Konioklonio utworzono 16 lutego 2009 utworzono 16 lutego 2009 Prosił bym o "przetrzepanie" loga z Combo Fixa. ComboFix 09-02-15.01 - Kamil 2009-02-16 16:14:15.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2047.1549 [GMT 1:00]Uruchomiony z: c:\documents and settings\Kamil\Pulpit\ComboFix.exeAV: UPC SmartGuard 8.00 *On-access scanning disabled* (Updated)FW: UPC SmartGuard 8.00 *disabled* * Utworzono nowy punkt przywracaniaUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\autorun.infc:\windows\installer.exec:\windows\system32\AutoRun.infD:\Autorun.inf.((((((((((((((((((((((((( Pliki utworzone od 2009-01-16 do 2009-02-16 ))))))))))))))))))))))))))))))).2009-02-16 15:53 . 2009-02-16 15:53 <DIR> d-------- c:\program files\Trend Micro2009-02-15 18:28 . 2009-02-15 18:29 <DIR> d-------- c:\program files\Executive Software2009-02-15 17:33 . 2009-02-15 17:33 <DIR> d-------- c:\program files\Lavasoft2009-02-15 17:33 . 2009-02-15 17:33 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard2009-02-15 17:33 . 2009-02-15 17:37 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Lavasoft2009-02-05 18:34 . 2009-02-05 18:34 <DIR> d-------- c:\program files\Common Files\DirectX2009-02-05 18:27 . 2009-02-05 18:27 <DIR> d-------- c:\program files\EA GAMES2009-01-21 09:55 . 2009-01-21 09:55 <DIR> d-------- c:\documents and settings\Kamil\Dane aplikacji\Sony2009-01-21 09:55 . 2009-01-21 09:55 <DIR> d-------- c:\documents and settings\Kamil\Dane aplikacji\Publish Providers2009-01-20 08:15 . 2009-01-20 08:16 1,901 --a------ c:\windows\panose.bin2009-01-20 08:14 . 2009-01-20 08:14 <DIR> d-------- c:\program files\Common Files\Vbox2009-01-20 08:14 . 2002-05-06 13:44 401,484 --a------ c:\windows\system32\MSVCRTD.DLL2009-01-20 08:14 . 2002-05-06 13:44 210,944 --a------ c:\windows\system32\MSVCRT10.DLL2009-01-20 08:14 . 2002-05-06 13:44 6,144 --a------ c:\windows\system32\W95FIBER.DLL2009-01-20 08:13 . 2002-05-06 13:44 322,832 --a------ c:\windows\system32\MFC30.DLL2009-01-20 08:13 . 2002-05-06 13:44 212,480 --a------ c:\windows\PCDLIB32.DLL2009-01-20 08:13 . 2002-05-06 13:44 133,904 --a------ c:\windows\system32\MFCANS32.DLL2009-01-20 08:13 . 2002-05-06 13:44 133,392 --a------ c:\windows\system32\MFCO30.DLL2009-01-20 08:13 . 2002-05-06 13:44 94,285 --a------ c:\windows\system32\MSVCIRTD.DLL2009-01-20 08:13 . 2002-05-06 13:44 5,632 --a------ c:\windows\system32\MFCUIA32.DLL.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-16 14:16 --------- d-----w c:\program files\UPC SmartGuard2009-02-15 18:53 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-02-15 17:10 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Skype2009-02-15 15:03 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\skypePM2009-02-14 20:13 --------- d-----w c:\program files\CCleaner2009-02-14 00:26 202,352 ----a-w c:\windows\system32\PnkBstrB.exe2009-02-14 00:26 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2009-01-26 18:36 --------- d-----w c:\program files\America's Army Server Manager2009-01-26 11:37 --------- d--h--w c:\program files\InstallShield Installation Information2009-01-22 19:01 33,408 ----a-w c:\windows\system32\drivers\fsbts.sys2009-01-21 09:16 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP2009-01-20 07:18 --------- d-----w c:\program files\Common Files\Adobe2009-01-18 15:51 --------- d-----w c:\program files\DivX2009-01-11 16:44 --------- d-----w c:\program files\Spybot - Search & Destroy2009-01-06 15:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Grisoft2009-01-06 15:21 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Grisoft2009-01-06 15:19 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\ATI2009-01-03 08:07 81,920 ----a-w c:\windows\system32\frapsvid.dll2009-01-01 14:50 --------- d-----w c:\program files\America's Army2009-01-01 13:51 --------- d-----w c:\program files\America's Army Deploy Client2009-01-01 13:51 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\America's Army Deploy Client2008-12-29 20:00 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\ATI2008-12-29 10:27 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI2008-12-29 10:26 --------- d-----w c:\program files\ATI Technologies2008-12-25 07:56 --------- d-----w c:\program files\A4Tech2008-12-18 16:51 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-12-13 10:57 74,703 ----a-w c:\windows\system32\mfc45.dll2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll2008-12-01 13:35 593,920 ------w c:\windows\system32\ati2sgag.exe2008-11-29 17:14 74,752 ----a-w c:\windows\cadkasdeinst01e.exe2008-07-23 08:43 22,328 ----a-w c:\documents and settings\Kamil\Dane aplikacji\PnkBstrK.sys2008-07-07 09:07 952 --sha-w c:\windows\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"F-Secure Manager"="c:\program files\UPC SmartGuard\Common\FSM32.EXE" [2008-09-23 182936]"F-Secure TNB"="c:\program files\UPC SmartGuard\FSGUI\TNBUtil.exe" [2008-09-23 957024]"News Service"="c:\program files\UPC SmartGuard\FSGUI\ispnews.exe" [2005-05-31 356352]"GrooveMonitor"="c:\opt\MsOffice2003\Office12\GrooveMonitor.exe" [2006-10-27 31016]"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-30 185872]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]autocheck OODBS\[u]0[/u]lsdelete[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]--a------ 2007-05-10 15:36 2111176 c:\program files\Gadu-Gadu\gg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]--a------ 2007-03-11 20:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\opt\\MsOffice2003\\Office12\\OUTLOOK.EXE"="c:\\opt\\MsOffice2003\\Office12\\GROOVE.EXE"="c:\\opt\\MsOffice2003\\Office12\\ONENOTE.EXE"="c:\\Program Files\\7-Zip\\7zFM.exe"="c:\\Program Files\\America's Army\\System\\ArmyOps.exe"="c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"="c:\\Program Files\\America's Army\\System\\AALoader.exe"="c:\\Program Files\\America's Army\\System\\AAEditor.exe"="c:\\Program Files\\America's Army Server Manager\\AA Server Manager.exe"="c:\\Program Files\\America's Army Server Manager\\AA Server Remote Control.exe"="c:\\Documents and Settings\\Kamil\\Moje dokumenty\\skype\\phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low Port"9330:TCP"= 9330:TCP:*:Disabled:BitComet 9330 TCP"9330:UDP"= 9330:UDP:*:Disabled:BitComet 9330 UDP"1716:UDP"= 1716:UDP:Game"1717:UDP"= 1717:UDP:GameQuery"1718:TCP"= 1718:TCP:Master Server Query"8777:UDP"= 8777:UDP:Standard UT Query"27900:UDP"= 27900:UDP:GameSpy"28910:TCP"= 28910:TCP:GameSpy"20025:TCP"= 20025:TCP:MBS Game Server"20048:TCP"= 20048:TCP:DCDS"14200:TCP"= 14200:TCP:AA LAN"20026:TCP"= 20026:TCP:MBS Game Server"20027:TCP"= 20027:TCP:MBS Game Server"20028:TCP"= 20028:TCP:MBS Game Server"20029:TCP"= 20029:TCP:MBS Game Server"20030:TCP"= 20030:TCP:MBS Game Server"20031:TCP"= 20031:TCP:MBS Game Server"20032:TCP"= 20032:TCP:MBS Game Server"20033:TCP"= 20033:TCP:MBS Game Server"20034:TCP"= 20034:TCP:MBS Game Server"20035:TCP"= 20035:TCP:MBS Game Server"20036:TCP"= 20036:TCP:MBS Game Server"20037:TCP"= 20037:TCP:MBS Game Server"20038:TCP"= 20038:TCP:MBS Game Server"20039:TCP"= 20039:TCP:MBS Game Server"20040:TCP"= 20040:TCP:MBS Game Server"20041:TCP"= 20041:TCP:MBS Game Server"20042:TCP"= 20042:TCP:MBS Game Server"20043:TCP"= 20043:TCP:MBS Game Server"20044:TCP"= 20044:TCP:MBS Game Server"20045:TCP"= 20045:TCP:MBS Game ServerR0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2008-12-09 33408]R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-02-17 79904]R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-09 28544]R0 REDLIGHT;REDLIGHT;c:\windows\system32\drivers\redlight.sys [2007-08-06 2233728]R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\UPC SmartGuard\HIPS\drivers\fshs.sys [2008-12-09 66720]R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\UPC SmartGuard\Anti-Virus\minifilter\fsgk.sys [2007-02-17 84096]S2 BufferZoneSvc;BufferZone Service;c:\program files\BufferZone\CLNTSVC.EXE --> c:\program files\BufferZone\CLNTSVC.EXE [?]S2 BZDcomLaunch;BufferZone DCOM Helper;c:\program files\BufferZone\BZDCOMLAUNCH.EXE --> c:\program files\BufferZone\BZDCOMLAUNCH.EXE [?]S2 BZRpcSs;BufferZone RPC Helper;c:\program files\BufferZone\BZRPCSS.EXE --> c:\program files\BufferZone\BZRPCSS.EXE [?]S3 ALSysIO;ALSysIO;\??\c:\docume~1\user\USTAWI~1\Temp\ALSysIO.sys --> c:\docume~1\user\USTAWI~1\Temp\ALSysIO.sys [?]S3 FSORSPClient;F-Secure ORSP Client;c:\program files\UPC SmartGuard\ORSP Client\fsorsp.exe [2008-12-09 55904]S3 npkycryp;npkycryp;\??\c:\program files\Lineage II\system\npkycryp.sys --> c:\program files\Lineage II\system\npkycryp.sys [?]S4 F-Secure Filter;F-Secure File System Filter;c:\program files\UPC SmartGuard\Anti-Virus\win2k\fsfilter.sys [2007-02-17 39776]S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\UPC SmartGuard\Anti-Virus\win2k\fsrec.sys [2007-02-17 25184][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae63f6f5-8bec-11dd-8be3-0013d3ec21a2}]\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs.Zawartość folderu 'Zaplanowane zadania'2009-02-16 c:\windows\Tasks\Scheduled scanning task.job- c:\progra~1\UPCSMA~1\ANTI-V~1\fsav.exe [2008-09-23 14:35].- - - - USUNIĘTO PUSTE WPISY - - - -Notify-NavLogon - (no file).------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = hxxp://www.skype.com/go/help.guides.ieaddon?lang=enuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &Winamp Toolbar SearchIE: E&ksport do programu Microsoft Excel - c:\opt\MSOFFI~1\Office12\EXCEL.EXE/3000IE: E&ksportuj do programu Microsoft Excel - c:\opt\MSOFFI~1\Office12\EXCEL.EXE/3000LSP: c:\program files\UPC SmartGuard\FSPS\program\FSLSP.DLLTCP: {A28B905B-6C33-4C03-BF9F-9A343D2AA710} = 10.0.1.64FF - ProfilePath - c:\documents and settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\wltyphwc.default\FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll---- FIREFOX - SPOSÓB POSTĘPOWANIA ----c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);..------- Skojarzenia plików -------.JSEFile=NOTEPAD.EXE %1VBEFile=NOTEPAD.EXE %1VBSFile=NOTEPAD.EXE %1.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-16 16:15:14Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-842925246-1957994488-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:51,e7,c3,c7,00,5e,bb,07,6b,4c,ec,6d,b5,6a,70,b1,ce,0e,54,06,82,1f,1e, ca,92,6f,6a,45,db,24,74,a3,df,99,9a,37,c3,91,24,68,e1,d4,e7,1d,6d,a7,d4,f6,\"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,be,0d,c2,49,81, 35,1f,dc,c8,28,51,af,b0,29,a3,98,4d,71,be,11,f8,99,36,14,e2,63,26,f1,3f,c8,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,07,c6,04,ae,7e, 9b,04,12,71,3b,04,66,8b,46,0d,96,f2,e7,38,b9,94,c8,73,f7,6a,9c,d6,61,af,45,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,bd,58,77,99,bb, ce,18,38,25,da,ec,7e,55,20,c9,26,50,25,12,39,77,bf,a9,32,ff,7c,85,e0,43,d4,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,ea,15,fa,6e,4b, 12,ec,9f,3e,1e,9e,e0,57,5a,93,61,dc,ad,f6,83,6d,38,f9,b2,86,8c,21,01,be,91,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,02,8b,81,1d,f5, 82,6b,32,cd,44,cd,b9,a6,33,6c,cd,57,21,00,ab,e7,6b,30,4a,f5,1d,4d,73,a8,13,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,69,92,8c,6d,d5, c0,22,72,b0,18,ed,a7,3f,8d,37,a4,62,d2,05,5d,98,4a,fa,36,df,20,58,62,78,6b,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d8,e3,23,c4,72, 6e,14,67,31,77,e1,ba,b1,f8,68,02,a5,85,1d,3d,9c,95,4c,29,fb,a7,78,e6,12,2f,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,ef,ea,c6,26,b4, 02,ae,5a,83,6c,56,8b,a0,85,96,ab,5e,a4,ca,10,22,66,a8,f7,01,3a,48,fc,e8,04,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,3c,4d,64,b6,9f, 7f,35,39,51,fa,6e,91,28,9e,14,cc,91,b5,fe,22,8f,36,dd,bc,f6,0f,4e,58,98,5b,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,9a,b8,b8,3b,bc, 2a,71,7c,b1,cd,45,5a,a8,c4,f8,b9,f0,83,36,5e,2a,98,44,8a,3d,ce,ea,26,2d,45,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,76,b6,1f,08,51, 2a,70,36,e3,0e,66,d5,eb,bc,2f,6b,46,cf,6b,51,dd,48,69,71,2a,b7,cc,b5,b9,7f,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b1,fc,6c,05,b1, 21,90,bc,fa,ea,66,7f,d4,3b,6b,70,be,81,2e,98,4a,31,ee,c3,6c,43,2d,1e,aa,22,\[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]"OODEFRAG10.00.00.01WORKSTATION"="63193A90A1B08565B4166F6D9895A0B640B0BDB019B0EB190E350194882D668447EA29EB844FD47525B2F2730C9265F3BC277326E9D9A741195779AAF829CB819E8B37CD32F93B82CB1DBC8B0E96F98FB8D9492BB608DDCD76FEE269841713B6333BC432D2566C14B6479DEB9DC70E16260E9A5072845DF521DF43D8B37D45A4A4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C5D575E7D6A3B9808A6A0AC4980AC7933714D2671FB9F9B1B8B53B215C85CA7420BE310CDD0C594533B6EDA737DC83E73042BABFBB758AD4A1AF503352A38CF6AC7F8C1D68C90B483C42A366587D1E8711A97B5E39A68CB141905C54EA3C00E7265D856EEE69F2DBA855490FD30420A830E25AC9103568669D541DB5F5439BCF4BE8E494BDE93BF5609661D477A37ECE83CDB9986135A500F9D5CC97F211617DBB31CB5B4383D100661CD2FDE2A803FB708362ED531640220420238D4AE053E6427F6DD8A7CA6A8CCA16EC378C8A314D6D5A23B258695D58B1C4BF01C6AE0B6A2820726BBF70BF682E39CF5D9A4D6E1069085B73103C0EB908548E5A5013F687D2FA9174E39D94DD4432389DC4D8902D22535BF49D7F1C6455CFE2956E8E49F2F1F30DDDB1635DEC0E140E2EF98D9B424847C91507AE54E9504E674A456CD0D46C4DF4A1225F5479B64250E161F9D1AB2A51A8F3D260FCDBC626AA29E4527C4A517F053B044A7020D72F737E43FDBBA8A0142C19B5891F44F636BB36576D3BF069212910E1389F18F38D3318698547E8B151BD18AD347D630F3BC4AA96AE9D96FB7624014748E5C75E8C5EFB991F3B66DE2408FBD9DBDEA1A08A73137EA3553418877C13F12DE696036CF10D0536114B5F0406E7C01B78C1C16675269003352300D5A1A9F5756A7495BE74EB04A75AD43C71E83228BA8FB97982BBD2F7C16DC40D20972DCF404887B13F88C55A7BAFC46F5D08A9C10BB5B400E18A80EF046DF4FE5F298AEDD2CE0959EDF51CCE07360C38D446371A4CDB322F846E81EB4DCAD09DD7EFBE34B456A0EC270C4B82F139B13A2568F36A2F0ED9AE0417B0CE3A7F771CF0433DB39FA42AAC8ED36500F435562505A37172969DBD94F0A8097DDAB5960D7D0750CE7AC6A877C15175DC2DE95B23318A3D11932AE68D3123C94C41DCD7F16A5A0FE5B6F4715AD13FE3D4EF74C58EDC945BB9978809D014494EB80E6B34DAEB7B551DB092496B308A4E2FB53CBFB251EAEBA959CCAA8EC7C179A3BA8D19DC730583575762C24E40DE855D8684B1A83B9954C38366D0B328874AEE4B350968EAB536EF76571A81E2B4B2EB46363843631D67CF60C2C1AEF2E7F4F300FBA33313C92D6F7BAEA64415E739A26A513DEEE92706F861FAD80C8A5AEB2957581".--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(496)c:\windows\system32\Ati2evxx.dllc:\program files\UPC SmartGuard\FWES\Program\fsdc32.dll- - - - - - - > 'lsass.exe'(552)c:\program files\UPC SmartGuard\FSPS\program\FSLSP.DLLc:\program files\UPC SmartGuard\FWES\Program\fsdc32.dll- - - - - - - > 'csrss.exe'(464)c:\program files\UPC SmartGuard\FWES\Program\fsdc32.dll.Czas ukończenia: 2009-02-16 16:16:28ComboFix-quarantined-files.txt 2009-02-16 15:16:22Przed: 18 285 182 976 bajtów wolnychPo: 18,284,621,824 bajtów wolnych319 Z góry dziękuję
Mateusz J. komentarz 16 lutego 2009 komentarz 16 lutego 2009 Infekcja z pendrive. Usuń folder c:\QooBox. Do notatnika wklej: Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer.
Konioklonio komentarz 16 lutego 2009 Autor komentarz 16 lutego 2009 Wielkie dzięki za szybka pomoc. +1 Reput
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.