Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ashampoo FireWall\FireWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Documents and Settings\VampirLord\Dane aplikacji\UpdateStar\UpdateStar.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Fraps\fraps.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Windows Internet Explorer dostarczony przez Microsoft i partnerzy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\VampirLord\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [UpdateStar] C:\Documents and Settings\VampirLord\Dane aplikacji\UpdateStar\UpdateStar.exe -A
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
--
End of file - 8129 bytes
Sprawdzenie Loga HJT
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
10 posty(ów)
• Strona 1 z 1
Re: Sprawdzenie Loga HJT
przez mateo8898 » 09 Sie 2009, 22:19
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Kosmetyka. Fix w HijackThis:
Są jakieś problemy???
- Kod: Zaznacz wszystko
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [UpdateStar] C:\Documents and Settings\VampirLord\Dane aplikacji\UpdateStar\UpdateStar.exe -A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
Są jakieś problemy???
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Sprawdzenie Loga HJT
przez VampirLord » 09 Sie 2009, 22:45
UA: 12345
no a jak kurde xD sam widzę syf w logu a ty mi taki Bubel dałeś 
- VampirLord
- Aktywny w piśmie
- Posty: 852
- Dołączenie: 17 Cze 2007, 18:02
- Pochwały: 5
Re: Sprawdzenie Loga HJT
przez mateo8898 » 10 Sie 2009, 10:43
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Sprawdzenie Loga HJT
przez VampirLord » 10 Sie 2009, 21:05
UA: 12345
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
syf na bank
i jeszcze więcej widzę COMBO DAM jutro bo mam inne sprawy teraz
syf na bank
i jeszcze więcej widzę COMBO DAM jutro bo mam inne sprawy teraz
- VampirLord
- Aktywny w piśmie
- Posty: 852
- Dołączenie: 17 Cze 2007, 18:02
- Pochwały: 5
Re: Sprawdzenie Loga HJT
przez mateo8898 » 10 Sie 2009, 21:22
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
No to się mylisz bo akurat ta usługa jest w porządku, instalowana jest z grami online (jest po to, żeby ktoś nie używał "wspomagaczy")
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Sprawdzenie Loga HJT
przez VampirLord » 11 Sie 2009, 15:45
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
2009-08-11 12:42 . 2009-08-11 12:42 10134 ----a-r- c:\documents and settings\VampirLord\Dane aplikacji\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2009-08-11 12:42 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2009-08-11 12:42 . 2009-08-11 12:42 -------- d-----w- c:\program files\Dual-Core Optimizer
2009-08-11 12:32 . 2009-08-11 12:32 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Xfire
2009-08-11 12:32 . 2009-08-11 12:32 -------- d-----w- c:\program files\Xfire
2009-08-11 10:40 . 2009-08-11 10:40 -------- d-----w- c:\program files\Tor
2009-08-10 13:32 . 2009-08-11 13:31 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Tor
2009-08-10 13:32 . 2009-08-10 16:51 -------- d-----w- c:\program files\Vidalia Bundle
2009-08-09 02:41 . 2009-08-09 02:41 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-08-08 21:06 . 2009-08-08 21:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-08 21:06 . 2009-08-08 21:06 -------- d-----w- c:\program files\Adobe Reader
2009-08-07 20:19 . 2009-08-07 20:21 -------- d-----w- c:\program files\PeerGuardian2
2009-08-06 22:56 . 2009-08-06 22:56 -------- d-----w- c:\documents and settings\LocalService\Menu Start
2009-08-05 22:20 . 2009-08-05 22:20 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-05 22:20 . 2009-08-05 22:20 -------- d-----w- c:\program files\MSBuild
2009-08-05 22:20 . 2009-08-05 22:20 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 22:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-05 22:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-05 22:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-05 22:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-05 22:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-05 22:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-05 22:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-04 13:54 . 2009-03-31 09:23 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-08-04 13:54 . 2009-03-31 09:23 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-08-04 13:54 . 2009-03-31 09:23 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-08-04 13:02 . 2009-08-04 13:02 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\PC Tools
2009-08-04 12:56 . 2009-08-04 12:56 -------- d-----w- c:\program files\Defraggler
2009-08-04 12:55 . 2009-08-04 12:59 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Skype
2009-08-04 12:55 . 2009-08-04 12:55 -------- d-----w- c:\program files\Common Files\Skype
2009-08-04 12:55 . 2009-08-04 12:55 -------- d-----r- c:\program files\Skype
2009-08-04 12:50 . 2009-08-04 12:54 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Corel
2009-08-03 15:33 . 2009-08-07 10:41 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\vlc
2009-08-03 12:20 . 2008-04-13 20:05 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2009-08-03 12:20 . 2008-04-13 20:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-07-31 23:09 . 2007-09-18 21:41 258352 ----a-w- c:\windows\system32\unicows.dll
2009-07-31 21:14 . 2009-08-03 14:54 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Canon
2009-07-31 15:46 . 2009-07-31 15:46 83456 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SpeedBit\DAP\SDCondition.dll
2009-07-31 15:42 . 2009-07-31 15:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SpeedBit
2009-07-31 15:42 . 2009-07-31 15:42 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-07-30 20:15 . 2009-08-11 10:16 -------- d-----w- c:\program files\Real Alternative
2009-07-30 20:15 . 2009-07-30 20:15 -------- d-----w- c:\documents and settings\VampirLord\Ustawienia lokalne\Dane aplikacji\Real
2009-07-30 16:01 . 2009-08-03 17:39 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\dvdcss
2009-07-29 15:50 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 15:50 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 16:08 . 2009-07-28 16:08 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\URSE Games
2009-07-28 09:09 . 2009-07-28 09:09 860400 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\en\ustarrs.dll
2009-07-28 09:09 . 2009-07-28 09:09 864496 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\de\ustarrs.dll
2009-07-28 09:09 . 2009-07-28 09:09 4710640 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\UpdateStar.exe
2009-07-28 09:08 . 2009-07-28 09:08 269824 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\UstarRO64.exe
2009-07-28 09:07 . 2009-07-28 09:07 192512 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\UstarRO32.exe
2009-07-28 09:04 . 2009-07-28 09:04 847872 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\zh\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\uk\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\sv\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 868352 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\sk\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\ru\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 876544 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\ro\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 839680 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\pt\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\pl\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 876544 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\nl\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 851968 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\ja\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\it\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\hu\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 839680 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\fr\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 876544 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\Es\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\Cs\ustarrs.dll
2009-07-27 20:29 . 2009-07-28 15:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AlawarWrapper
2009-07-24 01:58 . 2009-07-24 01:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-23 23:12 . 2009-08-11 13:40 -------- d-----w- c:\program files\cFosSpeed
2009-07-23 23:12 . 2009-02-13 09:31 787672 ----a-w- c:\windows\system32\drivers\cfosspeed.sys
2009-07-23 23:12 . 2009-02-13 09:31 290008 ----a-w- c:\windows\system32\cfosspeed.dll
2009-07-12 17:39 . 2009-07-12 17:39 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-12 17:39 . 2009-08-04 12:56 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\skypePM
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 13:36 . 2009-06-10 18:31 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-08-11 13:27 . 2009-08-04 13:02 -------- d-----w- c:\program files\Spyware Doctor
2009-08-11 13:25 . 2009-06-13 14:45 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\uTorrent
2009-08-11 12:25 . 2009-06-10 18:12 -------- d-----w- c:\program files\Fraps
2009-08-10 17:31 . 2009-06-10 18:18 -------- d-----w- c:\program files\McAfee
2009-08-09 18:33 . 2009-07-10 19:23 1 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-05 23:50 . 2008-05-22 23:41 25952 ----a-w- c:\documents and settings\VampirLord\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-08-05 22:27 . 2004-08-04 12:00 83660 ----a-w- c:\windows\system32\perfc015.dat
2009-08-05 22:27 . 2004-08-04 12:00 490284 ----a-w- c:\windows\system32\perfh015.dat
2009-08-05 13:36 . 2009-06-25 22:30 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-04 13:54 . 2009-08-04 13:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-08-04 13:22 . 2009-08-04 13:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira
2009-08-04 13:05 . 2009-08-04 13:02 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-04 13:00 . 2009-06-10 18:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-04 13:00 . 2009-06-10 18:30 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-04 12:55 . 2009-07-02 18:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-08-04 12:53 . 2009-06-10 18:46 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-04 12:52 . 2009-06-10 18:48 88 --sh--r- c:\windows\system32\D5A556C1D2.sys
2009-08-04 12:28 . 2008-05-22 23:36 -------- d-----w- c:\program files\Canon
2009-08-04 12:23 . 2009-06-13 14:45 -------- d-----w- c:\program files\uTorrent
2009-08-03 21:37 . 2009-07-04 10:02 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar
2009-08-03 15:32 . 2009-07-05 22:40 -------- d-----w- c:\program files\VLC Media Player
2009-08-03 12:34 . 2009-06-10 18:13 -------- d-----w- c:\program files\Gadu-Gadu
2009-08-01 19:09 . 2009-06-11 06:42 -------- d-----w- c:\program files\Mu Online
2009-08-01 01:00 . 2009-07-01 18:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 15:46 . 2009-06-10 18:30 -------- d-----w- c:\program files\DAP
2009-07-30 10:09 . 2009-07-04 12:23 -------- d-----w- c:\program files\Requiem Bloodymare
2009-07-30 10:09 . 2009-07-04 16:07 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-07-12 23:03 . 2009-07-10 17:01 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-12 23:03 . 2009-06-27 22:23 -------- d-----w- c:\program files\MatroskaSplitter
2009-07-12 18:35 . 2009-06-10 18:28 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Winamp
2009-07-10 19:23 . 2009-07-10 19:23 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\OpenOffice.org
2009-07-10 17:46 . 2009-07-10 17:46 -------- d-----w- c:\program files\Ashampoo FireWall
2009-07-10 14:42 . 2009-07-09 14:49 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-07-10 14:42 . 2009-07-09 14:49 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-07-10 14:42 . 2009-07-09 14:49 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-07-08 13:12 . 2009-07-08 13:12 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\Xfire
2009-07-07 22:48 . 2009-07-07 22:48 2311 ----a-w- c:\documents and settings\All Users\Dane aplikacji\xml123.tmp
2009-07-07 22:48 . 2009-07-07 22:48 13489 ----a-w- c:\documents and settings\All Users\Dane aplikacji\xml122.tmp
2009-07-07 22:48 . 2009-07-07 22:48 8858 ----a-w- c:\documents and settings\All Users\Dane aplikacji\xml121.tmp
2009-07-07 22:46 . 2009-07-07 22:46 -------- d-----w- c:\program files\SiSoftware Sandra Lite 2009.SP3c
2009-07-07 22:27 . 2009-07-07 22:27 -------- d-----w- c:\documents and settings\NetworkService\Dane aplikacji\Xfire
2009-07-07 16:18 . 2009-07-04 12:30 -------- d-----w- c:\program files\Premium Booster
2009-07-07 16:08 . 2009-07-04 12:28 -------- d-----w- c:\program files\Advanced Registry Doctor
2009-07-06 22:54 . 2009-07-06 22:54 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-06 00:20 . 2009-06-10 18:15 -------- d-----w- c:\program files\SubEdit-Player
2009-07-05 13:54 . 2009-07-04 07:20 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Hide IP NG
2009-07-04 16:07 . 2009-07-04 16:07 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-04 12:25 . 2009-07-04 12:25 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-07-04 12:23 . 2008-05-22 23:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 12:23 . 2008-05-22 23:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-04 07:22 . 2009-07-04 07:22 858682 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\Hide IP NG\hideipng-update.exe
2009-07-03 21:38 . 2009-07-03 21:38 -------- d-----w- c:\program files\Pando Networks
2009-07-03 16:59 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 11:20 . 2009-07-01 23:15 -------- d-----w- c:\program files\WarRock
2009-07-03 09:46 . 2009-06-10 18:20 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\SACore
2009-07-02 01:00 . 2009-07-02 01:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-01 23:15 . 2009-07-01 23:15 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\InstallShield
2009-06-30 14:38 . 2009-06-30 14:38 -------- d-----w- c:\program files\MediaInfo
2009-06-29 13:25 . 2009-06-29 13:25 -------- d-----w- c:\program files\MagicISO
2009-06-25 22:30 . 2009-06-25 22:30 -------- d-----w- c:\program files\Avira
2009-06-25 22:29 . 2009-06-10 18:36 -------- d-----w- c:\program files\Common Files\G DATA
2009-06-17 09:08 . 2009-06-17 08:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 09:08 . 2009-06-17 09:08 -------- d-----w- c:\program files\Java
2009-06-17 09:07 . 2009-06-17 08:53 152576 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-16 14:40 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 15:29 . 2009-06-12 15:29 7424000 ----a-r- c:\documents and settings\VampirLord\Dane aplikacji\Microsoft\Installer\{9E35B051-C7EE-47CB-BA43-9A7FFD4E61DE}\soffice.exe
2009-06-12 15:29 . 2009-06-12 15:29 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-11 12:01 . 2009-06-11 12:01 68424 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-06-10 18:36 . 2009-06-10 18:36 48712 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2009-06-10 18:36 . 2009-06-10 18:36 51016 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2009-06-10 18:23 . 2008-05-22 23:03 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-10 18:09 . 2009-06-10 18:09 0 ----a-w- c:\windows\nsreg.dat
2009-06-03 19:11 . 2004-08-04 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2009-05-26 15:12 . 2009-05-26 15:12 11264 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"UpdateStar"="c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\UpdateStar.exe" [2009-07-28 4710640]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-07-31 2754048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2009-02-13 876760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"amd_dc_opt"="c:\program files\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Ashampoo FireWall"="c:\program files\Ashampoo FireWall\FireWall.exe" [2007-04-05 3251800]
c:\documents and settings\VampirLord\Menu Start\Programy\Autostart\
Tor.lnk - c:\program files\Tor\tor.exe [2009-7-29 5325657]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-08-04 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-08-04 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-08-04 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-08-04 159600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-04 108289]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-06-10 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-08-04 64392]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [2009-07-08 98488]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-08-04 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-08-04 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Zawartość folderu 'Zaplanowane zadania'
2009-08-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-08-11 c:\windows\Tasks\User_Feed_Synchronization-{EA4FE887-983B-459F-820A-5646B1CB20CF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.msn.pl
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htm
LSP: c:\program files\Ashampoo FireWall\spi.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\VampirLord\Dane aplikacji\Mozilla\Firefox\Profiles\h86awzsb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\VampirLord\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\documents and settings\VampirLord\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nppl3260.dll
FF - plugin: c:\documents and settings\VampirLord\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nprpjplug.dll
FF - plugin: c:\program files\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\VLC Media Player\npvlc.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 15:40
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\VAMPIR~1\USTAWI~1\Temp\ASFWHide"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\ginamsi.dll
- - - - - - - > 'lsass.exe'(944)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Ashampoo FireWall\spi.dll
- - - - - - - > 'explorer.exe'(844)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\webcheck.dll
c:\program files\MatroskaSplitter\mmfinfo.dll
c:\program files\MatroskaSplitter\mkunicode.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
.
Czas ukończenia: 2009-08-11 15:42
ComboFix-quarantined-files.txt 2009-08-11 13:42
Przed: 25 901 576 192 bajtów wolnych
Po: 28 507 176 960 bajtów wolnych
344 --- E O F --- 2009-08-06 10:40
2009-08-11 12:42 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2009-08-11 12:42 . 2009-08-11 12:42 -------- d-----w- c:\program files\Dual-Core Optimizer
2009-08-11 12:32 . 2009-08-11 12:32 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Xfire
2009-08-11 12:32 . 2009-08-11 12:32 -------- d-----w- c:\program files\Xfire
2009-08-11 10:40 . 2009-08-11 10:40 -------- d-----w- c:\program files\Tor
2009-08-10 13:32 . 2009-08-11 13:31 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Tor
2009-08-10 13:32 . 2009-08-10 16:51 -------- d-----w- c:\program files\Vidalia Bundle
2009-08-09 02:41 . 2009-08-09 02:41 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-08-08 21:06 . 2009-08-08 21:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-08 21:06 . 2009-08-08 21:06 -------- d-----w- c:\program files\Adobe Reader
2009-08-07 20:19 . 2009-08-07 20:21 -------- d-----w- c:\program files\PeerGuardian2
2009-08-06 22:56 . 2009-08-06 22:56 -------- d-----w- c:\documents and settings\LocalService\Menu Start
2009-08-05 22:20 . 2009-08-05 22:20 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-05 22:20 . 2009-08-05 22:20 -------- d-----w- c:\program files\MSBuild
2009-08-05 22:20 . 2009-08-05 22:20 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 22:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-05 22:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-05 22:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-05 22:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-05 22:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-05 22:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-05 22:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-04 13:54 . 2009-03-31 09:23 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-08-04 13:54 . 2009-03-31 09:23 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-08-04 13:54 . 2009-03-31 09:23 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-08-04 13:02 . 2009-08-04 13:02 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\PC Tools
2009-08-04 12:56 . 2009-08-04 12:56 -------- d-----w- c:\program files\Defraggler
2009-08-04 12:55 . 2009-08-04 12:59 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Skype
2009-08-04 12:55 . 2009-08-04 12:55 -------- d-----w- c:\program files\Common Files\Skype
2009-08-04 12:55 . 2009-08-04 12:55 -------- d-----r- c:\program files\Skype
2009-08-04 12:50 . 2009-08-04 12:54 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Corel
2009-08-03 15:33 . 2009-08-07 10:41 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\vlc
2009-08-03 12:20 . 2008-04-13 20:05 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2009-08-03 12:20 . 2008-04-13 20:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-07-31 23:09 . 2007-09-18 21:41 258352 ----a-w- c:\windows\system32\unicows.dll
2009-07-31 21:14 . 2009-08-03 14:54 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Canon
2009-07-31 15:46 . 2009-07-31 15:46 83456 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SpeedBit\DAP\SDCondition.dll
2009-07-31 15:42 . 2009-07-31 15:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SpeedBit
2009-07-31 15:42 . 2009-07-31 15:42 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-07-30 20:15 . 2009-08-11 10:16 -------- d-----w- c:\program files\Real Alternative
2009-07-30 20:15 . 2009-07-30 20:15 -------- d-----w- c:\documents and settings\VampirLord\Ustawienia lokalne\Dane aplikacji\Real
2009-07-30 16:01 . 2009-08-03 17:39 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\dvdcss
2009-07-29 15:50 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 15:50 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 16:08 . 2009-07-28 16:08 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\URSE Games
2009-07-28 09:09 . 2009-07-28 09:09 860400 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\en\ustarrs.dll
2009-07-28 09:09 . 2009-07-28 09:09 864496 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\de\ustarrs.dll
2009-07-28 09:09 . 2009-07-28 09:09 4710640 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\UpdateStar.exe
2009-07-28 09:08 . 2009-07-28 09:08 269824 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\UstarRO64.exe
2009-07-28 09:07 . 2009-07-28 09:07 192512 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\UstarRO32.exe
2009-07-28 09:04 . 2009-07-28 09:04 847872 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\zh\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\uk\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\sv\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 868352 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\sk\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\ru\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 876544 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\ro\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 839680 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\pt\ustarrs.dll
2009-07-28 09:04 . 2009-07-28 09:04 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\pl\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 876544 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\nl\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 851968 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\ja\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\it\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\hu\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 839680 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\fr\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 876544 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\Es\ustarrs.dll
2009-07-28 09:03 . 2009-07-28 09:03 872448 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\lang\Cs\ustarrs.dll
2009-07-27 20:29 . 2009-07-28 15:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AlawarWrapper
2009-07-24 01:58 . 2009-07-24 01:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-23 23:12 . 2009-08-11 13:40 -------- d-----w- c:\program files\cFosSpeed
2009-07-23 23:12 . 2009-02-13 09:31 787672 ----a-w- c:\windows\system32\drivers\cfosspeed.sys
2009-07-23 23:12 . 2009-02-13 09:31 290008 ----a-w- c:\windows\system32\cfosspeed.dll
2009-07-12 17:39 . 2009-07-12 17:39 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-12 17:39 . 2009-08-04 12:56 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\skypePM
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 13:36 . 2009-06-10 18:31 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-08-11 13:27 . 2009-08-04 13:02 -------- d-----w- c:\program files\Spyware Doctor
2009-08-11 13:25 . 2009-06-13 14:45 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\uTorrent
2009-08-11 12:25 . 2009-06-10 18:12 -------- d-----w- c:\program files\Fraps
2009-08-10 17:31 . 2009-06-10 18:18 -------- d-----w- c:\program files\McAfee
2009-08-09 18:33 . 2009-07-10 19:23 1 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-05 23:50 . 2008-05-22 23:41 25952 ----a-w- c:\documents and settings\VampirLord\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-08-05 22:27 . 2004-08-04 12:00 83660 ----a-w- c:\windows\system32\perfc015.dat
2009-08-05 22:27 . 2004-08-04 12:00 490284 ----a-w- c:\windows\system32\perfh015.dat
2009-08-05 13:36 . 2009-06-25 22:30 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-04 13:54 . 2009-08-04 13:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-08-04 13:22 . 2009-08-04 13:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira
2009-08-04 13:05 . 2009-08-04 13:02 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-04 13:00 . 2009-06-10 18:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-04 13:00 . 2009-06-10 18:30 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-04 12:55 . 2009-07-02 18:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-08-04 12:53 . 2009-06-10 18:46 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-04 12:52 . 2009-06-10 18:48 88 --sh--r- c:\windows\system32\D5A556C1D2.sys
2009-08-04 12:28 . 2008-05-22 23:36 -------- d-----w- c:\program files\Canon
2009-08-04 12:23 . 2009-06-13 14:45 -------- d-----w- c:\program files\uTorrent
2009-08-03 21:37 . 2009-07-04 10:02 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar
2009-08-03 15:32 . 2009-07-05 22:40 -------- d-----w- c:\program files\VLC Media Player
2009-08-03 12:34 . 2009-06-10 18:13 -------- d-----w- c:\program files\Gadu-Gadu
2009-08-01 19:09 . 2009-06-11 06:42 -------- d-----w- c:\program files\Mu Online
2009-08-01 01:00 . 2009-07-01 18:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 15:46 . 2009-06-10 18:30 -------- d-----w- c:\program files\DAP
2009-07-30 10:09 . 2009-07-04 12:23 -------- d-----w- c:\program files\Requiem Bloodymare
2009-07-30 10:09 . 2009-07-04 16:07 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-07-12 23:03 . 2009-07-10 17:01 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-12 23:03 . 2009-06-27 22:23 -------- d-----w- c:\program files\MatroskaSplitter
2009-07-12 18:35 . 2009-06-10 18:28 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Winamp
2009-07-10 19:23 . 2009-07-10 19:23 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\OpenOffice.org
2009-07-10 17:46 . 2009-07-10 17:46 -------- d-----w- c:\program files\Ashampoo FireWall
2009-07-10 14:42 . 2009-07-09 14:49 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-07-10 14:42 . 2009-07-09 14:49 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-07-10 14:42 . 2009-07-09 14:49 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-07-08 13:12 . 2009-07-08 13:12 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\Xfire
2009-07-07 22:48 . 2009-07-07 22:48 2311 ----a-w- c:\documents and settings\All Users\Dane aplikacji\xml123.tmp
2009-07-07 22:48 . 2009-07-07 22:48 13489 ----a-w- c:\documents and settings\All Users\Dane aplikacji\xml122.tmp
2009-07-07 22:48 . 2009-07-07 22:48 8858 ----a-w- c:\documents and settings\All Users\Dane aplikacji\xml121.tmp
2009-07-07 22:46 . 2009-07-07 22:46 -------- d-----w- c:\program files\SiSoftware Sandra Lite 2009.SP3c
2009-07-07 22:27 . 2009-07-07 22:27 -------- d-----w- c:\documents and settings\NetworkService\Dane aplikacji\Xfire
2009-07-07 16:18 . 2009-07-04 12:30 -------- d-----w- c:\program files\Premium Booster
2009-07-07 16:08 . 2009-07-04 12:28 -------- d-----w- c:\program files\Advanced Registry Doctor
2009-07-06 22:54 . 2009-07-06 22:54 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-06 00:20 . 2009-06-10 18:15 -------- d-----w- c:\program files\SubEdit-Player
2009-07-05 13:54 . 2009-07-04 07:20 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\Hide IP NG
2009-07-04 16:07 . 2009-07-04 16:07 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-04 12:25 . 2009-07-04 12:25 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-07-04 12:23 . 2008-05-22 23:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 12:23 . 2008-05-22 23:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-04 07:22 . 2009-07-04 07:22 858682 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\Hide IP NG\hideipng-update.exe
2009-07-03 21:38 . 2009-07-03 21:38 -------- d-----w- c:\program files\Pando Networks
2009-07-03 16:59 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 11:20 . 2009-07-01 23:15 -------- d-----w- c:\program files\WarRock
2009-07-03 09:46 . 2009-06-10 18:20 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\SACore
2009-07-02 01:00 . 2009-07-02 01:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-01 23:15 . 2009-07-01 23:15 -------- d-----w- c:\documents and settings\VampirLord\Dane aplikacji\InstallShield
2009-06-30 14:38 . 2009-06-30 14:38 -------- d-----w- c:\program files\MediaInfo
2009-06-29 13:25 . 2009-06-29 13:25 -------- d-----w- c:\program files\MagicISO
2009-06-25 22:30 . 2009-06-25 22:30 -------- d-----w- c:\program files\Avira
2009-06-25 22:29 . 2009-06-10 18:36 -------- d-----w- c:\program files\Common Files\G DATA
2009-06-17 09:08 . 2009-06-17 08:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 09:08 . 2009-06-17 09:08 -------- d-----w- c:\program files\Java
2009-06-17 09:07 . 2009-06-17 08:53 152576 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-16 14:40 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 15:29 . 2009-06-12 15:29 7424000 ----a-r- c:\documents and settings\VampirLord\Dane aplikacji\Microsoft\Installer\{9E35B051-C7EE-47CB-BA43-9A7FFD4E61DE}\soffice.exe
2009-06-12 15:29 . 2009-06-12 15:29 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-11 12:01 . 2009-06-11 12:01 68424 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-06-10 18:36 . 2009-06-10 18:36 48712 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2009-06-10 18:36 . 2009-06-10 18:36 51016 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2009-06-10 18:23 . 2008-05-22 23:03 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-10 18:09 . 2009-06-10 18:09 0 ----a-w- c:\windows\nsreg.dat
2009-06-03 19:11 . 2004-08-04 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2009-05-26 15:12 . 2009-05-26 15:12 11264 ----a-w- c:\documents and settings\VampirLord\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"UpdateStar"="c:\documents and settings\VampirLord\Dane aplikacji\UpdateStar\UpdateStar.exe" [2009-07-28 4710640]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-07-31 2754048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2009-02-13 876760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"amd_dc_opt"="c:\program files\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Ashampoo FireWall"="c:\program files\Ashampoo FireWall\FireWall.exe" [2007-04-05 3251800]
c:\documents and settings\VampirLord\Menu Start\Programy\Autostart\
Tor.lnk - c:\program files\Tor\tor.exe [2009-7-29 5325657]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-08-04 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-08-04 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-08-04 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-08-04 159600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-04 108289]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-06-10 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-08-04 64392]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [2009-07-08 98488]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-08-04 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-08-04 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Zawartość folderu 'Zaplanowane zadania'
2009-08-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-08-11 c:\windows\Tasks\User_Feed_Synchronization-{EA4FE887-983B-459F-820A-5646B1CB20CF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.msn.pl
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htm
LSP: c:\program files\Ashampoo FireWall\spi.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\VampirLord\Dane aplikacji\Mozilla\Firefox\Profiles\h86awzsb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\VampirLord\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\documents and settings\VampirLord\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nppl3260.dll
FF - plugin: c:\documents and settings\VampirLord\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nprpjplug.dll
FF - plugin: c:\program files\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\VLC Media Player\npvlc.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 15:40
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\VAMPIR~1\USTAWI~1\Temp\ASFWHide"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\ginamsi.dll
- - - - - - - > 'lsass.exe'(944)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Ashampoo FireWall\spi.dll
- - - - - - - > 'explorer.exe'(844)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\webcheck.dll
c:\program files\MatroskaSplitter\mmfinfo.dll
c:\program files\MatroskaSplitter\mkunicode.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
.
Czas ukończenia: 2009-08-11 15:42
ComboFix-quarantined-files.txt 2009-08-11 13:42
Przed: 25 901 576 192 bajtów wolnych
Po: 28 507 176 960 bajtów wolnych
344 --- E O F --- 2009-08-06 10:40
- VampirLord
- Aktywny w piśmie
- Posty: 852
- Dołączenie: 17 Cze 2007, 18:02
- Pochwały: 5
Re: Sprawdzenie Loga HJT
przez mateo8898 » 11 Sie 2009, 20:58
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Praktycznie nic tu nie ma.
Wklej do notatnika:
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie utworzony plik i potwierdź
Pobierz OTC uruchom i wciśnij CleanUp
Przeczyść system oraz rejestr CCleaner
Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja
Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj log
Wklej do notatnika:
- Kod: Zaznacz wszystko
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie utworzony plik i potwierdź
Pobierz OTC uruchom i wciśnij CleanUp
Przeczyść system oraz rejestr CCleaner
Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja
Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj log
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Sprawdzenie Loga HJT
przez [email protected] » 12 Sie 2009, 00:58
UA: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
PROSZE O SPRAWDZENIE LOGA I O INSTRUKCJE CO MAM POZNIEJ ZROBIC.
ComboFix 09-08-10.06 - Mariusz 2009-08-12 0:36.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.1022.462 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Mariusz\Desktop\ComboFixqqqqqq.exe
AV: Norton AntiVirus 2006 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\auq9bor.bat
D:\ljnhwt.bat
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Pliki utworzone od 2009-07-11 do 2009-08-11 )))))))))))))))))))))))))))))))
.
2009-08-11 22:31 . 2009-08-11 22:31 -------- d-s---w- C:\ComboFix
2009-08-11 22:25 . 2009-08-11 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-11 22:25 . 2009-08-11 22:25 -------- d-----w- c:\windows\system32\Kaspersky Lab
2009-08-11 19:18 . 2009-08-11 19:18 -------- d-----w- c:\documents and settings\Mariusz\Gadu-Gadu
2009-08-11 19:18 . 2009-08-11 19:18 -------- d-----w- c:\program files\Gadu-Gadu
2009-08-11 15:31 . 2009-08-11 15:31 -------- d-----w- c:\documents and settings\Mariusz\Application Data\AdobeUM
2009-08-11 15:31 . 2009-08-11 15:31 -------- d-----w- c:\documents and settings\Mariusz\Local Settings\Application Data\Adobe
2009-08-11 14:45 . 2009-08-11 14:45 -------- d-----w- c:\program files\Anti Trojan Elite
2009-08-11 09:56 . 2009-08-11 09:56 -------- d-----w- c:\windows\system32\drivers\NSS
2009-08-11 09:56 . 2009-08-11 09:56 -------- d-----w- c:\program files\Norton Security Scan
2009-08-11 09:55 . 2009-08-11 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-11 09:55 . 2009-08-11 09:55 -------- d-----w- c:\program files\NortonInstaller
2009-08-11 09:55 . 2009-08-11 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-11 09:48 . 2009-08-11 09:48 -------- d-----w- c:\windows\Sun
2009-08-11 09:47 . 2009-08-11 09:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-11 09:47 . 2009-08-11 09:47 -------- d-----w- c:\program files\Java
2009-08-11 09:47 . 2009-08-11 09:47 152576 ----a-w- c:\documents and settings\Mariusz\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-11 08:49 . 2009-08-11 08:49 -------- d-----w- c:\program files\SkanerOnline
2009-08-11 08:47 . 2009-08-11 08:47 -------- d-s---w- c:\documents and settings\Mariusz\UserData
2009-08-11 08:46 . 2009-08-11 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-11 08:39 . 2009-08-11 08:39 -------- d-----w- c:\program files\Yahoo!
2009-08-11 08:39 . 2009-08-11 08:39 -------- d-----w- c:\windows\Acer
2009-08-11 08:36 . 2005-09-26 14:40 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2009-08-11 08:35 . 2006-01-23 10:41 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2009-08-11 08:35 . 2006-01-23 10:41 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2009-08-11 08:35 . 2009-08-11 08:35 -------- d-----w- c:\windows\system32\DRVSTORE
2009-08-11 08:35 . 2009-08-11 08:35 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-11 08:34 . 2009-08-11 08:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-08-11 08:34 . 2009-08-11 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-08-11 08:34 . 2006-04-10 08:09 61440 ----a-w- c:\windows\system32\acerGina.dll
2009-08-11 08:33 . 2009-08-11 08:33 -------- d-----w- c:\program files\Launch Manager
2009-08-11 08:33 . 2004-12-09 10:04 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2009-08-11 08:33 . 2004-12-08 12:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2009-08-11 08:33 . 2009-08-11 08:33 35792 ----a-w- c:\documents and settings\Mariusz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 08:33 . 2006-01-20 13:56 53248 ----a-w- c:\windows\system32\acpimof.dll
2009-08-11 08:33 . 2006-01-20 13:56 225350 ----a-w- c:\windows\system32\Epm-Po.dll
2009-08-11 08:32 . 2009-08-11 08:32 -------- d-----w- c:\documents and settings\Mariusz\Bluetooth Software
2009-08-11 08:28 . 2009-08-11 08:29 -------- d-----w- c:\program files\WIDCOMM
2009-08-11 08:28 . 2009-08-11 08:28 -------- d-----w- c:\documents and settings\Mariusz\Application Data\Symantec
2009-08-11 08:26 . 2006-09-06 06:09 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Acer
2009-08-11 08:22 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-08-11 08:22 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-08-11 08:22 . 2004-08-10 18:00 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-08-11 08:22 . 2004-08-10 18:00 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-08-11 08:22 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-08-11 08:22 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-08-11 08:22 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-08-11 08:22 . 2004-08-03 22:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-11 08:21 . 2009-08-11 08:21 -------- d-----w- c:\windows\nview
2009-08-11 08:21 . 2006-07-20 03:58 208896 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-11 08:19 . 2006-09-28 16:43 261627 ----a-w- c:\windows\EMEAWG.EXE
2009-08-11 08:19 . 2006-09-17 17:38 1154584 ----a-w- c:\windows\YTB.EXE
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 22:40 . 2006-09-06 22:21 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-11 10:57 . 2009-08-11 10:57 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-11 10:57 . 2009-08-11 10:57 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-11 10:57 . 2005-09-17 13:20 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-11 10:57 . 2005-09-17 13:20 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-11 08:38 . 2009-08-11 08:38 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-11 08:38 . 2009-08-11 08:38 -------- d-----w- c:\program files\Common Files\Acer
2009-08-11 08:38 . 2009-08-11 08:38 -------- d-----w- c:\program files\Acer
2009-08-11 08:33 . 2009-08-11 08:27 130 ----a-w- c:\documents and settings\Mariusz\Local Settings\Application Data\fusioncache.dat
2009-08-11 08:28 . 2004-09-27 15:15 1003 ----a-w- c:\windows\CLEANUP.CMD
2009-08-11 08:19 . 2004-09-21 12:28 62 ----a-w- c:\windows\HotFix.bat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 61440]
"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]
"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2009-06-14 4076544]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [2009-08-11 7798]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-11 101936]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-06-19 1097728]
.
Zawartość folderu 'Zaplanowane zadania'
2009-08-11 c:\windows\Tasks\Norton Security Scan for Mariusz.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-08-11 09:56]
2009-08-11 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Mariusz.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-10-21 10:13]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
mStart Page = hxxp://pl.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: com.pl\mks
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 00:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(6276)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton AntiVirus\IWP\NPFMntor.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\docume~1\Mariusz\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
.
**************************************************************************
.
Czas ukończenia: 2009-08-11 0:43 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-08-11 22:43
Przed: 46 106 935 296 bytes free
Po: 46 151 598 080 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
248
Thx z gory....
ComboFix 09-08-10.06 - Mariusz 2009-08-12 0:36.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.1022.462 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Mariusz\Desktop\ComboFixqqqqqq.exe
AV: Norton AntiVirus 2006 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\auq9bor.bat
D:\ljnhwt.bat
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Pliki utworzone od 2009-07-11 do 2009-08-11 )))))))))))))))))))))))))))))))
.
2009-08-11 22:31 . 2009-08-11 22:31 -------- d-s---w- C:\ComboFix
2009-08-11 22:25 . 2009-08-11 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-11 22:25 . 2009-08-11 22:25 -------- d-----w- c:\windows\system32\Kaspersky Lab
2009-08-11 19:18 . 2009-08-11 19:18 -------- d-----w- c:\documents and settings\Mariusz\Gadu-Gadu
2009-08-11 19:18 . 2009-08-11 19:18 -------- d-----w- c:\program files\Gadu-Gadu
2009-08-11 15:31 . 2009-08-11 15:31 -------- d-----w- c:\documents and settings\Mariusz\Application Data\AdobeUM
2009-08-11 15:31 . 2009-08-11 15:31 -------- d-----w- c:\documents and settings\Mariusz\Local Settings\Application Data\Adobe
2009-08-11 14:45 . 2009-08-11 14:45 -------- d-----w- c:\program files\Anti Trojan Elite
2009-08-11 09:56 . 2009-08-11 09:56 -------- d-----w- c:\windows\system32\drivers\NSS
2009-08-11 09:56 . 2009-08-11 09:56 -------- d-----w- c:\program files\Norton Security Scan
2009-08-11 09:55 . 2009-08-11 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-11 09:55 . 2009-08-11 09:55 -------- d-----w- c:\program files\NortonInstaller
2009-08-11 09:55 . 2009-08-11 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-11 09:48 . 2009-08-11 09:48 -------- d-----w- c:\windows\Sun
2009-08-11 09:47 . 2009-08-11 09:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-11 09:47 . 2009-08-11 09:47 -------- d-----w- c:\program files\Java
2009-08-11 09:47 . 2009-08-11 09:47 152576 ----a-w- c:\documents and settings\Mariusz\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-11 08:49 . 2009-08-11 08:49 -------- d-----w- c:\program files\SkanerOnline
2009-08-11 08:47 . 2009-08-11 08:47 -------- d-s---w- c:\documents and settings\Mariusz\UserData
2009-08-11 08:46 . 2009-08-11 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-11 08:39 . 2009-08-11 08:39 -------- d-----w- c:\program files\Yahoo!
2009-08-11 08:39 . 2009-08-11 08:39 -------- d-----w- c:\windows\Acer
2009-08-11 08:36 . 2005-09-26 14:40 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2009-08-11 08:35 . 2006-01-23 10:41 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2009-08-11 08:35 . 2006-01-23 10:41 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2009-08-11 08:35 . 2009-08-11 08:35 -------- d-----w- c:\windows\system32\DRVSTORE
2009-08-11 08:35 . 2009-08-11 08:35 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-11 08:34 . 2009-08-11 08:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-08-11 08:34 . 2009-08-11 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-08-11 08:34 . 2006-04-10 08:09 61440 ----a-w- c:\windows\system32\acerGina.dll
2009-08-11 08:33 . 2009-08-11 08:33 -------- d-----w- c:\program files\Launch Manager
2009-08-11 08:33 . 2004-12-09 10:04 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2009-08-11 08:33 . 2004-12-08 12:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2009-08-11 08:33 . 2009-08-11 08:33 35792 ----a-w- c:\documents and settings\Mariusz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 08:33 . 2006-01-20 13:56 53248 ----a-w- c:\windows\system32\acpimof.dll
2009-08-11 08:33 . 2006-01-20 13:56 225350 ----a-w- c:\windows\system32\Epm-Po.dll
2009-08-11 08:32 . 2009-08-11 08:32 -------- d-----w- c:\documents and settings\Mariusz\Bluetooth Software
2009-08-11 08:28 . 2009-08-11 08:29 -------- d-----w- c:\program files\WIDCOMM
2009-08-11 08:28 . 2009-08-11 08:28 -------- d-----w- c:\documents and settings\Mariusz\Application Data\Symantec
2009-08-11 08:26 . 2006-09-06 06:09 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Acer
2009-08-11 08:22 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-08-11 08:22 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-08-11 08:22 . 2004-08-10 18:00 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-08-11 08:22 . 2004-08-10 18:00 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-08-11 08:22 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-08-11 08:22 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-08-11 08:22 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-08-11 08:22 . 2004-08-03 22:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-11 08:21 . 2009-08-11 08:21 -------- d-----w- c:\windows\nview
2009-08-11 08:21 . 2006-07-20 03:58 208896 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-11 08:19 . 2006-09-28 16:43 261627 ----a-w- c:\windows\EMEAWG.EXE
2009-08-11 08:19 . 2006-09-17 17:38 1154584 ----a-w- c:\windows\YTB.EXE
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 22:40 . 2006-09-06 22:21 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-11 10:57 . 2009-08-11 10:57 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-11 10:57 . 2009-08-11 10:57 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-11 10:57 . 2005-09-17 13:20 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-11 10:57 . 2005-09-17 13:20 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-11 08:38 . 2009-08-11 08:38 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-11 08:38 . 2009-08-11 08:38 -------- d-----w- c:\program files\Common Files\Acer
2009-08-11 08:38 . 2009-08-11 08:38 -------- d-----w- c:\program files\Acer
2009-08-11 08:33 . 2009-08-11 08:27 130 ----a-w- c:\documents and settings\Mariusz\Local Settings\Application Data\fusioncache.dat
2009-08-11 08:28 . 2004-09-27 15:15 1003 ----a-w- c:\windows\CLEANUP.CMD
2009-08-11 08:19 . 2004-09-21 12:28 62 ----a-w- c:\windows\HotFix.bat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 61440]
"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]
"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2009-06-14 4076544]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [2009-08-11 7798]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-11 101936]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-06-19 1097728]
.
Zawartość folderu 'Zaplanowane zadania'
2009-08-11 c:\windows\Tasks\Norton Security Scan for Mariusz.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-08-11 09:56]
2009-08-11 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Mariusz.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-10-21 10:13]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
mStart Page = hxxp://pl.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: com.pl\mks
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 00:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(6276)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton AntiVirus\IWP\NPFMntor.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\docume~1\Mariusz\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
.
**************************************************************************
.
Czas ukończenia: 2009-08-11 0:43 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-08-11 22:43
Przed: 46 106 935 296 bytes free
Po: 46 151 598 080 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
248
Thx z gory....
- [email protected]
- Forumowicz
- Posty: 3
- Dołączenie: 12 Sie 2009, 00:49
Re: Sprawdzenie Loga HJT
przez mateo8898 » 12 Sie 2009, 09:02
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
[email protected] nie podpinaj się tylko załóż swój temat bo bałagan się robi
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
10 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Bing [Bot]