pazzo utworzono 16 lutego 2009 utworzono 16 lutego 2009 Tak jak w temacie. Czytałem troche o jakichs logach ale kompletnie na tym sie nie znam.
Mateusz J. komentarz 16 lutego 2009 komentarz 16 lutego 2009 Log z ComboFix tworzy się tak: http://www.forumpc.pl/index.php?showtopic=11018 Proszę go tutaj zamieścić.
pazzo komentarz 16 lutego 2009 Autor komentarz 16 lutego 2009 Log: ComboFix 09-02-15.01 - zxc 2009-02-16 16:53:41.1 - [b]FAT32[/b]x86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.239 [GMT 1:00]Uruchomiony z: C:\ComboFix.exe * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\AutoRun.infD:\1utbfd.batD:\Autorun.infD:\m0vnonh.batD:\pook.comE:\1utbfd.batE:\Autorun.infE:\gfqgq.cmdE:\m0vnonh.batE:\pook.com.((((((((((((((((((((((((( Pliki utworzone od 2009-01-16 do 2009-02-16 ))))))))))))))))))))))))))))))).2009-02-16 16:47 . 2009-02-16 16:47 2,923,783 -ra------ C:\ComboFix.exe2009-02-16 16:14 . 2009-02-16 16:14 <DIR> d-------- c:\program files\Turbo Torrent2009-02-16 16:13 . 2009-02-16 16:13 3,426,711 --a------ C:\turbo-1.1.6.exe2009-02-16 15:42 . 2009-02-16 15:42 <DIR> d-------- c:\program files\Gadu-Gadu2009-02-16 15:42 . 2009-02-16 15:42 <DIR> d-------- c:\documents and settings\zxc\Gadu-Gadu2009-02-16 13:48 . 2009-02-16 13:48 <DIR> d-------- c:\documents and settings\zxc\Dane aplikacji\HP2009-02-16 13:47 . 2009-02-16 13:47 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\WEBREG2009-02-16 13:45 . 2007-03-08 05:20 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys2009-02-16 13:44 . 2009-02-16 13:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard2009-02-16 13:44 . 2007-05-02 11:03 267,864 -ra------ c:\windows\system32\hpzids01.dll2009-02-16 13:44 . 2007-03-15 15:32 118,272 --a------ c:\windows\system32\hpz3l5ha.dll2009-02-16 13:44 . 2007-03-08 05:20 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys2009-02-16 13:44 . 2007-03-08 05:20 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys2009-02-16 13:43 . 2007-05-02 09:56 954,368 -ra------ c:\windows\system32\hpotiop5.dll2009-02-16 13:43 . 2007-05-02 10:01 675,840 -ra------ c:\windows\system32\hpowiax5.dll2009-02-16 13:43 . 2007-03-08 05:20 364,544 -ra------ c:\windows\system32\hppldcoi.dll2009-02-16 13:43 . 2007-03-08 05:20 309,760 -ra------ c:\windows\system32\difxapi.dll2009-02-16 13:43 . 2007-05-02 10:00 303,104 -ra------ c:\windows\system32\hpovst12.dll2009-02-16 13:43 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys2009-02-16 13:43 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys2009-02-16 13:42 . 2009-02-16 13:42 <DIR> d-------- c:\documents and settings\zxc\Dane aplikacji\HPAppData2009-02-16 13:42 . 2009-02-16 13:42 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY2009-02-16 13:41 . 2009-02-16 13:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant2009-02-16 13:41 . 2009-02-16 13:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP2009-02-16 13:40 . 2009-02-16 13:40 <DIR> d-------- c:\program files\Hewlett-Packard2009-02-16 13:40 . 2009-02-16 13:40 <DIR> d-------- c:\program files\Common Files\HP2009-02-16 13:40 . 2009-02-16 13:40 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard2009-02-16 13:39 . 2009-02-16 13:39 <DIR> d-------- c:\windows\system32\DRVSTORE2009-02-16 13:38 . 2009-02-16 13:38 <DIR> d-------- c:\program files\HP2009-02-16 13:38 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys2009-02-16 13:38 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\dllcache\usbccgp.sys2009-02-16 13:38 . 2004-08-03 23:08 26,496 --a------ c:\windows\system32\dllcache\usbstor.sys2009-02-16 13:38 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys2009-02-16 13:38 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys2009-02-16 13:37 . 2009-02-16 13:46 159,941 --a------ c:\windows\hpoins21.dat2009-02-16 13:37 . 2007-05-15 11:13 8,138 --------- c:\windows\hpomdl21.dat2009-02-16 13:34 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll2009-02-16 13:34 . 2009-02-16 13:34 421 --a------ c:\windows\ODBC.INI2009-02-16 13:33 . 2009-02-16 13:33 <DIR> d-------- c:\program files\Microsoft.NET2009-02-16 13:33 . 2009-02-16 13:33 <DIR> d-------- c:\program files\Microsoft Works2009-02-16 13:32 . 2009-02-16 13:32 <DIR> d-------- c:\windows\SHELLNEW2009-02-16 11:31 . 2009-02-16 11:31 <DIR> d-------- c:\program files\IrfanView2009-02-16 11:25 . 2009-02-16 11:25 <DIR> d-------- C:\Nowy folder2009-02-16 11:13 . 2009-02-16 11:13 <DIR> d--hs---- C:\Recycled2009-02-16 10:31 . 2009-02-16 10:31 <DIR> d-------- c:\windows\nview2009-02-16 10:31 . 2005-06-15 10:20 176,128 --a------ c:\windows\system32\nvudisp.exe2009-02-16 10:31 . 2009-02-16 16:56 26,682 --a------ c:\windows\system32\nvapps.xml2009-02-16 10:31 . 2005-06-15 10:20 14,757 --a------ c:\windows\system32\nvdisp.nvu2009-02-16 10:29 . 2004-05-02 09:47 23,040 -ra------ c:\windows\system32\drivers\GVCplDrv.sys2009-02-16 10:26 . 2005-05-17 10:45 300,032 -ra------ c:\windows\system32\idecoi.dll2009-02-16 10:26 . 2005-05-17 10:45 92,800 -ra------ c:\windows\system32\drivers\nvata.sys2009-02-16 10:25 . 2009-02-16 10:25 <DIR> d-------- c:\program files\Realtek Sound Manager2009-02-16 10:25 . 2009-02-16 10:25 <DIR> d-------- c:\program files\AvRack2009-02-16 10:24 . 2009-02-16 10:24 <DIR> d-------- c:\program files\AMD2009-02-16 10:24 . 2004-12-22 10:06 17,584,128 --a------ c:\windows\system32\ALSNDMGR.CPL2009-02-16 10:24 . 2004-11-05 09:29 208,896 --------- c:\windows\alcupd.exe2009-02-16 10:24 . 2004-09-01 13:04 139,264 --------- c:\windows\alcrmv.exe2009-02-16 10:24 . 2005-03-09 15:53 43,008 --a------ c:\windows\system32\drivers\AmdK8.sys2009-02-16 10:17 . 2009-02-16 10:17 <DIR> d-------- c:\program files\TP-LINK2009-02-16 10:17 . 2005-12-30 08:04 1,396,835 --a------ c:\windows\system32\AegisE5.dll2009-02-16 10:17 . 2005-12-21 10:16 470,048 --a------ c:\windows\system32\drivers\ar5211.sys2009-02-16 10:17 . 2005-12-21 10:16 470,048 --a------ c:\windows\system32\ar5211.sys2009-02-16 10:17 . 2005-12-30 08:15 385,024 --a------ c:\windows\system32\athcfg11.dll2009-02-16 10:17 . 2005-12-30 08:04 315,392 --a------ c:\windows\system32\AegisI5.exe2009-02-16 10:17 . 2006-03-21 09:52 249,856 --a------ c:\windows\system32\wgapi.dll2009-02-16 10:17 . 2005-12-30 08:10 237,568 --a------ c:\windows\system32\wcapi.dll2009-02-16 10:17 . 2005-12-30 08:14 77,824 --a------ c:\windows\system32\athcfg11res.dll2009-02-16 10:17 . 2006-03-29 16:04 42,484 --a------ c:\windows\system32\net5211.inf2009-02-16 10:17 . 2005-12-30 08:15 36,864 --a------ c:\windows\system32\acs.exe2009-02-16 10:17 . 2009-02-16 10:17 21,275 --a------ c:\windows\system32\drivers\AegisP.sys2009-02-16 10:17 . 2005-12-21 10:15 26 --a------ c:\windows\system32\net5211.cat2009-02-16 10:16 . 2009-02-16 10:16 <DIR> d-------- C:\temp2009-02-16 10:14 . 2009-02-16 10:14 <DIR> d-------- c:\program files\Wireless 11Mbps Network2009-02-16 10:14 . 2009-02-16 10:14 <DIR> d--h----- c:\program files\InstallShield Installation Information2009-02-16 10:14 . 2009-02-16 10:14 <DIR> d-------- c:\program files\Common Files\InstallShield2009-02-16 10:14 . 2002-12-04 16:09 81,920 --a------ c:\windows\W32N50.dll2009-02-16 10:14 . 2003-04-08 14:43 40,960 --a------ c:\windows\system32\_IsUser.dll2009-02-16 10:14 . 2002-12-04 16:09 32,768 --a------ c:\windows\PCARmDrv.exe2009-02-16 10:14 . 2002-12-04 16:09 18,189 --a------ c:\windows\PCAMPR5.SYS2009-02-16 10:14 . 2002-12-04 16:09 17,936 --a------ c:\windows\PCAMPR4.SYS2009-02-16 10:14 . 2002-12-04 16:09 17,134 --a------ c:\windows\PCANDIS5.SYS2009-02-16 10:14 . 2002-12-04 16:09 16,848 --a------ c:\windows\PCANDIS4.SYS2009-02-16 10:14 . 2002-12-04 16:09 16,580 --a------ c:\windows\PCAMPR3.VXD2009-02-16 10:14 . 2002-12-04 16:09 16,073 --a------ c:\windows\PCANDIS3.VXD2009-02-16 10:11 . 2009-02-16 10:11 <DIR> d-------- c:\program files\Symantec2009-02-16 10:11 . 2009-02-16 10:11 <DIR> d-------- c:\program files\Norton AntiVirus2009-02-16 10:11 . 2009-02-16 10:11 <DIR> d-------- c:\program files\Common Files\Symantec Shared2009-02-16 10:11 . 2009-02-16 10:11 <DIR> d-------- c:\documents and settings\zxc\Dane aplikacji\Symantec2009-02-16 10:11 . 2009-02-16 10:11 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Symantec2009-02-16 10:11 . 2001-08-15 15:20 120,379 --a------ c:\windows\system32\SYMEVNT.3862009-02-16 10:11 . 2001-08-15 15:20 57,696 --a------ c:\windows\system32\drivers\SYMEVENT.SYS2009-02-16 10:11 . 2001-08-15 15:20 36,864 --a------ c:\windows\system32\S32EVNT1.DLL2009-02-16 10:11 . 2001-08-15 15:20 4,032 --a------ c:\windows\system32\SYMEVNT1.DLL2009-02-16 10:05 . 2009-02-16 09:50 <DIR> d--h----- c:\documents and settings\zxc\Ustawienia lokalne2009-02-16 10:05 . 2009-02-16 10:05 <DIR> dr------- c:\documents and settings\zxc\Ulubione2009-02-16 10:05 . 2009-02-16 09:50 <DIR> d--h----- c:\documents and settings\zxc\Szablony2009-02-16 10:05 . 2009-02-16 09:50 <DIR> d-------- c:\documents and settings\zxc\Pulpit2009-02-16 10:05 . 2009-02-16 10:05 <DIR> dr------- c:\documents and settings\zxc\Moje dokumenty2009-02-16 10:05 . 2009-02-16 09:50 <DIR> dr------- c:\documents and settings\zxc\Menu Start2009-02-16 10:05 . 2009-02-16 09:50 <DIR> dr-h----- c:\documents and settings\zxc\Dane aplikacji2009-02-16 10:05 . 2009-02-16 10:05 <DIR> d-------- c:\documents and settings\zxc2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d---s---- c:\windows\system32\Microsoft2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d--h----- c:\documents and settings\NetworkService\Ustawienia lokalne2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d-------- c:\documents and settings\NetworkService\Dane aplikacji2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d--hs---- c:\documents and settings\NetworkService2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d--h----- c:\documents and settings\LocalService\Ustawienia lokalne2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d--hs---- c:\documents and settings\LocalService2009-02-16 10:04 . 2009-02-16 10:04 8,192 --a------ c:\windows\REGLOCS.OLD2009-02-16 10:03 . 2009-02-16 09:50 <DIR> dr-h----- c:\windows\system32\config\systemprofile\Ustawienia lokalne2009-02-16 10:03 . 2009-02-16 09:50 <DIR> d-------- c:\windows\system32\config\systemprofile\Ulubione2009-02-16 10:03 . 2009-02-16 09:50 <DIR> d--h----- c:\windows\system32\config\systemprofile\Szablony2009-02-16 10:03 . 2009-02-16 09:50 <DIR> d-------- c:\windows\system32\config\systemprofile\Pulpit2009-02-16 10:03 . 2009-02-16 09:50 <DIR> d-------- c:\windows\system32\config\systemprofile\Moje dokumenty2009-02-16 10:03 . 2009-02-16 09:50 <DIR> dr------- c:\windows\system32\config\systemprofile\Menu Start2009-02-16 10:03 . 2009-02-16 09:50 <DIR> dr-h----- c:\windows\system32\config\systemprofile\Dane aplikacji2009-02-16 10:02 . 2001-07-21 23:23 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex2009-02-16 10:01 . 2001-10-26 18:28 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll2009-02-16 10:00 . 2004-08-03 23:44 2,134,528 --a------ c:\windows\system32\dllcache\smtpsnap.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-16 08:59 --------- d-----w c:\program files\microsoft frontpage2009-02-16 08:58 --------- d-----w c:\program files\Usługi online.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PowerPoint]@="{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4}"[HKEY_CLASSES_ROOT\CLSID\{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4}]2001-01-01 15:37 90112 --a------ c:\windows\System32\java52e.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NAV Agent"="c:\progra~1\NORTON~1\navapw32.exe" [2001-08-16 74832]"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]"nwiz"="nwiz.exe" [2005-06-15 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Turbo Torrent\\ttorrent.exe"=[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Zawartość folderu 'Zaplanowane zadania'2009-02-16 c:\windows\Tasks\Symantec NetDetect.job- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 12:23]2009-02-16 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job- c:\progra~1\NORTON~1\NAVW32.exe [2001-08-16 18:15]..------- Skan uzupełniający -------.IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000TCP: {9292F7AB-894C-406E-8D83-50E3848F359B} = 194.204.159.1 194.204.152.34.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-16 16:56:03Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\SYSTEM32\ACS.EXEc:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\NORTON ANTIVIRUS\NAVAPSVC.EXEc:\windows\SYSTEM32\NVSVC32.EXEc:\windows\SYSTEM32\WSCNTFY.EXEc:\program files\NORTON ANTIVIRUS\NAVAPW32.EXEc:\windows\SYSTEM32\RUNDLL32.EXEc:\program files\HP\Digital Imaging\bin\hpqSTE08.exe.**************************************************************************.Czas ukończenia: 2009-02-16 16:58:29 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-02-16 15:58:28Przed: 16 306 176 000 bajtów wolnychPo: 16,597,549,056 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect234
Mateusz J. komentarz 16 lutego 2009 komentarz 16 lutego 2009 Jeszcze takie pytanie gdzie wykrywa tego wirusa? Do usunięcia postał folder: C:\Recycled Poza tym czysto. Usuń folder c:\QooBox. Dodatkowo przeczyć katalogi TEMP programem ATF-cleaner.
pazzo komentarz 16 lutego 2009 Autor komentarz 16 lutego 2009 A jak mam ATF to mam zaznaczyć w nim te pliki z temp? np. windows temp? Bo on jes usunie nie? Aha i teraz mi wyskakuje W32.wullik@mm A i jeszcze: wykrywa mi to na E i D (w głownym folderze. D:/W32... bo C sformatowałem. Więcej partycji nie mam.
Mateusz J. komentarz 16 lutego 2009 komentarz 16 lutego 2009 Ale w jakich plikach? Wklej do notatnika: Folder::C:\RecycledE:\RecycledD:\Recycled W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum. A jak mam ATF to mam zaznaczyć w nim te pliki z temp? np. windows temp? Bo on jes usunie nie?tak...wczystko co ma w sobie slowo temp zaznacz...temporary itp.
pazzo komentarz 17 lutego 2009 Autor komentarz 17 lutego 2009 ComboFix 09-02-15.01 - zxc 2009-02-16 21:00:42.2 - [b]FAT32[/b]x86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.278 [GMT 1:00]Uruchomiony z: C:\ComboFix.exeUżyto następujących komend :: C:\CFScript.txt * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Recycledc:\recycled\desktop.inic:\recycled\INFO2D:\Recycledd:\recycled\desktop.inid:\recycled\INFO2E:\Recyclede:\recycled\desktop.inie:\recycled\INFO2.((((((((((((((((((((((((( Pliki utworzone od 2009-01-16 do 2009-02-16 ))))))))))))))))))))))))))))))).2009-02-16 18:22 . 2009-02-16 18:22 <DIR> d-------- c:\program files\uTorrent2009-02-16 18:22 . 2009-02-16 18:22 <DIR> d-------- c:\documents and settings\zxc\Dane aplikacji\uTorrent2009-02-16 18:20 . 2009-02-16 18:20 50,688 --a------ C:\ATF-Cleaner.exe2009-02-16 16:47 . 2009-02-16 16:47 2,923,783 -ra------ C:\ComboFix.exe2009-02-16 16:14 . 2009-02-16 16:14 <DIR> d-------- c:\program files\Turbo Torrent2009-02-16 16:13 . 2009-02-16 16:13 3,426,711 --a------ C:\turbo-1.1.6.exe2009-02-16 15:42 . 2009-02-16 15:42 <DIR> d-------- c:\program files\Gadu-Gadu2009-02-16 15:42 . 2009-02-16 15:42 <DIR> d-------- c:\documents and settings\zxc\Gadu-Gadu2009-02-16 13:48 . 2009-02-16 13:48 <DIR> d-------- c:\documents and settings\zxc\Dane aplikacji\HP2009-02-16 13:47 . 2009-02-16 13:47 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\WEBREG2009-02-16 13:45 . 2007-03-08 05:20 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys2009-02-16 13:44 . 2009-02-16 13:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard2009-02-16 13:44 . 2007-05-02 11:03 267,864 -ra------ c:\windows\system32\hpzids01.dll2009-02-16 13:44 . 2007-03-15 15:32 118,272 --a------ c:\windows\system32\hpz3l5ha.dll2009-02-16 13:44 . 2007-03-08 05:20 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys2009-02-16 13:44 . 2007-03-08 05:20 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys2009-02-16 13:43 . 2007-05-02 09:56 954,368 -ra------ c:\windows\system32\hpotiop5.dll2009-02-16 13:43 . 2007-05-02 10:01 675,840 -ra------ c:\windows\system32\hpowiax5.dll2009-02-16 13:43 . 2007-03-08 05:20 364,544 -ra------ c:\windows\system32\hppldcoi.dll2009-02-16 13:43 . 2007-03-08 05:20 309,760 -ra------ c:\windows\system32\difxapi.dll2009-02-16 13:43 . 2007-05-02 10:00 303,104 -ra------ c:\windows\system32\hpovst12.dll2009-02-16 13:43 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys2009-02-16 13:43 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys2009-02-16 13:42 . 2009-02-16 13:42 <DIR> d-------- c:\documents and settings\zxc\Dane aplikacji\HPAppData2009-02-16 13:42 . 2009-02-16 13:42 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY2009-02-16 13:41 . 2009-02-16 13:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant2009-02-16 13:41 . 2009-02-16 13:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP2009-02-16 13:40 . 2009-02-16 13:40 <DIR> d-------- c:\program files\Hewlett-Packard2009-02-16 13:40 . 2009-02-16 13:40 <DIR> d-------- c:\program files\Common Files\HP2009-02-16 13:40 . 2009-02-16 13:40 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard2009-02-16 13:39 . 2009-02-16 13:39 <DIR> d-------- c:\windows\system32\DRVSTORE2009-02-16 13:38 . 2009-02-16 13:38 <DIR> d-------- c:\program files\HP2009-02-16 13:38 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys2009-02-16 13:38 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\dllcache\usbccgp.sys2009-02-16 13:38 . 2004-08-03 23:08 26,496 --a------ c:\windows\system32\dllcache\usbstor.sys2009-02-16 13:38 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys2009-02-16 13:38 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys2009-02-16 13:37 . 2009-02-16 13:46 159,941 --a------ c:\windows\hpoins21.dat2009-02-16 13:37 . 2007-05-15 11:13 8,138 --------- c:\windows\hpomdl21.dat2009-02-16 13:34 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll2009-02-16 13:34 . 2009-02-16 13:34 421 --a------ c:\windows\ODBC.INI2009-02-16 13:33 . 2009-02-16 13:33 <DIR> d-------- c:\program files\Microsoft.NET2009-02-16 13:33 . 2009-02-16 13:33 <DIR> d-------- c:\program files\Microsoft Works2009-02-16 13:32 . 2009-02-16 13:32 <DIR> d-------- c:\windows\SHELLNEW2009-02-16 11:31 . 2009-02-16 11:31 <DIR> d-------- c:\program files\IrfanView2009-02-16 11:25 . 2009-02-16 11:25 <DIR> d-------- C:\Nowy folder2009-02-16 10:31 . 2009-02-16 10:31 <DIR> d-------- c:\windows\nview2009-02-16 10:31 . 2005-06-15 10:20 176,128 --a------ c:\windows\system32\nvudisp.exe2009-02-16 10:31 . 2009-02-16 16:56 26,682 --a------ c:\windows\system32\nvapps.xml2009-02-16 10:31 . 2005-06-15 10:20 14,757 --a------ c:\windows\system32\nvdisp.nvu2009-02-16 10:29 . 2004-05-02 09:47 23,040 -ra------ c:\windows\system32\drivers\GVCplDrv.sys2009-02-16 10:26 . 2005-05-17 10:45 300,032 -ra------ c:\windows\system32\idecoi.dll2009-02-16 10:26 . 2005-05-17 10:45 92,800 -ra------ c:\windows\system32\drivers\nvata.sys2009-02-16 10:25 . 2009-02-16 10:25 <DIR> d-------- c:\program files\Realtek Sound Manager2009-02-16 10:25 . 2009-02-16 10:25 <DIR> d-------- c:\program files\AvRack2009-02-16 10:24 . 2009-02-16 10:24 <DIR> d-------- c:\program files\AMD2009-02-16 10:24 . 2004-12-22 10:06 17,584,128 --a------ c:\windows\system32\ALSNDMGR.CPL2009-02-16 10:24 . 2004-11-05 09:29 208,896 --------- c:\windows\alcupd.exe2009-02-16 10:24 . 2004-09-01 13:04 139,264 --------- c:\windows\alcrmv.exe2009-02-16 10:24 . 2005-03-09 15:53 43,008 --a------ c:\windows\system32\drivers\AmdK8.sys2009-02-16 10:17 . 2009-02-16 10:17 <DIR> d-------- c:\program files\TP-LINK2009-02-16 10:17 . 2005-12-30 08:04 1,396,835 --a------ c:\windows\system32\AegisE5.dll2009-02-16 10:17 . 2005-12-21 10:16 470,048 --a------ c:\windows\system32\drivers\ar5211.sys2009-02-16 10:17 . 2005-12-21 10:16 470,048 --a------ c:\windows\system32\ar5211.sys2009-02-16 10:17 . 2005-12-30 08:15 385,024 --a------ c:\windows\system32\athcfg11.dll2009-02-16 10:17 . 2005-12-30 08:04 315,392 --a------ c:\windows\system32\AegisI5.exe2009-02-16 10:17 . 2006-03-21 09:52 249,856 --a------ c:\windows\system32\wgapi.dll2009-02-16 10:17 . 2005-12-30 08:10 237,568 --a------ c:\windows\system32\wcapi.dll2009-02-16 10:17 . 2005-12-30 08:14 77,824 --a------ c:\windows\system32\athcfg11res.dll2009-02-16 10:17 . 2006-03-29 16:04 42,484 --a------ c:\windows\system32\net5211.inf2009-02-16 10:17 . 2005-12-30 08:15 36,864 --a------ c:\windows\system32\acs.exe2009-02-16 10:17 . 2009-02-16 10:17 21,275 --a------ c:\windows\system32\drivers\AegisP.sys2009-02-16 10:17 . 2005-12-21 10:15 26 --a------ c:\windows\system32\net5211.cat2009-02-16 10:16 . 2009-02-16 10:16 <DIR> d-------- C:\temp2009-02-16 10:14 . 2009-02-16 10:14 <DIR> d-------- c:\program files\Wireless 11Mbps Network2009-02-16 10:14 . 2009-02-16 10:14 <DIR> d--h----- c:\program files\InstallShield Installation Information2009-02-16 10:14 . 2009-02-16 10:14 <DIR> d-------- c:\program files\Common Files\InstallShield2009-02-16 10:14 . 2002-12-04 16:09 81,920 --a------ c:\windows\W32N50.dll2009-02-16 10:14 . 2003-04-08 14:43 40,960 --a------ c:\windows\system32\_IsUser.dll2009-02-16 10:14 . 2002-12-04 16:09 32,768 --a------ c:\windows\PCARmDrv.exe2009-02-16 10:14 . 2002-12-04 16:09 18,189 --a------ c:\windows\PCAMPR5.SYS2009-02-16 10:14 . 2002-12-04 16:09 17,936 --a------ c:\windows\PCAMPR4.SYS2009-02-16 10:14 . 2002-12-04 16:09 17,134 --a------ c:\windows\PCANDIS5.SYS2009-02-16 10:14 . 2002-12-04 16:09 16,848 --a------ c:\windows\PCANDIS4.SYS2009-02-16 10:14 . 2002-12-04 16:09 16,580 --a------ c:\windows\PCAMPR3.VXD2009-02-16 10:14 . 2002-12-04 16:09 16,073 --a------ c:\windows\PCANDIS3.VXD2009-02-16 10:11 . 2009-02-16 10:11 <DIR> d-------- c:\program files\Symantec2009-02-16 10:11 . 2009-02-16 10:11 <DIR> d-------- c:\program files\Norton AntiVirus2009-02-16 10:11 . 2009-02-16 10:11 <DIR> d-------- c:\program files\Common Files\Symantec Shared2009-02-16 10:11 . 2009-02-16 10:11 <DIR> d-------- c:\documents and settings\zxc\Dane aplikacji\Symantec2009-02-16 10:11 . 2009-02-16 10:11 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Symantec2009-02-16 10:11 . 2001-08-15 15:20 120,379 --a------ c:\windows\system32\SYMEVNT.3862009-02-16 10:11 . 2001-08-15 15:20 57,696 --a------ c:\windows\system32\drivers\SYMEVENT.SYS2009-02-16 10:11 . 2001-08-15 15:20 36,864 --a------ c:\windows\system32\S32EVNT1.DLL2009-02-16 10:11 . 2001-08-15 15:20 4,032 --a------ c:\windows\system32\SYMEVNT1.DLL2009-02-16 10:05 . 2009-02-16 09:50 <DIR> d--h----- c:\documents and settings\zxc\Ustawienia lokalne2009-02-16 10:05 . 2009-02-16 10:05 <DIR> dr------- c:\documents and settings\zxc\Ulubione2009-02-16 10:05 . 2009-02-16 09:50 <DIR> d--h----- c:\documents and settings\zxc\Szablony2009-02-16 10:05 . 2009-02-16 09:50 <DIR> d-------- c:\documents and settings\zxc\Pulpit2009-02-16 10:05 . 2009-02-16 10:05 <DIR> dr------- c:\documents and settings\zxc\Moje dokumenty2009-02-16 10:05 . 2009-02-16 09:50 <DIR> dr------- c:\documents and settings\zxc\Menu Start2009-02-16 10:05 . 2009-02-16 09:50 <DIR> dr-h----- c:\documents and settings\zxc\Dane aplikacji2009-02-16 10:05 . 2009-02-16 10:05 <DIR> d-------- c:\documents and settings\zxc2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d---s---- c:\windows\system32\Microsoft2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d--h----- c:\documents and settings\NetworkService\Ustawienia lokalne2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d-------- c:\documents and settings\NetworkService\Dane aplikacji2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d--hs---- c:\documents and settings\NetworkService2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d--h----- c:\documents and settings\LocalService\Ustawienia lokalne2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji2009-02-16 10:04 . 2009-02-16 10:04 <DIR> d--hs---- c:\documents and settings\LocalService2009-02-16 10:04 . 2009-02-16 10:04 8,192 --a------ c:\windows\REGLOCS.OLD2009-02-16 10:03 . 2009-02-16 09:50 <DIR> dr-h----- c:\windows\system32\config\systemprofile\Ustawienia lokalne2009-02-16 10:03 . 2009-02-16 09:50 <DIR> d-------- c:\windows\system32\config\systemprofile\Ulubione2009-02-16 10:03 . 2009-02-16 09:50 <DIR> d--h----- c:\windows\system32\config\systemprofile\Szablony2009-02-16 10:03 . 2009-02-16 09:50 <DIR> d-------- c:\windows\system32\config\systemprofile\Pulpit2009-02-16 10:03 . 2009-02-16 09:50 <DIR> d-------- c:\windows\system32\config\systemprofile\Moje dokumenty2009-02-16 10:03 . 2009-02-16 09:50 <DIR> dr------- c:\windows\system32\config\systemprofile\Menu Start2009-02-16 10:03 . 2009-02-16 09:50 <DIR> dr-h----- c:\windows\system32\config\systemprofile\Dane aplikacji2009-02-16 10:02 . 2001-07-21 23:23 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex2009-02-16 10:01 . 2001-10-26 18:28 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll2009-02-16 10:00 . 2004-08-03 23:44 2,134,528 --a------ c:\windows\system32\dllcache\smtpsnap.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-16 08:59 --------- d-----w c:\program files\microsoft frontpage2009-02-16 08:58 --------- d-----w c:\program files\Usługi online.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PowerPoint]@="{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4}"[HKEY_CLASSES_ROOT\CLSID\{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4}]2001-01-01 15:37 90112 --a------ c:\windows\System32\java52e.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NAV Agent"="c:\progra~1\NORTON~1\navapw32.exe" [2001-08-16 74832]"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]"nwiz"="nwiz.exe" [2005-06-15 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Turbo Torrent\\ttorrent.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="d:\\Program Files\\uTorrent\\uTorrent.exe"=[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Zawartość folderu 'Zaplanowane zadania'2009-02-16 c:\windows\Tasks\Symantec NetDetect.job- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 12:23]2009-02-16 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job- c:\progra~1\NORTON~1\NAVW32.exe [2001-08-16 18:15]..------- Skan uzupełniający -------.IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000TCP: {9292F7AB-894C-406E-8D83-50E3848F359B} = 194.204.159.1 194.204.152.34.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-16 21:01:48Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2009-02-16 21:02:29ComboFix2.txt 2009-02-16 15:58:32ComboFix-quarantined-files.txt 2009-02-16 20:02:28Przed: 16 340 451 328 bajtów wolnychPo: 16,561,242,112 bajtów wolnych219
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.