:\windows\system32\dllcache\wuauclt1(2).exe- 2004-08-03 23:44:16 1,134,592 -c--a-w d:\windows\system32\dllcache\wuaueng.dll+ 2008-10-16 13:13:40 1,809,944 -c--a-w d:\windows\system32\dllcache\wuaueng.dll- 2004-08-03 23:44:16 113,664 -c--a-w d:\windows\system32\dllcache\wucltui.dll+ 2008-10-16 13:12:22 323,608 -c--a-w d:\windows\system32\dllcache\wucltui.dll- 2004-08-03 23:44:16 36,864 -c--a-w d:\windows\system32\dllcache\wups.dll+ 2008-10-16 13:08:58 34,328 -c--a-w d:\windows\system32\dllcache\wups.dll- 2004-08-03 23:44:16 120,320 -c--a-w d:\windows\system32\dllcache\wuweb.dll+ 2008-10-16 13:13:40 202,776 -c--a-w d:\windows\system32\dllcache\wuweb.dll+ 2004-08-03 23:44:18 906,240 -c--a-w d:\windows\system32\dllcache\zipfldr(2).dll+ 2006-02-28 11:41:34 61,440 ----a-w d:\windows\system32\dns-sd.exe+ 2006-02-28 11:41:22 53,248 ----a-w d:\windows\system32\dnssd.dll- 2008-12-10 13:56:47 268,600 ----a-w d:\windows\system32\FNTCACHE.DAT+ 2009-01-05 13:30:15 1,562,936 ----a-w d:\windows\system32\FNTCACHE.DAT+ 2008-12-28 16:41:42 6,926,344 ----a-w d:\windows\system32\Restore\rstrlog.dat+ 2008-10-16 13:08:58 34,328 ----a-w d:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll+ 2007-11-01 03:45:32 77,312 ----a-w d:\windows\system32\TWAIN_32.DLL+ 2007-11-01 03:45:32 48,560 ----a-w d:\windows\system32\TWUNK_16.EXE+ 2007-11-01 03:45:32 69,632 ----a-w d:\windows\system32\TWUNK_32.EXE+ 2009-01-11 11:50:04 16,384 ----atw d:\windows\Temp\Perflib_Perfdata_750.dat+ 2006-06-05 13:14:28 479,232 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll+ 2006-06-05 13:14:28 548,864 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll+ 2006-06-05 13:14:28 626,688 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll.-- Migawka wyzerowana --.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Stefan"="f:\program files\INTERIAPL\Stefan\Stefan.exe" [2008-07-17 685568]"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UserFaultCheck"="d:\windows\system32\dumprep 0 -u" [X]d:\documents and settings\dastin\Menu Start\Programy\Autostart\Kaspersky Anti-Virus.lnk - d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe [2006-07-12 98407][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=wcjxci.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 15:40 155648 d:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-09-12 17:45 36352 d:\program files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]--a------ 2005-07-26 09:16 77824 d:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"kavsvc"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="d:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="d:\\WINDOWS\\system32\\java.exe"="d:\\Program Files\\BearShare\\BearShare.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="d:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Program Files\\Bonjour\\mDNSResponder.exe"=R1 klmc;Sterownik KLMC;d:\windows\system32\drivers\klmc.sys [2006-07-12 14803]R3 CXTuner;Conexant TVTuner;d:\windows\system32\drivers\CXTuner.sys [2006-05-23 23168]R3 CXVideo;Conexant Capture;d:\windows\system32\drivers\CXVCap.sys [2006-05-22 57216]R3 CXXBar;Conexant Crossbar;d:\windows\system32\drivers\CXXBar.sys [2006-04-25 9600]S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\drivers\WlanBZXP.sys [2008-12-03 450560]S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\d:\windows\system32\ZDCndis5.SYS --> d:\windows\system32\ZDCndis5.SYS [?][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f7-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - G:\setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f9-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - I:\USBNB.exe.- - - - USUNIĘTO PUSTE WPISY - - - -ShellExecuteHooks-{47080957-7903-41FC-B655-CEBA0A65E64A} - (no file).------- Skan uzupełniający -------.uInternet Settings,ProxyOverride = *.localFF - ProfilePath - d:\documents and settings\dastin\Dane aplikacji\Mozilla\Firefox\Profiles\k8q933k3.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
Mateusz J. komentarz 11 stycznia 2009 komentarz 11 stycznia 2009 Do notatnika wklej: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=-"AppInit_DLLs"="" Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer. Usuń folder c:\QooBox Przesaknuj komputer programem Malwarebytes, raport pokaż na forum.
dastin komentarz 27 stycznia 2009 Autor komentarz 27 stycznia 2009 to jest mój nowy log z combo fix 2009-01-23 23:50 . 2009-01-23 23:53 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Nowe Gadu-Gadu2009-01-20 11:05 . 2009-01-20 11:05 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\UDL2009-01-20 11:00 . 2009-01-20 11:00 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\EPSON2009-01-20 11:00 . 2006-12-08 03:04 76,800 --a------ d:\windows\system32\E_FLBCAE.DLL2009-01-20 11:00 . 2006-04-19 03:00 62,976 --a------ d:\windows\system32\E_FD4BCAE.DLL2009-01-20 11:00 . 2004-09-10 21:12 49,152 --a------ d:\windows\system32\E_DCINST.DLL2009-01-20 11:00 . 2004-08-03 22:58 15,104 --a------ d:\windows\system32\drivers\usbscan.sys2009-01-20 11:00 . 2004-08-03 22:58 15,104 --a--c--- d:\windows\system32\dllcache\usbscan.sys2009-01-20 10:57 . 2009-01-20 11:04 <DIR> d-------- d:\program files\epson2009-01-20 10:57 . 2006-12-28 00:00 208,896 --a------ d:\windows\system32\esint7e.dll2009-01-20 10:57 . 2006-12-28 00:00 66,560 --a------ d:\windows\system32\eswia7e.dll2009-01-20 10:57 . 2006-03-10 00:00 3,584 --a------ d:\windows\system32\eswiaml.dll2009-01-20 10:56 . 2004-08-03 23:01 25,856 --a------ d:\windows\system32\drivers\usbprint.sys2009-01-20 10:56 . 2004-08-03 23:01 25,856 --a--c--- d:\windows\system32\dllcache\usbprint.sys2009-01-20 10:56 . 2009-01-20 10:56 26 --a------ d:\windows\CDE DX4400DEFGIPS.ini2009-01-19 18:27 . 2008-10-27 18:37 192,307 --a------ D:\wubildr2009-01-19 18:27 . 2008-10-27 18:37 8,192 --a------ D:\wubildr.mbr2009-01-19 15:33 . 2009-01-23 17:06 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Azureus2009-01-19 15:33 . 2009-01-19 15:33 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Azureus2009-01-14 17:43 . 2009-01-14 17:43 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\AdobeUM2009-01-10 17:20 . 1998-10-29 16:45 306,688 --a------ d:\windows\IsUninst.exe2009-01-04 15:02 . 2009-01-04 15:02 <DIR> d-------- d:\program files\Bonjour2009-01-04 14:51 . 2009-01-04 14:51 <DIR> d-------- d:\program files\Common Files\Macrovision Shared2008-12-28 17:07 . 2008-12-28 17:07 5,292,054 --a------ d:\windows\BricoPack Wallpaper.bmp.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-27 13:06 --------- d-----w d:\program files\Mozilla Firefox 3.1 Beta 22009-01-20 10:08 --------- d--h--w d:\program files\InstallShield Installation Information2009-01-20 10:07 --------- d-----w d:\program files\Common Files\InstallShield2009-01-04 14:04 --------- d-----w d:\program files\Common Files\Adobe2008-12-25 23:24 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\BESTplayer2008-12-24 22:20 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\skypePM2008-12-24 22:20 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Skype2008-12-23 20:55 219,648 ----a-w d:\windows\system32\uxtheme.dll2008-12-21 23:22 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Toribash2008-12-16 19:09 118,784 ------r d:\windows\bwUnin-7.2.0.157-8876480SL.exe2008-12-16 19:09 --------- d-----w d:\program files\Logitech2008-12-16 19:08 --------- d-----w d:\program files\Common Files\Logitech2008-12-16 19:04 --------- d-----w d:\program files\Common Files\Logishrd2008-12-16 19:04 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Logitech2008-12-11 19:37 --------- d-----w d:\program files\Kaspersky Lab2008-12-11 19:37 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations2008-12-09 09:28 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-12-07 16:30 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Mikrotik2008-12-07 12:54 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\TuneUp Software2008-12-07 12:53 --------- d-sh--w d:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}2008-12-07 12:53 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\TuneUp Software2008-12-06 11:24 60,416 ----a-w d:\windows\ALCFDRTM.EXE2008-12-05 20:51 --------- d-----w d:\program files\QuickTime Alternative2008-12-05 20:51 --------- d-----w d:\program files\K-Lite Codec Pack2008-12-05 20:51 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Apple Computer2008-12-04 17:30 --------- d-----w d:\program files\Panasonic2008-12-04 17:27 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Panasonic2008-12-03 13:28 --------- d-----w d:\program files\SAGEM WiFi manager2008-12-03 13:28 --------- d-----w d:\program files\SAGEM2008-11-30 21:45 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Any Video Converter2008-11-29 12:44 --------- d-----w d:\program files\Skype2008-11-29 12:44 --------- d-----w d:\program files\Common Files\Skype2008-11-29 12:44 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Skype2008-11-24 14:32 57,344 ----a-w d:\windows\system32\ff_vfw.dll2008-11-13 13:43 410,976 ----a-w d:\windows\system32\deploytk.dll2008-10-28 22:35 684,032 ----a-w d:\windows\system32\divx.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Stefan"="f:\program files\INTERIAPL\Stefan\Stefan.exe" [2008-07-17 685568]"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]"EPSON Stylus DX4400 Series"="d:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-01-25 179200][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UserFaultCheck"="d:\windows\system32\dumprep 0 -u" [X]d:\documents and settings\dastin\Menu Start\Programy\Autostart\Kaspersky Anti-Virus.lnk - d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe [2006-07-12 98407][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=wcjxci.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 15:40 155648 d:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-09-12 17:45 36352 d:\program files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]--a------ 2005-07-26 09:16 77824 d:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"kavsvc"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="d:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="d:\\WINDOWS\\system32\\java.exe"="d:\\Program Files\\BearShare\\BearShare.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="d:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Program Files\\Bonjour\\mDNSResponder.exe"="f:\\Program Files\\Vuze\\Azureus.exe"=R1 klmc;Sterownik KLMC;d:\windows\system32\drivers\klmc.sys [2006-07-12 14803]R3 CXTuner;Conexant TVTuner;d:\windows\system32\drivers\CXTuner.sys [2006-05-23 23168]R3 CXVideo;Conexant Capture;d:\windows\system32\drivers\CXVCap.sys [2006-05-22 57216]R3 CXXBar;Conexant Crossbar;d:\windows\system32\drivers\CXXBar.sys [2006-04-25 9600]S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\drivers\WlanBZXP.sys [2008-12-03 450560]S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\d:\windows\system32\ZDCndis5.SYS --> d:\windows\system32\ZDCndis5.SYS [?][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f7-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - G:\setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f9-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - I:\USBNB.exe..------- Skan uzupełniający -------.uStart Page = hxxp://onet.pl/uInternet Settings,ProxyOverride = *.localFF - ProfilePath - d:\documents and settings\dastin\Dane aplikacji\Mozilla\Firefox\Profiles\k8q933k3.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll a jak się skończy skanowanie to pokaże raport tutaj z Malwarebytes ale to jeszcze trochę potrwa
Mateusz J. komentarz 27 stycznia 2009 komentarz 27 stycznia 2009 W poprzednim fixie był błąd, do notatnika miałeś wkleić: Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=-"AppInit_DLLs"=" " Po co ponowny log z ComboFix? Jest on tak czy tak ucięty.
dastin komentarz 27 stycznia 2009 Autor komentarz 27 stycznia 2009 tak ale nie bardzo trochę rozumiem jak mam to że mam wpisać do notatnika to rozumiem a jak już wkleje to gdzie ja go mam umieścić że w sensie na którym dysku itp ... sory za głupie pytania ale takimi rzeczami się 1 raz bawie to jest zdjęcie jak to wygląda po pewnym pomęcie nagle pojawa się 90 operacji i nie da sie tego wyłączyć nie wiem co z tym zrobić proszę o pomoc
Psycholandia komentarz 27 stycznia 2009 komentarz 27 stycznia 2009 Ściągnij: http://www.sendspace.com/file/iibooi kliknij 2 razy na plik i dodaj do rejestru. To jest to co wyżej kolega prosił zrobić.
dastin komentarz 27 stycznia 2009 Autor komentarz 27 stycznia 2009 ok zrobiłem jak myślicie teraz powinno być ok?? czy nadal będę miał problemy i coś będę musiał jeszcze zrobić?? wiem wróżkami nie jesteście ale jak myślicie albo wam sie wydaje
dragonps komentarz 28 stycznia 2009 komentarz 28 stycznia 2009 Witam zrobiłem ja było opisane w instrukcji z combofixi, poniżej jest combofix.txt, co teraz musze zrobić prosze o pomoc bo jestem w tym zielony.Z góry wielkie dzięki. C:\Autorun.infc:\documents and settings\Przemo\Dane aplikacji\Microsoft\dtscc:\documents and settings\Przemo\Dane aplikacji\Microsoft\dtsc\idc:\program files\Mozilla Firefox\components\iamfamous.dllc:\program files\Mozilla Firefox\plugins\NPMyGlSh.dllc:\program files\myglobalsearchc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLLc:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLLc:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLLc:\program files\myglobalsearch\bar\Cache\[u]0[/u]0024EF1c:\program files\myglobalsearch\bar\Cache\[u]0[/u]00251DFc:\program files\myglobalsearch\bar\Cache\[u]0[/u]0025394.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]00254FC.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]00256FF.binc:\program files\myglobalsearch\bar\Cache\files.inic:\program files\myglobalsearch\bar\History\searchc:\program files\myglobalsearch\bar\Settings\prevcfg.htmC:\resycledc:\windows\BM5b97dce5.txtc:\windows\BM5b97dce5.xmlc:\windows\mainms.vpic:\windows\megavid.cdtc:\windows\muotr.soc:\windows\rundll32.vbec:\windows\system32\amsmxeqv.ini2c:\windows\system32\amsmxeqv.tmpc:\windows\system32\AutoRun.infc:\windows\system32\dNVxacfe.ini2c:\windows\system32\gaopdxdlmlqgoe.dllc:\windows\system32\hljwugsf.binc:\windows\system32\pac.txtD:\Autorun.infD:\resycledE:\Autorun.infE:\resycledF:\Autorun.infF:\resycledG:\Autorun.infG:\resycled.((((((((((((((((((((((((( Pliki utworzone od 2008-12-28 do 2009-01-28 ))))))))))))))))))))))))))))))).2009-01-27 23:07 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll2009-01-27 20:54 . 2009-01-27 20:54 <DIR> d-------- c:\program files\Trend Micro2009-01-27 20:40 . 2009-01-27 20:40 <DIR> d-------- c:\program files\Alwil Software2009-01-26 19:57 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys2009-01-26 19:41 . 2009-01-26 19:41 <DIR> d-------- c:\program files\Panda Security2009-01-26 19:15 . 2009-01-26 19:15 <DIR> d-------- C:\$WIN_NT$.~BT2009-01-26 19:15 . 2006-03-02 12:00 469,053 -ra------ C:\txtsetup.sif2009-01-26 19:15 . 2006-03-02 12:00 262,400 -ra------ C:\$LDR$2009-01-26 19:09 . 2009-01-27 23:56 <DIR> d--h----- c:\documents and settings\Administrator.PRZEMEK-EE3286B\Ustawienia lokalne2009-01-26 19:09 . 2007-12-14 21:16 <DIR> d-------- c:\documents and settings\Administrator.PRZEMEK-EE3286B\Ulubione2009-01-26 19:09 . 2007-12-14 20:24 <DIR> d--h----- c:\documents and settings\Administrator.PRZEMEK-EE3286B\Szablony2009-01-26 19:09 . 2007-12-14 21:16 <DIR> d-------- c:\documents and settings\Administrator.PRZEMEK-EE3286B\Pulpit2009-01-26 19:09 . 2007-12-14 21:16 <DIR> d-------- c:\documents and settings\Administrator.PRZEMEK-EE3286B\Moje dokumenty2009-01-26 19:09 . 2007-12-14 21:16 <DIR> dr------- c:\documents and settings\Administrator.PRZEMEK-EE3286B\Menu Start2009-01-26 19:09 . 2008-11-22 16:34 <DIR> dr-h----- c:\documents and settings\Administrator.PRZEMEK-EE3286B\Dane aplikacji2009-01-26 19:09 . 2009-01-26 19:09 <DIR> d-------- c:\documents and settings\Administrator.PRZEMEK-EE3286B2009-01-26 19:02 . 2007-12-14 21:16 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne2009-01-26 19:02 . 2007-12-14 21:16 <DIR> d-------- c:\documents and settings\Administrator\Ulubione2009-01-26 19:02 . 2007-12-14 20:24 <DIR> d--h----- c:\documents and settings\Administrator\Szablony2009-01-26 19:02 . 2007-12-14 21:16 <DIR> d-------- c:\documents and settings\Administrator\Pulpit2009-01-26 19:02 . 2007-12-14 21:16 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty2009-01-26 19:02 . 2007-12-14 21:16 <DIR> dr------- c:\documents and settings\Administrator\Menu Start2009-01-26 19:02 . 2008-11-22 16:34 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji2009-01-26 19:02 . 2009-01-26 19:02 <DIR> d-------- c:\documents and settings\Administrator2009-01-26 15:45 . 2009-01-26 15:45 21 --a------ C:\ADTARC.dat2009-01-26 15:39 . 2009-01-26 15:39 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared2009-01-26 15:39 . 2006-01-01 17:47 <DIR> d-------- C:\ADCDA22009-01-26 15:38 . 2009-01-26 15:38 <DIR> d-------- C:\ADCDTEMP2009-01-18 15:15 . 2009-01-18 15:15 <DIR> d-------- c:\documents and settings\Przemo\WINDOWS2009-01-18 15:15 . 1996-11-05 16:13 299,008 --a------ c:\windows\uninst.exe2009-01-10 19:11 . 2009-01-26 15:08 <DIR> d-------- c:\program files\ALLPlayer2009-01-10 14:09 . 2009-01-26 15:08 <DIR> d-------- c:\program files\NAPI-PROJEKT2009-01-10 13:51 . 2009-01-10 13:51 <DIR> d-------- c:\program files\SystemRequirementsLab.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-28 00:01 --------- d-----w c:\program files\Kalendarz XP2009-01-27 23:58 70,964 --sha-w c:\windows\system32\drivers\fidbox2.idx2009-01-27 23:58 678,688 --sha-w c:\windows\system32\drivers\fidbox2.dat2009-01-27 23:58 304,400 --sha-w c:\windows\system32\drivers\fidbox.idx2009-01-27 23:58 21,634,848 --sha-w c:\windows\system32\drivers\fidbox.dat2009-01-27 23:06 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2009-01-27 21:02 --------- d-----w c:\program files\StumbleUpon2009-01-26 15:10 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin2009-01-18 15:23 --------- d--h--w c:\program files\InstallShield Installation Information2009-01-18 15:13 --------- d-----w c:\program files\Google2009-01-10 18:48 --------- d-----w c:\program files\Opera2009-01-08 19:55 --------- d-----w c:\program files\Kaspersky Lab2009-01-08 19:53 --------- d-----w c:\program files\Spybot - Search & Destroy2009-01-08 19:52 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-01-08 19:51 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-01-07 21:59 --------- d-----w c:\program files\uTorrent2009-01-07 19:06 --------- d-----w c:\program files\eMule2009-01-03 14:53 --------- d-----w c:\program files\Java2008-12-19 21:16 --------- d-----w c:\program files\Sony2008-12-19 20:07 --------- d-----w c:\program files\Sony Corporation2008-12-19 20:07 --------- d-----w c:\program files\Common Files\Sony Shared2008-12-19 19:52 --------- d-----w c:\documents and settings\Przemo\Dane aplikacji\Sony Corporation2008-12-19 19:15 --------- d-----w c:\program files\Spik2008-12-13 18:24 --------- d-----w c:\documents and settings\Przemo\Dane aplikacji\Skype2008-12-13 17:24 --------- d-----w c:\documents and settings\Przemo\Dane aplikacji\skypePM2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys2008-12-07 17:49 --------- d-----w c:\program files\BearShare2008-11-28 23:04 --------- d-----w c:\program files\Picasa22007-12-14 22:22 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat2008-06-05 21:53 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008060520080606\index.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-16 36864]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-08-03 529968]"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-08-03 244520]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2007-12-14 882176]Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-16 196608]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-16 671744][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm"vidc.asv2"= asusasv2.dll"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ComproRemote.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\ComproRemote.lnkbackup=c:\windows\pss\ComproRemote.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ComproScheduler.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\ComproScheduler.lnkbackup=c:\windows\pss\ComproScheduler.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^TweakYC.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\TweakYC.lnkbackup=c:\windows\pss\TweakYC.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Przemo^Menu Start^Programy^Autostart^Adobe Gamma.lnk]path=c:\documents and settings\Przemo\Menu Start\Programy\Autostart\Adobe Gamma.lnkbackup=c:\windows\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Przemo^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk]path=c:\documents and settings\Przemo\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnkbackup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]--a------ 2008-02-22 15:58 217544 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]--a------ 2007-03-28 01:29 1110016 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]--a------ 2006-06-01 13:32 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]--a------ 2007-09-06 13:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]--a------ 2006-11-01 13:50 2154496 c:\program files\GameFace Messenger\GameFace.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]--a------ 2006-11-13 12:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]--a------ 2008-06-17 15:00 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]--a------ 2006-11-28 01:12 2658304 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]--a------ 2008-08-11 07:31 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2007-12-21 20:42 98304 c:\windows\system32\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]-ra------ 2007-12-07 14:08 21686568 c:\program files\Skype\Phone\Skype.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]--a------ 2008-12-09 13:15 103912 c:\program files\Spik\Spik.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]--a------ 2008-01-07 18:26 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2006-06-21 17:14 35328 c:\program files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]--a------ 2006-07-19 12:03 94208 c:\windows\KHALMNPR.Exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a------ 2008-09-17 23:55 1657376 c:\windows\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]--a------ 2006-05-16 17:04 2879488 c:\windows\SkyTel.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\eMule\\emule.exe"="c:\\Program Files\\Spik\\Spik.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\Polish\\setup.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]R1 CXAVSAUD;Compro VideoMate X series Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [2007-12-15 9472]R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [2008-01-18 4256]R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-12-16 3712]S0 pxark;pxark;c:\windows\system32\drivers\pxark.sys --> c:\windows\system32\drivers\pxark.sys [?]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-07-20 138112]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-07-20 8320][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27568b24-a1f1-11dd-9f81-00138faa9a77}]\Shell\AutoRun\command - N:\Autorun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbc75551-a2a0-11dd-9f84-00138faa9a77}]\Shell\AutoRun\command - O:\Autorun.exe.- - - - USUNIĘTO PUSTE WPISY - - - -MSConfigStartUp-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exeMSConfigStartUp-SpeedTouch USB Diagnostics - c:\program files\Thomson\SpeedTouch USB\Dragdiag.exeMSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.wp.pl/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimageHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllHandler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files\Spik\url_wpmsg.dllFF - ProfilePath - c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]z1bo7po.default\FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dllFF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npwpk.dllFF - plugin: c:\program files\Opera\program\plugins\npwpk.dllFF - plugin: c:\program files\Spik\mozilla\npwpk.dll. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-28 00:01:18Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\ATKKBService.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\nvsvc32.exec:\windows\system32\PnkBstrA.exec:\windows\system32\rundll32.exec:\windows\system32\rundll32.exec:\progra~1\MICROS~3\rapimgr.exec:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exec:\windows\system32\wscntfy.exe.**************************************************************************.Czas ukończenia: 2009-01-28 0:04:11 - komputer został uruchomiony ponownie [Przemo]ComboFix-quarantined-files.txt 2009-01-28 00:04:07Przed: 9 950 101 504 bajtów wolnychPo: 12,456,652,800 bajtów wolnych300 --- E O F --- 2009-01-15 18:03:49
Mateusz J. komentarz 28 stycznia 2009 komentarz 28 stycznia 2009 Log czysty. ComboFix usunął całą infekcję. Usuń folder c:\QooBox.
dastin komentarz 31 stycznia 2009 Autor komentarz 31 stycznia 2009 a ja ma problem bo ten wpis do rejestru pomógł na chwile i problem znowu powrócił co mogę jeszcze zrobić??
Mateusz J. komentarz 31 stycznia 2009 komentarz 31 stycznia 2009 Pokaż ponownie loga z ComboFix z podpiętym pendrive. Sformatuj pendrive lub przeczyść go flashdisinfectorem.
dastin komentarz 31 stycznia 2009 Autor komentarz 31 stycznia 2009 ((((((((((((((((((((((((( Pliki utworzone od 2008-12-28 do 2009-01-31 ))))))))))))))))))))))))))))))).2009-01-27 17:14 . 2009-01-27 17:14 <DIR> d-------- D:\KAV2009-01-27 17:14 . 2009-01-27 17:14 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations2009-01-27 14:54 . 2009-01-27 14:54 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Malwarebytes2009-01-27 14:54 . 2009-01-27 14:54 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-01-27 14:54 . 2009-01-14 16:11 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys2009-01-27 14:54 . 2009-01-14 16:11 15,504 --a------ d:\windows\system32\drivers\mbam.sys2009-01-23 23:50 . 2009-01-23 23:53 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Nowe Gadu-Gadu2009-01-20 11:05 . 2009-01-20 11:05 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\UDL2009-01-20 11:00 . 2009-01-20 11:00 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\EPSON2009-01-20 11:00 . 2006-12-08 03:04 76,800 --a------ d:\windows\system32\E_FLBCAE.DLL2009-01-20 11:00 . 2006-04-19 03:00 62,976 --a------ d:\windows\system32\E_FD4BCAE.DLL2009-01-20 11:00 . 2004-09-10 21:12 49,152 --a------ d:\windows\system32\E_DCINST.DLL2009-01-20 11:00 . 2004-08-03 22:58 15,104 --a------ d:\windows\system32\drivers\usbscan.sys2009-01-20 10:57 . 2009-01-20 11:04 <DIR> d-------- d:\program files\epson2009-01-20 10:57 . 2006-12-28 00:00 208,896 --a------ d:\windows\system32\esint7e.dll2009-01-20 10:57 . 2006-12-28 00:00 66,560 --a------ d:\windows\system32\eswia7e.dll2009-01-20 10:57 . 2006-03-10 00:00 3,584 --a------ d:\windows\system32\eswiaml.dll2009-01-20 10:56 . 2004-08-03 23:01 25,856 --a------ d:\windows\system32\drivers\usbprint.sys2009-01-20 10:56 . 2009-01-20 10:56 26 --a------ d:\windows\CDE DX4400DEFGIPS.ini2009-01-19 15:33 . 2009-01-23 17:06 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Azureus2009-01-19 15:33 . 2009-01-19 15:33 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Azureus2009-01-14 17:43 . 2009-01-14 17:43 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\AdobeUM2009-01-10 17:20 . 1998-10-29 16:45 306,688 --a------ d:\windows\IsUninst.exe2009-01-04 15:02 . 2009-01-04 15:02 <DIR> d-------- d:\program files\Bonjour2009-01-04 14:51 . 2009-01-04 14:51 <DIR> d-------- d:\program files\Common Files\Macrovision Shared2008-12-28 17:07 . 2008-12-28 17:07 5,292,054 --a------ d:\windows\BricoPack Wallpaper.bmp2008-12-25 20:02 . 2008-12-26 00:24 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\BESTplayer2008-12-23 15:45 . 2008-12-23 17:08 786 --a------ d:\windows\eReg.dat2008-12-23 11:26 . 2008-12-23 11:26 <DIR> d-------- d:\documents and settings\dastin\WINDOWS2008-12-23 11:26 . 1998-01-23 14:15 304,640 --a------ d:\windows\IsUn0415.exe2008-12-22 00:22 . 2008-12-22 00:22 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Toribash2008-12-16 20:12 . 2006-11-11 04:47 527,136 -ra------ d:\windows\system32\LVUI2RC.dll2008-12-16 20:12 . 2006-11-11 04:43 487,328 -ra------ d:\windows\system32\drivers\LV561AV.SYS2008-12-16 20:12 . 2003-02-21 13:42 348,160 -ra------ d:\windows\system\msvcr71.dll2008-12-16 20:12 . 2006-11-11 04:44 264,992 -ra------ d:\windows\system32\lvcodec2.dll2008-12-16 20:12 . 2006-11-11 04:47 211,744 -ra------ d:\windows\system32\LVUI2.dll2008-12-16 20:12 . 2006-11-11 04:45 121,632 -ra------ d:\windows\system32\lvcoinst.dll2008-12-16 20:12 . 2006-11-11 03:31 42,594 -ra------ d:\windows\system32\lvcoinst.ini2008-12-16 20:12 . 2006-11-11 04:48 40,352 -ra------ d:\windows\system32\drivers\LVUSBSta.sys2008-12-16 20:12 . 2006-11-11 03:30 7,734 -ra------ d:\windows\system32\Repository.reg2008-12-16 20:09 . 2008-12-16 20:09 118,784 -r------- d:\windows\bwUnin-7.2.0.157-8876480SL.exe2008-12-16 20:04 . 2008-12-16 20:09 <DIR> d-------- d:\program files\Logitech2008-12-16 20:04 . 2008-12-16 20:08 <DIR> d-------- d:\program files\Common Files\Logitech2008-12-16 20:04 . 2008-12-16 20:04 <DIR> d-------- d:\program files\Common Files\Logishrd2008-12-16 20:04 . 2008-12-16 20:04 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Logitech2008-12-09 17:25 . 2009-01-31 21:30 <DIR> d-------- d:\program files\Mozilla Firefox 3.1 Beta 22008-12-07 17:30 . 2008-12-07 17:30 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Mikrotik2008-12-07 13:54 . 2008-12-07 13:54 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\TuneUp Software2008-12-07 13:53 . 2008-12-07 13:53 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\TuneUp Software2008-12-07 13:53 . 2008-12-07 13:53 <DIR> d--hs---- d:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}2008-12-07 13:48 . 2008-12-07 14:20 1,144 --a------ d:\windows\wincmd.ini2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\UC.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\RAR.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\PKZIP.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\PKUNZIP.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\NOCLOSE.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\LHA.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\ARJ.PIF2008-12-06 12:24 . 2008-12-06 12:24 940,794 --a------ d:\windows\system32\LoopyMusic.wav2008-12-06 12:24 . 2008-12-06 12:24 146,650 --a------ d:\windows\system32\BuzzingBee.wav2008-12-06 12:24 . 2008-12-07 11:54 60,416 --a------ d:\windows\ALCFDRTM.VER2008-12-06 12:24 . 2008-12-06 12:24 60,416 --a------ d:\windows\ALCFDRTM.EXE2008-12-06 12:19 . 2008-12-06 12:19 <DIR> d-------- d:\windows\system32\Lang2008-12-05 22:07 . 2005-11-06 01:13 1,060,864 --a-s---- d:\windows\system32\mfc71.dll2008-12-05 22:07 . 2005-11-06 01:10 860,211 --a-s---- d:\windows\system32\XSIFtk-3.6.2.1.dll2008-12-05 22:07 . 2005-07-28 08:18 685,056 --a------ d:\windows\system32\drivers\hardlock.sys2008-12-05 22:07 . 2005-11-06 01:13 499,712 --a-s---- d:\windows\system32\msvcp71.dll2008-12-05 22:07 . 2009-01-31 19:40 0 --a------ d:\windows\TempFile2008-12-05 21:51 . 2008-12-05 21:51 <DIR> d-------- d:\program files\QuickTime Alternative2008-12-05 21:51 . 2008-12-05 21:51 <DIR> d-------- d:\program files\K-Lite Codec Pack2008-12-05 21:51 . 2008-12-05 21:51 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Apple Computer2008-12-04 18:31 . 2009-01-04 15:04 <DIR> d-------- d:\program files\Common Files\Adobe2008-12-04 18:27 . 2008-12-04 18:27 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Panasonic2008-12-04 18:26 . 2008-12-04 18:30 <DIR> d-------- d:\program files\Panasonic2008-12-04 18:26 . 2007-06-22 00:10 501,912 --a------ d:\windows\system32\PICSDK2.dll2008-12-03 14:28 . 2008-12-03 14:28 <DIR> d-------- d:\program files\SAGEM WiFi manager2008-12-03 14:28 . 2008-12-03 14:28 <DIR> d-------- d:\program files\SAGEM2008-12-03 14:28 . 2007-01-16 13:52 20,608 --a------ d:\windows\system32\drivers\BRGSp50.sys2008-12-03 14:28 . 2007-01-16 13:52 17,664 --a------ d:\windows\system32\drivers\ZDPSp50.sys2008-12-03 14:26 . 2007-01-10 10:14 450,560 --a------ d:\windows\system32\drivers\WlanBZXP.sys2008-12-03 14:26 . 2005-06-17 10:26 114,688 --a------ d:\windows\system32\WLANUTL.dll2008-12-03 14:26 . 2005-06-17 10:26 61,440 --a------ d:\windows\system32\W32N50.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-27 16:14 --------- d-----w d:\program files\Kaspersky Lab2009-01-20 10:08 --------- d--h--w d:\program files\InstallShield Installation Information2009-01-20 10:07 --------- d-----w d:\program files\Common Files\InstallShield2008-12-24 22:20 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\skypePM2008-12-24 22:20 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Skype2008-12-23 20:55 219,648 ----a-w d:\windows\system32\uxtheme.dll2008-12-09 09:28 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-11-30 21:45 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Any Video Converter2008-11-29 12:44 --------- d-----w d:\program files\Skype2008-11-29 12:44 --------- d-----w d:\program files\Common Files\Skype2008-11-29 12:44 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Skype2008-11-24 14:32 57,344 ----a-w d:\windows\system32\ff_vfw.dll2008-11-13 13:43 410,976 ----a-w d:\windows\system32\deploytk.dll2008-10-28 22:35 684,032 ----a-w d:\windows\system32\divx.dll2008-10-16 13:13 202,776 ----a-w d:\windows\system32\wuweb.dll2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll2008-10-16 13:12 561,688 ----a-w d:\windows\system32\wuapi.dll2008-10-16 13:12 323,608 ----a-w d:\windows\system32\wucltui.dll2008-10-16 13:09 92,696 ----a-w d:\windows\system32\cdm.dll2008-10-16 13:09 51,224 ----a-w d:\windows\system32\wuauclt.exe2008-10-16 13:09 43,544 ----a-w d:\windows\system32\wups2.dll2008-10-16 13:08 34,328 ----a-w d:\windows\system32\wups.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Stefan"="f:\program files\INTERIAPL\Stefan\Stefan.exe" [2008-07-17 685568]"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]"EPSON Stylus DX4400 Series"="d:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-01-25 179200][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UserFaultCheck"="d:\windows\system32\dumprep 0 -u" [X]"KAVWks50"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 98407][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 15:40 155648 d:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-09-12 17:45 36352 d:\program files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]--a------ 2005-07-26 09:16 77824 d:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"kavsvc"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="d:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="d:\\WINDOWS\\system32\\java.exe"="d:\\Program Files\\BearShare\\BearShare.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="d:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Program Files\\Bonjour\\mDNSResponder.exe"="f:\\Program Files\\Vuze\\Azureus.exe"=R1 klmc;Sterownik KLMC;d:\windows\system32\drivers\klmc.sys [2006-07-12 14803]R3 CXTuner;Conexant TVTuner;d:\windows\system32\drivers\CXTuner.sys [2006-05-23 23168]R3 CXVideo;Conexant Capture;d:\windows\system32\drivers\CXVCap.sys [2006-05-22 57216]R3 CXXBar;Conexant Crossbar;d:\windows\system32\drivers\CXXBar.sys [2006-04-25 9600]S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\drivers\WlanBZXP.sys [2008-12-03 450560]S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\d:\windows\system32\ZDCndis5.SYS --> d:\windows\system32\ZDCndis5.SYS [?][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f7-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - G:\setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f9-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - I:\USBNB.exe..------- Skan uzupełniający -------.uStart Page = hxxp://onet.pl/uInternet Settings,ProxyOverride = *.localFF - ProfilePath - d:\documents and settings\dastin\Dane aplikacji\Mozilla\Firefox\Profiles\k8q933k3.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-31 22:06:29Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1482476501-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DDFAB07-700E-32E4-DC00-A05C26A90585}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).Czas ukończenia: 2009-01-31 22:07:35ComboFix-quarantined-files.txt 2009-01-31 21:07:33ComboFix2.txt 2009-01-27 13:49:59Przed: 63 850 741 760 bajtów wolnychPo: 63,857,516,544 bajtów wolnych195
dastin komentarz 1 lutego 2009 Autor komentarz 1 lutego 2009 ComboFix 09-01-31.01 - dastin 2009-01-31 22:04:55.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1535.1071 [GMT 1:00]Uruchomiony z: d:\documents and settings\dastin\Pulpit\ComboFix.exeAV: Kaspersky Anti-Virus for Windows Workstations *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania.((((((((((((((((((((((((( Pliki utworzone od 2008-12-28 do 2009-01-31 ))))))))))))))))))))))))))))))).2009-01-27 17:14 . 2009-01-27 17:14 <DIR> d-------- D:\KAV2009-01-27 17:14 . 2009-01-27 17:14 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations2009-01-27 14:54 . 2009-01-27 14:54 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Malwarebytes2009-01-27 14:54 . 2009-01-27 14:54 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-01-27 14:54 . 2009-01-14 16:11 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys2009-01-27 14:54 . 2009-01-14 16:11 15,504 --a------ d:\windows\system32\drivers\mbam.sys2009-01-23 23:50 . 2009-01-23 23:53 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Nowe Gadu-Gadu2009-01-20 11:05 . 2009-01-20 11:05 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\UDL2009-01-20 11:00 . 2009-01-20 11:00 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\EPSON2009-01-20 11:00 . 2006-12-08 03:04 76,800 --a------ d:\windows\system32\E_FLBCAE.DLL2009-01-20 11:00 . 2006-04-19 03:00 62,976 --a------ d:\windows\system32\E_FD4BCAE.DLL2009-01-20 11:00 . 2004-09-10 21:12 49,152 --a------ d:\windows\system32\E_DCINST.DLL2009-01-20 11:00 . 2004-08-03 22:58 15,104 --a------ d:\windows\system32\drivers\usbscan.sys2009-01-20 10:57 . 2009-01-20 11:04 <DIR> d-------- d:\program files\epson2009-01-20 10:57 . 2006-12-28 00:00 208,896 --a------ d:\windows\system32\esint7e.dll2009-01-20 10:57 . 2006-12-28 00:00 66,560 --a------ d:\windows\system32\eswia7e.dll2009-01-20 10:57 . 2006-03-10 00:00 3,584 --a------ d:\windows\system32\eswiaml.dll2009-01-20 10:56 . 2004-08-03 23:01 25,856 --a------ d:\windows\system32\drivers\usbprint.sys2009-01-20 10:56 . 2009-01-20 10:56 26 --a------ d:\windows\CDE DX4400DEFGIPS.ini2009-01-19 15:33 . 2009-01-23 17:06 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Azureus2009-01-19 15:33 . 2009-01-19 15:33 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Azureus2009-01-14 17:43 . 2009-01-14 17:43 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\AdobeUM2009-01-10 17:20 . 1998-10-29 16:45 306,688 --a------ d:\windows\IsUninst.exe2009-01-04 15:02 . 2009-01-04 15:02 <DIR> d-------- d:\program files\Bonjour2009-01-04 14:51 . 2009-01-04 14:51 <DIR> d-------- d:\program files\Common Files\Macrovision Shared2008-12-28 17:07 . 2008-12-28 17:07 5,292,054 --a------ d:\windows\BricoPack Wallpaper.bmp2008-12-25 20:02 . 2008-12-26 00:24 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\BESTplayer2008-12-23 15:45 . 2008-12-23 17:08 786 --a------ d:\windows\eReg.dat2008-12-23 11:26 . 2008-12-23 11:26 <DIR> d-------- d:\documents and settings\dastin\WINDOWS2008-12-23 11:26 . 1998-01-23 14:15 304,640 --a------ d:\windows\IsUn0415.exe2008-12-22 00:22 . 2008-12-22 00:22 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Toribash2008-12-16 20:12 . 2006-11-11 04:47 527,136 -ra------ d:\windows\system32\LVUI2RC.dll2008-12-16 20:12 . 2006-11-11 04:43 487,328 -ra------ d:\windows\system32\drivers\LV561AV.SYS2008-12-16 20:12 . 2003-02-21 13:42 348,160 -ra------ d:\windows\system\msvcr71.dll2008-12-16 20:12 . 2006-11-11 04:44 264,992 -ra------ d:\windows\system32\lvcodec2.dll2008-12-16 20:12 . 2006-11-11 04:47 211,744 -ra------ d:\windows\system32\LVUI2.dll2008-12-16 20:12 . 2006-11-11 04:45 121,632 -ra------ d:\windows\system32\lvcoinst.dll2008-12-16 20:12 . 2006-11-11 03:31 42,594 -ra------ d:\windows\system32\lvcoinst.ini2008-12-16 20:12 . 2006-11-11 04:48 40,352 -ra------ d:\windows\system32\drivers\LVUSBSta.sys2008-12-16 20:12 . 2006-11-11 03:30 7,734 -ra------ d:\windows\system32\Repository.reg2008-12-16 20:09 . 2008-12-16 20:09 118,784 -r------- d:\windows\bwUnin-7.2.0.157-8876480SL.exe2008-12-16 20:04 . 2008-12-16 20:09 <DIR> d-------- d:\program files\Logitech2008-12-16 20:04 . 2008-12-16 20:08 <DIR> d-------- d:\program files\Common Files\Logitech2008-12-16 20:04 . 2008-12-16 20:04 <DIR> d-------- d:\program files\Common Files\Logishrd2008-12-16 20:04 . 2008-12-16 20:04 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Logitech2008-12-09 17:25 . 2009-01-31 21:30 <DIR> d-------- d:\program files\Mozilla Firefox 3.1 Beta 22008-12-07 17:30 . 2008-12-07 17:30 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Mikrotik2008-12-07 13:54 . 2008-12-07 13:54 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\TuneUp Software2008-12-07 13:53 . 2008-12-07 13:53 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\TuneUp Software2008-12-07 13:53 . 2008-12-07 13:53 <DIR> d--hs---- d:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}2008-12-07 13:48 . 2008-12-07 14:20 1,144 --a------ d:\windows\wincmd.ini2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\UC.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\RAR.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\PKZIP.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\PKUNZIP.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\NOCLOSE.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\LHA.PIF2008-12-07 13:48 . 2008-07-29 07:04 545 --a------ d:\windows\ARJ.PIF2008-12-06 12:24 . 2008-12-06 12:24 940,794 --a------ d:\windows\system32\LoopyMusic.wav2008-12-06 12:24 . 2008-12-06 12:24 146,650 --a------ d:\windows\system32\BuzzingBee.wav2008-12-06 12:24 . 2008-12-07 11:54 60,416 --a------ d:\windows\ALCFDRTM.VER2008-12-06 12:24 . 2008-12-06 12:24 60,416 --a------ d:\windows\ALCFDRTM.EXE2008-12-06 12:19 . 2008-12-06 12:19 <DIR> d-------- d:\windows\system32\Lang2008-12-05 22:07 . 2005-11-06 01:13 1,060,864 --a-s---- d:\windows\system32\mfc71.dll2008-12-05 22:07 . 2005-11-06 01:10 860,211 --a-s---- d:\windows\system32\XSIFtk-3.6.2.1.dll2008-12-05 22:07 . 2005-07-28 08:18 685,056 --a------ d:\windows\system32\drivers\hardlock.sys2008-12-05 22:07 . 2005-11-06 01:13 499,712 --a-s---- d:\windows\system32\msvcp71.dll2008-12-05 22:07 . 2009-01-31 19:40 0 --a------ d:\windows\TempFile2008-12-05 21:51 . 2008-12-05 21:51 <DIR> d-------- d:\program files\QuickTime Alternative2008-12-05 21:51 . 2008-12-05 21:51 <DIR> d-------- d:\program files\K-Lite Codec Pack2008-12-05 21:51 . 2008-12-05 21:51 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Apple Computer2008-12-04 18:31 . 2009-01-04 15:04 <DIR> d-------- d:\program files\Common Files\Adobe2008-12-04 18:27 . 2008-12-04 18:27 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Panasonic2008-12-04 18:26 . 2008-12-04 18:30 <DIR> d-------- d:\program files\Panasonic2008-12-04 18:26 . 2007-06-22 00:10 501,912 --a------ d:\windows\system32\PICSDK2.dll2008-12-03 14:28 . 2008-12-03 14:28 <DIR> d-------- d:\program files\SAGEM WiFi manager2008-12-03 14:28 . 2008-12-03 14:28 <DIR> d-------- d:\program files\SAGEM2008-12-03 14:28 . 2007-01-16 13:52 20,608 --a------ d:\windows\system32\drivers\BRGSp50.sys2008-12-03 14:28 . 2007-01-16 13:52 17,664 --a------ d:\windows\system32\drivers\ZDPSp50.sys2008-12-03 14:26 . 2007-01-10 10:14 450,560 --a------ d:\windows\system32\drivers\WlanBZXP.sys2008-12-03 14:26 . 2005-06-17 10:26 114,688 --a------ d:\windows\system32\WLANUTL.dll2008-12-03 14:26 . 2005-06-17 10:26 61,440 --a------ d:\windows\system32\W32N50.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-27 16:14 --------- d-----w d:\program files\Kaspersky Lab2009-01-20 10:08 --------- d--h--w d:\program files\InstallShield Installation Information2009-01-20 10:07 --------- d-----w d:\program files\Common Files\InstallShield2008-12-24 22:20 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\skypePM2008-12-24 22:20 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Skype2008-12-23 20:55 219,648 ----a-w d:\windows\system32\uxtheme.dll2008-12-09 09:28 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-11-30 21:45 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Any Video Converter2008-11-29 12:44 --------- d-----w d:\program files\Skype2008-11-29 12:44 --------- d-----w d:\program files\Common Files\Skype2008-11-29 12:44 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Skype2008-11-24 14:32 57,344 ----a-w d:\windows\system32\ff_vfw.dll2008-11-13 13:43 410,976 ----a-w d:\windows\system32\deploytk.dll2008-10-28 22:35 684,032 ----a-w d:\windows\system32\divx.dll2008-10-16 13:13 202,776 ----a-w d:\windows\system32\wuweb.dll2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll2008-10-16 13:12 561,688 ----a-w d:\windows\system32\wuapi.dll2008-10-16 13:12 323,608 ----a-w d:\windows\system32\wucltui.dll2008-10-16 13:09 92,696 ----a-w d:\windows\system32\cdm.dll2008-10-16 13:09 51,224 ----a-w d:\windows\system32\wuauclt.exe2008-10-16 13:09 43,544 ----a-w d:\windows\system32\wups2.dll2008-10-16 13:08 34,328 ----a-w d:\windows\system32\wups.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Stefan"="f:\program files\INTERIAPL\Stefan\Stefan.exe" [2008-07-17 685568]"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]"EPSON Stylus DX4400 Series"="d:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-01-25 179200][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UserFaultCheck"="d:\windows\system32\dumprep 0 -u" [X]"KAVWks50"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 98407][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 15:40 155648 d:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-09-12 17:45 36352 d:\program files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]--a------ 2005-07-26 09:16 77824 d:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"kavsvc"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="d:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="d:\\WINDOWS\\system32\\java.exe"="d:\\Program Files\\BearShare\\BearShare.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="d:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Program Files\\Bonjour\\mDNSResponder.exe"="f:\\Program Files\\Vuze\\Azureus.exe"=R1 klmc;Sterownik KLMC;d:\windows\system32\drivers\klmc.sys [2006-07-12 14803]R3 CXTuner;Conexant TVTuner;d:\windows\system32\drivers\CXTuner.sys [2006-05-23 23168]R3 CXVideo;Conexant Capture;d:\windows\system32\drivers\CXVCap.sys [2006-05-22 57216]R3 CXXBar;Conexant Crossbar;d:\windows\system32\drivers\CXXBar.sys [2006-04-25 9600]S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\drivers\WlanBZXP.sys [2008-12-03 450560]S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\d:\windows\system32\ZDCndis5.SYS --> d:\windows\system32\ZDCndis5.SYS [?][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f7-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - G:\setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f9-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - I:\USBNB.exe..------- Skan uzupełniający -------.uStart Page = hxxp://onet.pl/uInternet Settings,ProxyOverride = *.localFF - ProfilePath - d:\documents and settings\dastin\Dane aplikacji\Mozilla\Firefox\Profiles\k8q933k3.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-31 22:06:29Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1482476501-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DDFAB07-700E-32E4-DC00-A05C26A90585}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).Czas ukończenia: 2009-01-31 22:07:35ComboFix-quarantined-files.txt 2009-01-31 21:07:33ComboFix2.txt 2009-01-27 13:49:59Przed: 63 850 741 760 bajtów wolnychPo: 63,857,516,544 bajtów wolnych195
Mateusz J. komentarz 2 lutego 2009 komentarz 2 lutego 2009 Przeskanuj komputer malwarebytes. Raport pokaż na forum. Log wygląda na czysty.
dastin komentarz 8 lutego 2009 Autor komentarz 8 lutego 2009 w raporcie wygląda wsztstko ok program nie znalazł żadnego niebezpiecznego pliku... nadal mam ten sam problem, po pewnym czasie znowu mi sie pojawiają takie okna... i sie wyłącza wszystko
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.