dastin utworzono 27 lutego 2009 utworzono 27 lutego 2009 (edytowane) ComboFix 09-02-26.02 - dastin 2009-02-27 13:12:43.6 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1535.1002 [GMT 1:00]Uruchomiony z: d:\documents and settings\dastin\Pulpit\ComboFix.exeAV: Kaspersky Anti-Virus for Windows Workstations *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania.((((((((((((((((((((((((( Pliki utworzone od 2009-01-27 do 2009-02-27 ))))))))))))))))))))))))))))))).2009-02-25 18:09 . 2009-02-25 18:09 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Reallusion2009-02-25 18:06 . 2009-02-25 18:06 <DIR> d-------- d:\program files\Reallusion2009-02-25 18:06 . 2009-02-25 18:06 <DIR> d-------- d:\program files\Common Files\Reallusion2009-02-25 11:37 . 2009-02-25 11:40 <DIR> d-------- D:\Netgear2009-02-24 14:43 . 2009-02-24 14:43 <DIR> d--h----- d:\windows\PIF2009-02-13 12:21 . 2009-02-13 12:21 <DIR> dr-h----- d:\documents and settings\dastin\Dane aplikacji\SecuROM2009-02-13 12:21 . 2009-02-13 12:21 108,144 --a------ d:\windows\system32\CmdLineExt.dll2009-02-11 19:02 . 2009-02-11 19:02 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Desktopicon2009-02-10 20:42 . 2009-02-10 20:42 21,840 --a------ d:\windows\system32\SIntfNT.dll2009-02-10 20:42 . 2009-02-10 20:42 17,212 --a------ d:\windows\system32\SIntf32.dll2009-02-10 20:42 . 2009-02-10 20:42 12,067 --a------ d:\windows\system32\SIntf16.dll2009-02-10 19:43 . 2009-02-10 20:45 35,673 --a------ d:\windows\DIIUnin.dat2009-02-10 19:42 . 2009-02-10 19:42 106,496 --a------ d:\windows\DIIUnin.exe2009-02-10 19:42 . 2009-02-10 19:42 2,829 --a------ d:\windows\DIIUnin.pif2009-02-09 20:11 . 2009-02-09 20:11 <DIR> d-------- d:\program files\Common Files\Wise Installation Wizard2009-02-09 19:23 . 2009-02-09 19:23 <DIR> d-------- d:\program files\Lavasoft2009-02-09 19:23 . 2009-02-09 19:36 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Lavasoft2009-02-07 13:23 . 2009-02-07 13:23 0 --a------ d:\documents and settings\dastin\jagex_runescape_preferences.dat2009-02-01 19:06 . 2009-02-01 19:06 <DIR> d-------- d:\program files\Common Files\NSV2009-01-27 17:14 . 2009-01-27 17:14 <DIR> d-------- D:\KAV2009-01-27 17:14 . 2009-01-27 17:14 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations2009-01-27 14:54 . 2009-01-27 14:54 <DIR> d-------- d:\documents and settings\dastin\Dane aplikacji\Malwarebytes2009-01-27 14:54 . 2009-01-27 14:54 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Malwarebytes.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-27 11:09 --------- d-----w d:\program files\Mozilla Firefox 3.1 Beta 22009-02-25 17:06 --------- d--h--w d:\program files\InstallShield Installation Information2009-02-17 23:45 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\BESTplayer2009-02-15 23:05 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Skype2009-02-15 23:02 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\skypePM2009-02-10 13:29 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Azureus2009-01-27 16:14 --------- d-----w d:\program files\Kaspersky Lab2009-01-23 22:53 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\Nowe Gadu-Gadu2009-01-20 10:07 --------- d-----w d:\program files\Common Files\InstallShield2009-01-20 10:05 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\UDL2009-01-20 10:04 --------- d-----w d:\program files\epson2009-01-20 10:00 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\EPSON2009-01-19 14:33 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Azureus2009-01-14 16:43 --------- d-----w d:\documents and settings\dastin\Dane aplikacji\AdobeUM2009-01-04 14:04 --------- d-----w d:\program files\Common Files\Adobe2009-01-04 14:02 --------- d-----w d:\program files\Bonjour2009-01-04 13:51 --------- d-----w d:\program files\Common Files\Macrovision Shared2008-12-23 20:55 219,648 ----a-w d:\windows\system32\uxtheme.dll2008-12-16 19:09 118,784 ------r d:\windows\bwUnin-7.2.0.157-8876480SL.exe2008-12-06 11:24 60,416 ----a-w d:\windows\ALCFDRTM.EXE.((((((((((((((((((((((((((((( snapshot@2009-01-31_22.06.51,07 ))))))))))))))))))))))))))))))))))))))))).+ 2009-02-13 11:21:29 45,854 ----a-r d:\windows\Installer\{18D00C9F-B259-4838-871A-C61FCFF34C59}\rugby.exe- 2000-08-31 07:00:00 286,720 ----a-w d:\windows\SWREG.exe+ 2000-08-31 07:00:00 161,792 ----a-w d:\windows\SWREG.exe+ 2008-04-29 10:19:50 12,960 ----a-w d:\windows\system32\drivers\Awrtpd.sys+ 2008-04-29 10:19:54 15,648 ----a-w d:\windows\system32\drivers\Awrtrd.sys+ 2008-04-29 10:20:00 15,648 ----a-w d:\windows\system32\drivers\NSDriver.sys- 2005-01-14 16:14:07 47,616 ----a-w d:\windows\system32\drivers\sfdrv01.sys+ 2005-08-10 12:44:04 50,688 ----a-w d:\windows\system32\drivers\sfdrv01.sys- 2004-10-28 10:47:59 6,656 ----a-w d:\windows\system32\drivers\sfhlp02.sys+ 2005-05-16 13:20:39 6,656 ----a-w d:\windows\system32\drivers\sfhlp02.sys+ 2005-12-12 19:12:01 49,664 ----a-w d:\windows\system32\drivers\sfsync04.sys+ 2008-05-16 10:58:04 12,632 ----a-w d:\windows\system32\lsdelete.exe+ 2009-02-27 10:18:06 16,384 ----atw d:\windows\Temp\Perflib_Perfdata_204.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]"EPSON Stylus DX4400 Series"="d:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-01-25 179200]"Stefan"="f:\program files\INTERIAPL\Stefan\Stefan.exe" [2008-07-17 685568][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UserFaultCheck"="d:\windows\system32\dumprep 0 -u" [X]"KAVWks50"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 98407][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 15:40 155648 d:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-09-12 17:45 36352 d:\program files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]--a------ 2005-07-26 09:16 77824 d:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"kavsvc"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="d:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="d:\\WINDOWS\\system32\\java.exe"="d:\\Program Files\\BearShare\\BearShare.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="d:\\Program Files\\Bonjour\\mDNSResponder.exe"="f:\\Program Files\\Vuze\\Azureus.exe"="d:\\Program Files\\Skype\\Phone\\Skype.exe"="f:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=R1 klmc;Sterownik KLMC;d:\windows\system32\drivers\klmc.sys [2006-07-12 14803]R3 CXTuner;Conexant TVTuner;d:\windows\system32\drivers\CXTuner.sys [2006-05-23 23168]R3 CXVideo;Conexant Capture;d:\windows\system32\drivers\CXVCap.sys [2006-05-22 57216]R3 CXXBar;Conexant Crossbar;d:\windows\system32\drivers\CXXBar.sys [2006-04-25 9600]S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\drivers\WlanBZXP.sys [2008-12-03 450560]S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\d:\windows\system32\ZDCndis5.SYS --> d:\windows\system32\ZDCndis5.SYS [?][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f7-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - G:\setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f9-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - I:\USBNB.exe..------- Skan uzupełniający -------.uStart Page = hxxp://onet.pl/uInternet Settings,ProxyOverride = *.localFF - ProfilePath - d:\documents and settings\dastin\Dane aplikacji\Mozilla\Firefox\Profiles\k8q933k3.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dllFF - plugin: d:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npRLCT4Player.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-27 13:14:04Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1482476501-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DDFAB07-700E-32E4-DC00-A05C26A90585}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).Czas ukończenia: 2009-02-27 13:15:10ComboFix-quarantined-files.txt 2009-02-27 12:15:08ComboFix2.txt 2009-02-08 17:41:17ComboFix3.txt 2009-01-31 21:07:38ComboFix4.txt 2009-01-27 13:49:59Przed: 57,266,614,272 bajtów wolnychPo: 57,479,782,400 bajtów wolnych154TU SĄ LOGI Z 2 KOMPUTERÓW !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!ComboFix 09-02-26.02 - Kasia 2009-02-27 13:16:30.5 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2039.1607 [GMT 1:00]Uruchomiony z: c:\documents and settings\Kasia\Pulpit\ComboFix.exeAV: Kaspersky Anti-Virus for Windows Workstations *On-access scanning enabled* (Updated) * Utworzono nowy punkt przywracania.((((((((((((((((((((((((( Pliki utworzone od 2009-01-27 do 2009-02-27 ))))))))))))))))))))))))))))))).2009-01-27 17:26 . 2009-01-27 17:26 <DIR> d-------- c:\documents and settings\Kasia\Dane aplikacji\Malwarebytes2009-01-27 17:26 . 2009-01-27 17:26 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-01-27 17:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys2009-01-27 17:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-17 01:23 --------- d-----w c:\documents and settings\Kasia\Dane aplikacji\Skype2009-02-17 01:01 --------- d-----w c:\documents and settings\Kasia\Dane aplikacji\BESTplayer2009-02-17 00:35 --------- d-----w c:\documents and settings\Kasia\Dane aplikacji\skypePM2009-01-17 14:20 --------- d-----w c:\documents and settings\Kasia\Dane aplikacji\Mikrotik2009-01-03 14:54 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2009-01-03 14:51 --------- d-----w c:\program files\MSBuild2009-01-03 14:51 --------- d-----w c:\program files\Microsoft Works2009-01-03 14:31 --------- d-----w c:\program files\Common Files\Ahead2009-01-03 14:30 --------- d-----w c:\documents and settings\Kasia\Dane aplikacji\Ahead2009-01-03 14:28 --------- d-----w c:\program files\Nero2009-01-03 14:28 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero2009-01-03 01:08 --------- d--h--w c:\program files\InstallShield Installation Information2009-01-02 13:48 --------- d-----w c:\documents and settings\Kasia\Dane aplikacji\Ubisoft2009-01-02 13:40 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ubisoft2008-12-29 02:12 --------- d-----w c:\program files\TRACERMM SOFT2008-12-22 15:39 98,304 ----a-w c:\windows\system32\CmdLineExt.dll2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll2008-12-16 19:43 118,784 ------r c:\windows\bwUnin-7.2.0.157-8876480SL.exe2008-12-01 16:40 410,976 ----a-w c:\windows\system32\deploytk.dll.((((((((((((((((((((((((((((( snapshot_2009-01-27_19.12.31,06 ))))))))))))))))))))))))))))))))))))))))).+ 2008-06-17 19:04:53 8,490,496 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll+ 2008-07-09 07:57:12 19,320 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll+ 2008-07-09 07:57:13 234,360 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe+ 2008-07-09 07:57:12 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll+ 2008-07-09 07:57:15 763,256 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe+ 2008-07-09 07:57:23 398,200 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll+ 2008-10-16 20:33:23 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll+ 2008-10-16 20:33:23 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll+ 2008-10-16 20:33:24 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll+ 2008-10-16 20:33:24 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll+ 2008-10-16 20:33:24 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll+ 2008-10-16 13:15:01 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe+ 2008-10-16 20:33:24 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll+ 2008-10-16 20:33:24 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll+ 2008-10-16 20:33:24 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll+ 2008-10-16 20:33:25 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll+ 2008-10-16 20:33:27 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll+ 2008-10-16 20:33:27 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll+ 2008-10-16 20:33:28 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe+ 2008-10-16 20:33:29 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll+ 2008-10-16 20:33:29 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll+ 2008-10-16 20:33:29 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll+ 2008-12-13 06:39:17 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll+ 2008-10-16 20:33:33 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll+ 2008-10-16 20:33:33 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll+ 2008-10-16 20:33:33 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll+ 2008-10-16 20:33:33 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll+ 2008-10-16 20:33:33 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll+ 2007-03-06 03:28:40 216,288 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe+ 2007-03-06 03:29:50 386,784 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll+ 2008-10-16 20:33:33 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll+ 2008-10-16 20:33:34 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll+ 2008-10-16 20:33:34 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll+ 2008-10-16 20:33:34 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll- 2008-10-16 20:33:23 124,928 ----a-w c:\windows\system32\advpack.dll+ 2008-12-20 23:03:39 124,928 ----a-w c:\windows\system32\advpack.dll+ 2008-12-20 23:03:39 124,928 -c----w c:\windows\system32\dllcache\advpack.dll+ 2008-12-20 23:03:39 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll+ 2008-12-20 23:03:39 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll+ 2008-12-20 23:03:39 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll+ 2008-12-20 23:03:40 63,488 -c----w c:\windows\system32\dllcache\icardie.dll+ 2008-12-19 09:13:43 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe+ 2008-12-20 23:03:40 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll+ 2008-12-20 23:03:40 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\system32\dllcache\ieapfltr.dat+ 2008-12-20 23:03:41 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll+ 2008-12-20 23:03:41 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll+ 2008-12-20 23:03:44 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll+ 2008-12-20 23:03:45 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll+ 2008-12-20 23:03:45 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe+ 2008-12-20 23:03:47 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll+ 2008-12-20 23:03:47 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll+ 2008-12-20 23:03:47 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll+ 2009-01-16 20:30:38 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll+ 2008-12-20 23:03:51 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll+ 2008-12-20 23:03:51 193,024 -c----w c:\windows\system32\dllcache\msrating.dll+ 2008-12-20 23:03:51 671,232 -c----w c:\windows\system32\dllcache\mstime.dll+ 2008-12-20 23:03:51 102,912 -c----w c:\windows\system32\dllcache\occache.dll+ 2008-12-20 23:03:51 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll+ 2008-06-17 19:03:15 8,489,984 -c----w c:\windows\system32\dllcache\shell32.dll+ 2008-12-20 23:03:51 105,984 -c----w c:\windows\system32\dllcache\url.dll+ 2008-12-20 23:03:52 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll+ 2008-12-20 23:03:52 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll+ 2008-12-20 23:03:53 826,368 -c----w c:\windows\system32\dllcache\wininet.dll+ 2007-02-14 13:21:00 30,285 ----a-w c:\windows\system32\drivers\btwmodem.sys- 2008-10-16 20:33:23 347,136 ------w c:\windows\system32\dxtmsft.dll+ 2008-12-20 23:03:39 347,136 ------w c:\windows\system32\dxtmsft.dll- 2008-10-16 20:33:24 214,528 ------w c:\windows\system32\dxtrans.dll+ 2008-12-20 23:03:39 214,528 ------w c:\windows\system32\dxtrans.dll- 2008-10-16 20:33:24 133,120 ------w c:\windows\system32\extmgr.dll+ 2008-12-20 23:03:39 133,120 ------w c:\windows\system32\extmgr.dll- 2008-10-16 20:33:24 63,488 ----a-w c:\windows\system32\icardie.dll+ 2008-12-20 23:03:40 63,488 ----a-w c:\windows\system32\icardie.dll- 2008-10-16 13:15:01 70,656 ------w c:\windows\system32\ie4uinit.exe+ 2008-12-19 09:13:43 70,656 ------w c:\windows\system32\ie4uinit.exe- 2008-10-16 20:33:24 153,088 ------w c:\windows\system32\ieakeng.dll+ 2008-12-20 23:03:40 153,088 ------w c:\windows\system32\ieakeng.dll- 2008-10-16 20:33:24 230,400 ------w c:\windows\system32\ieaksie.dll+ 2008-12-20 23:03:40 230,400 ------w c:\windows\system32\ieaksie.dll- 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll- 2008-10-16 20:33:24 383,488 ----a-w c:\windows\system32\ieapfltr.dll+ 2008-12-20 23:03:41 383,488 ----a-w c:\windows\system32\ieapfltr.dll- 2008-10-16 20:33:25 384,512 ------w c:\windows\system32\iedkcs32.dll+ 2008-12-20 23:03:41 384,512 ------w c:\windows\system32\iedkcs32.dll- 2008-10-16 20:33:27 6,066,176 ----a-w c:\windows\system32\ieframe.dll+ 2008-12-20 23:03:44 6,066,688 ----a-w c:\windows\system32\ieframe.dll- 2008-10-16 20:33:27 44,544 ------w c:\windows\system32\iernonce.dll+ 2008-12-20 23:03:45 44,544 ------w c:\windows\system32\iernonce.dll- 2008-10-16 20:33:28 267,776 ----a-w c:\windows\system32\iertutil.dll+ 2008-12-20 23:03:45 267,776 ----a-w c:\windows\system32\iertutil.dll- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe- 2008-10-16 20:33:29 27,648 ------w c:\windows\system32\jsproxy.dll+ 2008-12-20 23:03:47 27,648 ------w c:\windows\system32\jsproxy.dll- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe+ 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe- 2008-10-16 20:33:29 459,264 ----a-w c:\windows\system32\msfeeds.dll+ 2008-12-20 23:03:47 459,264 ----a-w c:\windows\system32\msfeeds.dll- 2008-10-16 20:33:29 52,224 ----a-w c:\windows\system32\msfeedsbs.dll+ 2008-12-20 23:03:47 52,224 ----a-w c:\windows\system32\msfeedsbs.dll- 2008-12-13 06:39:17 3,593,216 ----a-w c:\windows\system32\mshtml.dll+ 2009-01-16 20:30:38 3,594,752 ----a-w c:\windows\system32\mshtml.dll- 2008-10-16 20:33:33 477,696 ------w c:\windows\system32\mshtmled.dll+ 2008-12-20 23:03:51 477,696 ------w c:\windows\system32\mshtmled.dll- 2008-10-16 20:33:33 193,024 ------w c:\windows\system32\msrating.dll+ 2008-12-20 23:03:51 193,024 ------w c:\windows\system32\msrating.dll- 2008-10-16 20:33:33 671,232 ------w c:\windows\system32\mstime.dll+ 2008-12-20 23:03:51 671,232 ------w c:\windows\system32\mstime.dll- 2008-10-16 20:33:33 102,912 ------w c:\windows\system32\occache.dll+ 2008-12-20 23:03:51 102,912 ------w c:\windows\system32\occache.dll- 2009-01-21 12:35:54 40,326 ----a-w c:\windows\system32\perfc009.dat+ 2009-02-15 09:08:44 41,170 ----a-w c:\windows\system32\perfc009.dat- 2009-01-21 12:35:54 49,910 ----a-w c:\windows\system32\perfc015.dat+ 2009-02-15 09:08:44 51,166 ----a-w c:\windows\system32\perfc015.dat- 2009-01-21 12:35:54 311,938 ----a-w c:\windows\system32\perfh009.dat+ 2009-02-15 09:08:44 314,842 ----a-w c:\windows\system32\perfh009.dat- 2009-01-21 12:35:54 356,068 ----a-w c:\windows\system32\perfh015.dat+ 2009-02-15 09:08:44 359,416 ----a-w c:\windows\system32\perfh015.dat- 2008-10-16 20:33:33 44,544 ----a-w c:\windows\system32\pngfilt.dll+ 2008-12-20 23:03:51 44,544 ----a-w c:\windows\system32\pngfilt.dll- 2008-04-14 20:50:48 8,489,984 ----a-w c:\windows\system32\shell32.dll+ 2008-06-17 19:03:15 8,489,984 ----a-w c:\windows\system32\shell32.dll- 2007-11-30 12:40:46 19,320 ------w c:\windows\system32\spmsg.dll+ 2008-07-09 07:57:12 19,320 ------w c:\windows\system32\spmsg.dll- 2008-10-16 20:33:33 105,984 ----a-w c:\windows\system32\url.dll+ 2008-12-20 23:03:51 105,984 ----a-w c:\windows\system32\url.dll- 2008-10-16 20:33:34 1,160,192 ----a-w c:\windows\system32\urlmon.dll+ 2008-12-20 23:03:52 1,160,192 ----a-w c:\windows\system32\urlmon.dll- 2008-10-16 20:33:34 233,472 ----a-w c:\windows\system32\webcheck.dll+ 2008-12-20 23:03:52 233,472 ----a-w c:\windows\system32\webcheck.dll+ 2009-02-27 12:13:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1e8.dat.-- Migawka wyzerowana --.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 68856]"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-12-16 36864]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]"KAVWks50"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 98407]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="c:\\WINDOWS\\system32\\java.exe"="c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\WINDOWS\\system32\\mmc.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 klmc;Sterownik KLMC;c:\windows\system32\drivers\klmc.sys [2006-07-12 14803]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-04-14 14336][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09ac86d7-bfc3-11dd-a061-0021006b3287}]\Shell\AutoRun\command - H:\USBNB.exe..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllFF - ProfilePath - c:\documents and settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\nd7anuko.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dllFF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-27 13:17:40Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2009-02-27 13:18:32ComboFix-quarantined-files.txt 2009-02-27 12:18:30ComboFix2.txt 2009-02-09 18:03:03ComboFix3.txt 2009-01-27 18:13:10ComboFix4.txt 2009-01-13 17:36:59ComboFix5.txt 2009-02-27 12:16:04Przed: 103 321 591 808 bajtów wolnychPo: 103,386,255,360 bajtów wolnych261
dastin komentarz 27 lutego 2009 Autor komentarz 27 lutego 2009 wszystko co włączałem to sie wyłączało i pisało że jest jakiś tam błąd dlatego wstawiłem a drugi komputer to jest mamy wiec na wszlki wypadek dałem go ale skoro jest czystko to super
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.