Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.271 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\IRON\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
L:\autorun.inf
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\IRON\Dane aplikacji\Adobe\Player.exe
C:\WINDOWS\lfstbwvd.dll
C:\WINDOWS\olnmraew.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\body.gif
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\capt2.gif
C:\WINDOWS\privacy_danger\images\red.gif
C:\WINDOWS\privacy_danger\images\text.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\qmafxprs.dll
C:\WINDOWS\system32\ewegwopm.dll
C:\WINDOWS\system32\ffxivwit.dll
C:\WINDOWS\system32\hgGabCTJ.dll
C:\WINDOWS\system32\hsgxqwlv.dll
C:\WINDOWS\system32\ieixdvwq.ini
C:\WINDOWS\system32\JTCbaGgh.ini
C:\WINDOWS\system32\JTCbaGgh.ini2
C:\WINDOWS\system32\kdzobc.dll
C:\WINDOWS\system32\knkkeu.dll
C:\WINDOWS\system32\kwelywyi.dll
C:\WINDOWS\system32\mzzlee.dll
C:\WINDOWS\system32\pcjwmu.dll
C:\WINDOWS\system32\prpkrupx.ini
C:\WINDOWS\system32\rs32net.exe
C:\WINDOWS\system32\snbomecf.ini
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\TDSSerrors.log
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\vlwqxgsh.ini
C:\WINDOWS\system32\xdbqmasb.dll
C:\WINDOWS\system32\xpurkprp.dll
C:\WINDOWS\vortsgbqgnf.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_restore
-------\Service_restore
((((((((((((((((((((((((( Pliki utworzone od 2008-09-12 do 2008-10-12 )))))))))))))))))))))))))))))))
.
2008-10-12 16:52 . 2008-10-12 16:52 <DIR> d-------- C:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP
2008-10-12 16:36 . 2008-10-12 16:36 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-12 15:24 . 2008-10-12 15:24 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-10-12 10:18 . 2008-10-12 10:18 35,840 --a------ C:\WINDOWS\system32\ssqOHaBu.dll
2008-10-12 10:18 . 2008-10-12 10:18 35,840 --a------ C:\WINDOWS\system32\mlJDsPJy.dll
2008-10-12 10:18 . 2008-10-12 10:18 35,840 --a------ C:\WINDOWS\system32\geBrqQGA.dll
2008-10-12 10:18 . 2008-10-12 10:18 35,840 --a------ C:\WINDOWS\system32\fcccdDtT.dll
2008-10-12 10:11 . 2008-10-12 15:36 0 --a------ C:\WINDOWS\system32\drivers\38040091.sys
2008-10-12 10:10 . 2008-10-12 10:18 2,933 --a------ C:\Documents and Settings\IRON\iuns.exe
2008-10-09 23:57 . 2008-10-12 17:31 0 --a------ C:\WINDOWS\system32\NvApps.xml
2008-10-08 23:51 . 2008-10-08 23:52 <DIR> d-------- C:\Program Files\RegCleaner
2008-10-08 18:12 . 2008-10-08 18:12 <DIR> d-------- C:\Program Files\Avira
2008-10-08 18:12 . 2008-10-08 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-10-08 14:43 . 2008-10-08 14:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-10-08 14:06 . 2008-10-12 17:04 <DIR> d-------- C:\Program Files\Odkurzacz
2008-10-08 14:05 . 2008-10-12 15:12 <DIR> d-------- C:\Program Files\Unlocker
2008-10-08 14:05 . 2008-10-08 14:05 <DIR> d-------- C:\Documents and Settings\IRON\Dane aplikacji\Desktopicon
2008-10-07 21:48 . 2008-10-12 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-10-07 21:48 . 2008-10-12 17:32 103,394 --a------ C:\WINDOWS\system32\drivers\218bad56.sys
2008-10-07 20:50 . 2008-10-12 17:32 103,394 --a------ C:\WINDOWS\system32\drivers\924d85fd.sys
2008-10-07 18:31 . 2008-10-07 18:31 <DIR> d-------- C:\totalcmd
2008-10-07 18:31 . 2008-10-12 16:52 2,155 --a------ C:\WINDOWS\wincmd.ini
2008-10-07 18:31 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\UC.PIF
2008-10-07 18:31 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\RAR.PIF
2008-10-07 18:31 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-10-07 18:31 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-10-07 18:31 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-10-07 18:31 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\LHA.PIF
2008-10-07 18:31 . 2008-07-29 07:04 545 --a------ C:\WINDOWS\ARJ.PIF
2008-10-07 17:45 . 2008-10-07 17:51 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-10-07 13:58 . 2008-10-07 13:58 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-10-05 18:37 . 2008-10-05 18:38 <DIR> d-------- C:\Program Files\PhotoFiltre
2008-10-05 16:40 . 2008-10-05 17:17 <DIR> d-------- C:\Documents and Settings\IRON\Dane aplikacji\Trash
2008-10-05 14:26 . 2008-10-05 14:28 <DIR> d-------- C:\Documents and Settings\IRON\Dane aplikacji\PowerRangers
2008-10-05 13:24 . 2008-10-05 13:32 38 --a------ C:\WINDOWS\avisplitter.INI
2008-10-05 12:04 . 2008-10-05 12:04 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-05 12:01 . 2008-10-05 12:14 971 --a------ C:\WINDOWS\disney.ini
2008-10-05 12:00 . 2008-10-05 12:06 192 --a------ C:\WINDOWS\disneysy.ini
2008-10-04 15:30 . 2008-10-04 15:30 <DIR> d-------- C:\Program Files\Max Soft
2008-10-04 00:30 . 2008-10-04 00:49 <DIR> d-------- C:\Program Files\AIMP2
2008-10-04 00:30 . 2008-10-04 00:33 <DIR> d-------- C:\Documents and Settings\IRON\Dane aplikacji\AIMP
2008-10-03 16:53 . 2008-10-03 16:53 <DIR> d-------- C:\Documents and Settings\IRON\Dane aplikacji\Gadu-Gadu
2008-10-03 11:51 . 2008-10-09 20:25 <DIR> d-------- C:\Documents and Settings\IRON\Gadu-Gadu
2008-10-02 10:46 . 2008-10-02 10:51 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-10-02 10:38 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-10-02 10:38 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-10-02 10:38 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-10-02 10:38 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-10-02 10:37 . 2008-10-02 10:37 <DIR> d-------- C:\Program Files\HP
2008-10-02 10:37 . 2008-10-02 10:38 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-10-02 10:37 . 2008-10-02 10:39 64,383 --a------ C:\WINDOWS\hpdj3740.his
2008-10-02 10:37 . 2008-10-02 10:39 7,253 --a------ C:\WINDOWS\hpdj3740.ini
2008-10-02 10:37 . 2008-10-02 10:37 2,755 --a------ C:\WINDOWS\hpbvspst.his
2008-10-02 10:37 . 2008-10-02 10:37 554 --a------ C:\WINDOWS\hpbvspst.ini
2008-09-30 13:58 . 2008-09-30 13:58 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-30 11:31 . 2008-09-30 11:31 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-09-30 10:42 . 2008-09-30 10:42 <DIR> d-------- C:\Program Files\MoorHunt
2008-09-30 10:10 . 2008-09-30 10:47 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-09-30 10:04 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-30 10:04 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-30 01:53 . 2008-10-07 17:41 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-09-30 01:53 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-29 22:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-29 22:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-26 13:13 . 2008-09-26 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-09-18 14:21 . 2008-09-18 14:21 <DIR> d-------- C:\Program Files\VLC
2008-09-18 14:21 . 2008-09-18 14:21 <DIR> d-------- C:\Documents and Settings\IRON\Dane aplikacji\vlc
2008-09-18 13:50 . 2008-09-18 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA
2008-09-18 12:27 . 2008-10-02 10:44 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 15:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\G DATA
2008-10-07 19:47 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-10-07 12:20 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-10-07 12:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-05 16:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-30 14:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-09-30 09:47 --------- d-----w C:\Program Files\Opera
2008-09-05 09:26 --------- d-----w C:\Program Files\Lonely Cat Games
2008-09-03 21:20 --------- d-----w C:\Program Files\ivo
2008-09-03 21:16 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-03 21:16 --------- d-----w C:\Documents and Settings\IRON\Dane aplikacji\Media Player Classic
2008-09-03 21:15 --------- d-----w C:\Program Files\DivX
2008-09-03 21:14 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-03 21:11 --------- d-----w C:\Program Files\MarBit
2008-08-31 14:59 --------- d-----w C:\Program Files\VIA
2008-08-31 14:57 --------- d-----w C:\Program Files\Realtek AC97
2008-08-31 14:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-31 14:38 45,768 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-08-31 14:38 --------- d-----w C:\Documents and Settings\IRON\Dane aplikacji\OpenOffice.org2
2008-08-31 14:33 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-31 14:33 --------- d-----w C:\Documents and Settings\IRON\Dane aplikacji\Nero
2008-08-31 14:32 --------- d-----w C:\Program Files\Nero
2008-08-31 14:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-08-31 14:19 --------- d-----w C:\Program Files\OpenOffice.org 2.1
2008-08-31 14:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-31 14:17 --------- d-----w C:\Program Files\MSBuild
2008-08-31 14:17 --------- d-----w C:\Program Files\Microsoft Works
2008-08-31 14:13 307,968 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-31 14:13 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-31 14:13 --------- d-----w C:\Documents and Settings\IRON\Dane aplikacji\TuneUp Software
2008-08-31 14:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
2008-08-31 14:11 --------- d-----w C:\Program Files\TC PowerPack
2008-08-31 14:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 14:07 --------- d-----w C:\Program Files\ffdshow
2008-08-31 14:06 --------- d-----w C:\Program Files\SubEdit-Player
2008-08-31 14:04 --------- d-----w C:\Program Files\Java
2008-08-31 14:04 --------- d-----w C:\Program Files\Common Files\Java
2008-08-31 13:34 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-31 13:33 --------- d-----w C:\Program Files\Usługi online
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-08_13.05.02.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-12 14:52:55 73,728 ----a-w C:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP\WiseCustomCalla.dll
+ 2008-10-12 14:52:55 73,728 ----a-w C:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP\WiseCustomCalla1.dll
+ 2008-10-12 14:52:55 81,920 ----a-w C:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP\WiseCustomCalla2.dll
+ 2008-10-12 14:52:55 73,728 ----a-w C:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP\WiseCustomCalla3.dll
- 2008-08-31 13:37:48 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-12 08:18:51 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-31 13:37:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-10-12 08:18:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20d23232-aed6-490d-a3c2-f08ba539a1fe}]
2008-10-12 10:18 35840 --a------ C:\WINDOWS\system32\ssqOHaBu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{20D23232-AED6-490D-A3C2-F08BA539A1FE}"= "C:\WINDOWS\system32\ssqOHaBu.dll" [2008-10-12 35840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqohabu]
2008-10-12 10:18 35840 C:\WINDOWS\system32\ssqOHaBu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ndsleb.dll pcjwmu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3ktxx.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Opera\\opera.exe"=
"D:\\Quake 4\\Quake4Ded.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-11-20 9216]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2007-11-20 17920]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-10-07 14336]
S0 ati3ktxx;ati3ktxx;C:\WINDOWS\system32\Drivers\ati3ktxx.sys [ ]
S1 38040091;38040091;C:\WINDOWS\system32\drivers\38040091.sys [2008-10-12 0]
S1 ethvxmoe;ethvxmoe;C:\WINDOWS\system32\drivers\ethvxmoe.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-31 307968]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'
2008-10-12 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-27 13:44]
2008-10-08 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe []
.
- - - - USUNIĘTO PUSTE WPISY - - - -
BHO-{02e46301-d5c5-45b3-af3a-1b5c9e633ab2} - C:\WINDOWS\vortsgbqgnf.dll
BHO-{1cf662bf-4afd-4778-8306-1f0eb8284ebb} - C:\WINDOWS\system32\ddcCRICv.dll
BHO-{218e9cf4-ce14-4c69-9ab0-19368d59140d} - C:\WINDOWS\system32\hgGabCTJ.dll
BHO-{5f544380-85c5-4549-95bc-c3efba1c4852} - C:\WINDOWS\system32\knkkeu.dll
Toolbar-{25F4E094-86FF-44FD-B832-8AADF8C63528} - C:\WINDOWS\olnmraew.dll
ShellExecuteHooks-{1CF662BF-4AFD-4778-8306-1F0EB8284EBB} - C:\WINDOWS\system32\ddcCRICv.dll
SSODL-qmafxprs-{84B045AE-0CBF-4D75-8948-11A878DC2DAA} - C:\WINDOWS\qmafxprs.dll
SSODL-lfstbwvd-{5836ECD1-839F-4C5A-AE24-589AAE59E5DC} - C:\WINDOWS\lfstbwvd.dll
Notify-azsgkz - (no file)
Notify-ddcCRICv - ddcCRICv.dll
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\IRON\Dane aplikacji\Mozilla\Firefox\Profiles\emv1aqpy.default\
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\VLC\npvlc.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 17:31:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\controlset005\Services\218bad56]
"ImagePath"="\SystemRoot\System32\drivers\218bad56.sys"
--
[HKEY_LOCAL_MACHINE\System\controlset005\Services\924d85fd]
"ImagePath"="\SystemRoot\System32\drivers\924d85fd.sys"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
PROCES: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\ssqOHaBu.dllPROCES: C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\nview.dll.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-12 17:34:43 - komputer został uruchomiony ponownie [IRON]
ComboFix-quarantined-files.txt 2008-10-12 15:34:35
ComboFix2.txt 2008-10-08 11:05:51
Przed: 12,020,326,400 bajtów wolnych
Po: 11,974,619,136 bajtów wolnych
321 --- E O F --- 2008-09-30 12:01:01
