Data dodania pliku: 2010-02-08 22:14:12.
Pobierz plik
Problem z pobraniem pliku? Kliknij tutaj
PodglÄ…d:
ComboFix 10-02-08.02 - User 2010-02-08 21:29:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.255.36 [GMT 1:00]
Uruchomiony z: c:\documents and settings\User\Moje dokumenty\Downloads\Programs\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\User\Ustawienia lokalne\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\User\Ustawienia lokalne\Temporary Internet Files\ijjistarter2.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\047A6C82.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\INSTALL.LOG
c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\000419CA
c:\program files\myglobalsearch\bar\Cache\0004F715
c:\program files\myglobalsearch\bar\Cache\00054AD6
c:\program files\myglobalsearch\bar\Cache\0007F543
c:\program files\myglobalsearch\bar\Cache\0008EAE4
c:\program files\myglobalsearch\bar\Cache\002EFA5B
c:\program files\myglobalsearch\bar\Cache\007547C2
c:\program files\myglobalsearch\bar\Cache\0097E5E0
c:\program files\myglobalsearch\bar\Cache\00E3A853
c:\program files\myglobalsearch\bar\Cache\00E525ED
c:\program files\myglobalsearch\bar\Cache\00E535E3.bin
c:\program files\myglobalsearch\bar\Cache\00E53BD6.bin
c:\program files\myglobalsearch\bar\Cache\00E53E10.bin
c:\program files\myglobalsearch\bar\Cache\019FD53A
c:\program files\myglobalsearch\bar\Cache\01CE96FA
c:\program files\myglobalsearch\bar\Cache\021810F4
c:\program files\myglobalsearch\bar\Cache\04236318
c:\program files\myglobalsearch\bar\Cache\0448AF8D
c:\program files\myglobalsearch\bar\Cache\05240C8C
c:\program files\myglobalsearch\bar\Cache\071179C5
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0002839E
c:\program files\MyWebSearch\bar\Cache\0013194B.bin
c:\program files\MyWebSearch\bar\Cache\001E3345
c:\program files\MyWebSearch\bar\Cache\007F3CC6.bin
c:\program files\MyWebSearch\bar\Cache\00AF8F88
c:\program files\MyWebSearch\bar\Cache\00E36E28
c:\program files\MyWebSearch\bar\Cache\00F7D111.bin
c:\program files\MyWebSearch\bar\Cache\00F7F72B.bin
c:\program files\MyWebSearch\bar\Cache\00F7F970.bin
c:\program files\MyWebSearch\bar\Cache\00F7FC55.bin
c:\program files\MyWebSearch\bar\Cache\00F7FE85.bin
c:\program files\MyWebSearch\bar\Cache\0155FD5D
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
C:\resycled
c:\resycled\boot.com
c:\windows\system32\cpuinf32.dll
c:\windows\system32\evrprop.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\ff_liba52.dll
c:\windows\system32\ff_libfaad2.dll
c:\windows\system32\ff_wmv9.dll
c:\windows\system32\libmpeg2_ff.dll
c:\windows\system32\mkzlib.dll
c:\windows\system32\mplvpx.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\WMV9VCM.dll
c:\windows\system32\x264vfw.dll
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
F:\Autorun.inf
F:\resycled
f:\resycled\boot.com
c:\windows\system32\midimap.dll . . . jest zainfekowany!!
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Pliki utworzone od 2010-01-08 do 2010-02-08 )))))))))))))))))))))))))))))))
.
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\windows\system32\wbem\snmp
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\windows\system32\oobe
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\windows\srchasst
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\windows\system32\xircom
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\windows\msagent
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\program files\microsoft frontpage
2010-02-03 14:01 . 2004-04-30 20:46 28672 ----a-w- c:\windows\system32\t3odm.dll
2010-01-27 15:03 . 2010-01-19 08:24 1260800 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgfrw.exe
2010-01-27 15:03 . 2010-01-19 08:24 3777280 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\setup.exe
2010-01-26 20:01 . 2010-01-26 20:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Wru
2010-01-26 20:01 . 2004-04-09 15:12 1040384 ----a-w- c:\windows\system32\GnucDNA.dll
2010-01-26 20:01 . 2004-06-22 19:06 1040384 ----a-w- c:\windows\system32\GnucCOM.dll
2010-01-26 20:01 . 2010-01-26 20:01 -------- d-----w- c:\program files\Wru
2010-01-26 16:21 . 2010-01-26 16:21 -------- d-----w- c:\program files\MyPortal
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 20:53 . 2009-06-26 05:26 -------- d-----w- c:\documents and settings\User\Dane aplikacji\DMCache
2010-02-08 19:48 . 2009-05-18 05:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2010-02-06 14:52 . 2009-02-03 18:37 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Hamachi
2010-02-05 10:37 . 2009-02-04 08:20 -------- d-----w- c:\documents and settings\User\Dane aplikacji\skypePM
2010-02-03 14:12 . 2009-08-30 09:08 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2010-01-23 23:21 . 2009-12-30 07:22 -------- d-----w- c:\program files\Naruto M.U.G.E.N
2010-01-23 23:20 . 2009-04-14 16:23 -------- d-----w- c:\program files\RAR Password Cracker
2010-01-22 17:06 . 2009-07-12 20:07 -------- d-----w- c:\program files\Magic Video Converter
2010-01-11 19:41 . 2010-01-09 13:00 -------- d-----w- c:\documents and settings\User\Dane aplikacji\DNA
2010-01-08 21:42 . 2010-01-08 21:42 -------- d-----w- c:\program files\NTSD BETA 2.4
2010-01-05 17:06 . 2009-09-29 05:07 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent
2010-01-03 18:18 . 2010-01-03 18:06 -------- d-----w- c:\documents and settings\User\Dane aplikacji\AgerWebEdytor
2010-01-03 18:07 . 2010-01-03 18:07 -------- d-----w- c:\documents and settings\User\Dane aplikacji\MozillaControl
2010-01-03 18:06 . 2010-01-03 18:06 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.5
2010-01-03 18:05 . 2010-01-03 18:05 -------- d-----w- c:\program files\Ager Web Edytor
2010-01-03 17:47 . 2010-01-03 14:08 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Cream Software
2010-01-03 15:45 . 2010-01-03 15:45 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Nero
2010-01-03 13:54 . 2010-01-03 13:48 -------- d-----w- c:\program files\Nero
2010-01-03 13:48 . 2010-01-03 13:48 -------- d-----w- c:\program files\Common Files\Nero
2010-01-03 13:48 . 2010-01-03 13:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2010-01-03 07:55 . 2008-06-16 01:28 74112 ----a-w- c:\windows\system32\perfc015.dat
2010-01-03 07:55 . 2008-06-16 01:28 448848 ----a-w- c:\windows\system32\perfh015.dat
2010-01-02 18:02 . 2009-04-24 18:28 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu
2009-12-31 16:40 . 2009-09-12 09:07 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-12-30 21:21 . 2009-12-30 21:18 -------- d-----w- c:\program files\Hamachi
2009-12-30 21:19 . 2009-02-03 18:36 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-12-26 19:24 . 2009-12-26 19:09 -------- d-----w- c:\program files\Counter-Strike 1.6
2009-12-25 09:51 . 2009-12-25 09:51 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-12-17 15:54 . 2009-02-04 08:14 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Skype
2009-12-13 11:49 . 2009-11-22 06:34 -------- d-----w- c:\program files\PowerStrip
2009-12-13 10:22 . 2009-09-19 21:00 -------- d-----w- c:\program files\TalismanOnline
2009-12-13 07:12 . 2009-11-12 17:46 -------- d-----w- c:\documents and settings\User\Dane aplikacji\IDM
2009-12-12 16:12 . 2009-12-12 16:12 367680 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\baseq3\cgamex86.dll
2009-12-12 16:11 . 2009-12-12 16:11 179264 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\baseq3\uix86.dll
2009-12-12 16:11 . 2009-12-12 16:11 461888 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\baseq3\qagamex86.dll
2009-12-12 16:11 . 2009-12-12 16:11 887856 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\pb\pbcl.dll
2009-12-12 16:11 . 2009-12-12 16:11 57344 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\pb\pbag.dll
2009-12-12 16:11 . 2009-12-12 16:11 2407488 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\baseq3\quakelive.dll
2009-12-12 15:26 . 2009-12-12 15:26 -------- d-----w- c:\documents and settings\User\Dane aplikacji\id Software
2009-12-12 15:22 . 2009-12-12 15:22 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-12 15:22 . 2009-12-12 15:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-12 15:22 . 2009-12-12 15:22 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-12 15:21 . 2009-12-12 15:21 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\id Software
2009-12-12 14:52 . 2009-11-12 17:45 -------- d-----w- c:\program files\Internet Download Manager
2009-12-11 20:53 . 2009-11-12 17:48 120240 ----a-w- c:\documents and settings\User\Dane aplikacji\IDM\idmmzcc2\components\idmmzcc.dll
2009-11-30 11:19 . 2009-11-30 11:19 625728 ----a-w- c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll
2009-11-30 11:17 . 2009-11-30 11:17 2373712 ----a-w- c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\pbsvc.exe
2009-08-30 08:52 . 2009-08-30 08:51 2319645 ----a-w- c:\program files\m4a120t.exe
1998-04-30 12:56 . 2008-10-19 13:47 129024 ----a-w- c:\program files\UNWISE.EXE
.
------- Sigcheck -------
[-] 2008-06-16 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-16 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-06-16 . 37ED43F3DEC4400586554D61C3129478 . 112128 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[-] 2008-06-16 . 7F059A93D251284A8BC758327ECD3D69 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-07-06 . 37D5DAAEDA594B9BEE00C82F185CC549 . 2197376 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-07-10 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2008-06-27 . 4EC7ED41D95D18B3CD1A2BD9DFEFB591 . 1424896 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-06-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2001-02-20 12:09 . D36A33C21EEED5A6C1DAECB7C80A1909 . 8192 . . [1.00.2409.7 built by: Lab06_N] . . c:\windows\system32\CTFMON.EXE
[-] 2008-07-07 . 0DBF1939DF18AC8F8C1E4BD63D7D4B0F . 2074240 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
c:\windows\System32\wscntfy.exe ... - brak elementu !!
c:\windows\System32\regsvc.dll ... - brak elementu !!
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 15:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-10-28 11539048]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-01-23 2577840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-31 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-16 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-17 07:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2008-12-15 13:06 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:Polish /KBD:2
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^hamachi.lnk]
path=c:\documents and settings\User\Menu Start\Programy\Autostart\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2009-06-04 20:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-03 00:23 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
2006-08-01 16:04 3313664 ----a-w- d:\instalki\bearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2001-12-07 13:24 1216512 ----a-r- c:\windows\Mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2001-02-20 12:09 8192 ----a-w- c:\windows\system32\CTFMON.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- d:\instalki\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-09 11:30 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2009-11-28 13:14 2923192 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2009-11-01 15:18 744992 ----a-w- c:\program files\PowerStrip\PStrip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedX]
2006-06-27 12:11 46718 ----a-w- c:\progra~1\MyPortal\Speed-X\SpeedX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-31 15:46 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wru]
2010-01-17 18:58 2138112 ----a-w- c:\program files\Wru\Wru.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"pr2arjjb"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"iPod Service"=3 (0x3)
"Imapi Helper"=3 (0x3)
"FsUsbExService"=2 (0x2)
"DfSdkS"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Gry\\Q3 arena\\quake3.exe"=
"d:\\Instalki\\bearShare\\BearShare.exe"=
"c:\\Program Files\\ePSXe\\ePSXe.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Gry\\Pazur\\CLAW.EXE"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\FIFA05\\FIFA 2005\\fifa2005.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Polish\\setup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Metin2\\metin2.bin"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ITTerritory\\DragonsPl\\dwarclientpl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Gry\\Finalongju2222a\\mc.exe"=
"f:\\Metin2\\mt2.exe"=
"c:\\Program Files\\Wru\\Wru.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"21082:TCP"= 21082:TCP:BitCometLite 21082 TCP
"21082:UDP"= 21082:UDP:BitCometLite 21082 UDP
"58656:TCP"= 58656:TCP:Pando Media Booster
"58656:UDP"= 58656:UDP:Pando Media Booster
R0 pe3arjjb;Moj wymarzony chlopak Environment Driver (pe3arjjb);c:\windows\system32\drivers\pe3arjjb.sys [2008-04-16 69264]
R0 ps7arjjb;Moj wymarzony chlopak Synchronization Driver (ps7arjjb);c:\windows\system32\drivers\ps7arjjb.sys [2008-04-16 68760]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-09-25 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-17 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-17 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-10-17 285392]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-24 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-10-24 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-10-24 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-10-24 121856]
S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]
S4 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2009-12-05 406016]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - HELPSVC
.
Zawartość folderu 'Zaplanowane zadania'
2010-02-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-16 15:22]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Pobierz z &BitSpirit - d:\instalki\BitSpirit\bsurl.htm
IE: ÅšciÄ…gnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: ÅšciÄ…gnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {6EDE32E2-A2A1-42C6-AF3B-CD807F44DE02} = 192.168.197.1
FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\bdqzbp7y.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - component: c:\documents and settings\User\Dane aplikacji\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-cdoosoft - c:\docume~1\User\USTAWI~1\Temp\herss.exe
MSConfigStartUp-eMuleAutoStart - c:\program files\eMule\emule.exe
MSConfigStartUp-GoD - d:\instalki\GoD\GoD.exe
MSConfigStartUp-hfxp - d:\instalki\Hide Folders XP 2\hfxp.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
AddRemove-Cutthroats - c:\program files\Eidos Interactive\Hothouse Creations\Cutthroats\Uninst.isu
AddRemove-GTA2 - d:\gta2\Uninst.isu
AddRemove-Half-Life - d:\gry\Uninst.isu
AddRemove-{6A1DC8D4-9FA4-43C3-00B3-5993B4BBE7D4} - d:\fifa\FIFA 2003\EAUninstall.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 21:52
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spbi.sys hal.dll >>UNKNOWN [0x813CE938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf9286f28
\Driver\ACPI -> ACPI.sys @ 0xf90d0cb8
\Driver\atapi -> atapi.sys @ 0xf904fb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf8f58bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8f65a21
SendHandler -> NDIS.sys @ 0xf8f4387b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1214440339-484763869-1202660629-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53c35e49-d534-4e7e-b490-bd5be8cc37c6}]
@Denied: (Full) (Everyone)
"Model"=dword:00000140
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):47,21,de,df,c8,78,cf,94,ec,fa,77,81,75,4c,6a,d9,68,15,98,7e,04,
e3,24,63,16,12,c5,0f,35,88,1b,40,01,03,c7,45,52,76,c2,58,00,00,00,00,00,00,\
.
--------------------- Pliki DLL Å‚adowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\sfc_os.dll
c:\program files\Stardock\MyColors\fastload.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1368)
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(2496)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Czas ukończenia: 2010-02-08 22:01:27 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-02-08 21:01
Przed: 1 783 005 184 bajtów wolnych
Po: 1 798 184 960 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3FD7FB1F079842ECB38E0FE74B7FA3BB
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.255.36 [GMT 1:00]
Uruchomiony z: c:\documents and settings\User\Moje dokumenty\Downloads\Programs\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\User\Ustawienia lokalne\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\User\Ustawienia lokalne\Temporary Internet Files\ijjistarter2.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\047A6C82.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\INSTALL.LOG
c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\000419CA
c:\program files\myglobalsearch\bar\Cache\0004F715
c:\program files\myglobalsearch\bar\Cache\00054AD6
c:\program files\myglobalsearch\bar\Cache\0007F543
c:\program files\myglobalsearch\bar\Cache\0008EAE4
c:\program files\myglobalsearch\bar\Cache\002EFA5B
c:\program files\myglobalsearch\bar\Cache\007547C2
c:\program files\myglobalsearch\bar\Cache\0097E5E0
c:\program files\myglobalsearch\bar\Cache\00E3A853
c:\program files\myglobalsearch\bar\Cache\00E525ED
c:\program files\myglobalsearch\bar\Cache\00E535E3.bin
c:\program files\myglobalsearch\bar\Cache\00E53BD6.bin
c:\program files\myglobalsearch\bar\Cache\00E53E10.bin
c:\program files\myglobalsearch\bar\Cache\019FD53A
c:\program files\myglobalsearch\bar\Cache\01CE96FA
c:\program files\myglobalsearch\bar\Cache\021810F4
c:\program files\myglobalsearch\bar\Cache\04236318
c:\program files\myglobalsearch\bar\Cache\0448AF8D
c:\program files\myglobalsearch\bar\Cache\05240C8C
c:\program files\myglobalsearch\bar\Cache\071179C5
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0002839E
c:\program files\MyWebSearch\bar\Cache\0013194B.bin
c:\program files\MyWebSearch\bar\Cache\001E3345
c:\program files\MyWebSearch\bar\Cache\007F3CC6.bin
c:\program files\MyWebSearch\bar\Cache\00AF8F88
c:\program files\MyWebSearch\bar\Cache\00E36E28
c:\program files\MyWebSearch\bar\Cache\00F7D111.bin
c:\program files\MyWebSearch\bar\Cache\00F7F72B.bin
c:\program files\MyWebSearch\bar\Cache\00F7F970.bin
c:\program files\MyWebSearch\bar\Cache\00F7FC55.bin
c:\program files\MyWebSearch\bar\Cache\00F7FE85.bin
c:\program files\MyWebSearch\bar\Cache\0155FD5D
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
C:\resycled
c:\resycled\boot.com
c:\windows\system32\cpuinf32.dll
c:\windows\system32\evrprop.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\ff_liba52.dll
c:\windows\system32\ff_libfaad2.dll
c:\windows\system32\ff_wmv9.dll
c:\windows\system32\libmpeg2_ff.dll
c:\windows\system32\mkzlib.dll
c:\windows\system32\mplvpx.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\WMV9VCM.dll
c:\windows\system32\x264vfw.dll
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
F:\Autorun.inf
F:\resycled
f:\resycled\boot.com
c:\windows\system32\midimap.dll . . . jest zainfekowany!!
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Pliki utworzone od 2010-01-08 do 2010-02-08 )))))))))))))))))))))))))))))))
.
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\windows\system32\wbem\snmp
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\windows\system32\oobe
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\windows\srchasst
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\windows\system32\xircom
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\windows\msagent
2010-02-08 20:51 . 2010-02-08 20:51 -------- d-----w- c:\program files\microsoft frontpage
2010-02-03 14:01 . 2004-04-30 20:46 28672 ----a-w- c:\windows\system32\t3odm.dll
2010-01-27 15:03 . 2010-01-19 08:24 1260800 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\avgfrw.exe
2010-01-27 15:03 . 2010-01-19 08:24 3777280 ----a-w- c:\documents and settings\All Users\Dane aplikacji\avg9\update\backup\setup.exe
2010-01-26 20:01 . 2010-01-26 20:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Wru
2010-01-26 20:01 . 2004-04-09 15:12 1040384 ----a-w- c:\windows\system32\GnucDNA.dll
2010-01-26 20:01 . 2004-06-22 19:06 1040384 ----a-w- c:\windows\system32\GnucCOM.dll
2010-01-26 20:01 . 2010-01-26 20:01 -------- d-----w- c:\program files\Wru
2010-01-26 16:21 . 2010-01-26 16:21 -------- d-----w- c:\program files\MyPortal
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 20:53 . 2009-06-26 05:26 -------- d-----w- c:\documents and settings\User\Dane aplikacji\DMCache
2010-02-08 19:48 . 2009-05-18 05:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2010-02-06 14:52 . 2009-02-03 18:37 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Hamachi
2010-02-05 10:37 . 2009-02-04 08:20 -------- d-----w- c:\documents and settings\User\Dane aplikacji\skypePM
2010-02-03 14:12 . 2009-08-30 09:08 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2010-01-23 23:21 . 2009-12-30 07:22 -------- d-----w- c:\program files\Naruto M.U.G.E.N
2010-01-23 23:20 . 2009-04-14 16:23 -------- d-----w- c:\program files\RAR Password Cracker
2010-01-22 17:06 . 2009-07-12 20:07 -------- d-----w- c:\program files\Magic Video Converter
2010-01-11 19:41 . 2010-01-09 13:00 -------- d-----w- c:\documents and settings\User\Dane aplikacji\DNA
2010-01-08 21:42 . 2010-01-08 21:42 -------- d-----w- c:\program files\NTSD BETA 2.4
2010-01-05 17:06 . 2009-09-29 05:07 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent
2010-01-03 18:18 . 2010-01-03 18:06 -------- d-----w- c:\documents and settings\User\Dane aplikacji\AgerWebEdytor
2010-01-03 18:07 . 2010-01-03 18:07 -------- d-----w- c:\documents and settings\User\Dane aplikacji\MozillaControl
2010-01-03 18:06 . 2010-01-03 18:06 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.5
2010-01-03 18:05 . 2010-01-03 18:05 -------- d-----w- c:\program files\Ager Web Edytor
2010-01-03 17:47 . 2010-01-03 14:08 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Cream Software
2010-01-03 15:45 . 2010-01-03 15:45 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Nero
2010-01-03 13:54 . 2010-01-03 13:48 -------- d-----w- c:\program files\Nero
2010-01-03 13:48 . 2010-01-03 13:48 -------- d-----w- c:\program files\Common Files\Nero
2010-01-03 13:48 . 2010-01-03 13:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2010-01-03 07:55 . 2008-06-16 01:28 74112 ----a-w- c:\windows\system32\perfc015.dat
2010-01-03 07:55 . 2008-06-16 01:28 448848 ----a-w- c:\windows\system32\perfh015.dat
2010-01-02 18:02 . 2009-04-24 18:28 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu
2009-12-31 16:40 . 2009-09-12 09:07 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-12-30 21:21 . 2009-12-30 21:18 -------- d-----w- c:\program files\Hamachi
2009-12-30 21:19 . 2009-02-03 18:36 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-12-26 19:24 . 2009-12-26 19:09 -------- d-----w- c:\program files\Counter-Strike 1.6
2009-12-25 09:51 . 2009-12-25 09:51 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-12-17 15:54 . 2009-02-04 08:14 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Skype
2009-12-13 11:49 . 2009-11-22 06:34 -------- d-----w- c:\program files\PowerStrip
2009-12-13 10:22 . 2009-09-19 21:00 -------- d-----w- c:\program files\TalismanOnline
2009-12-13 07:12 . 2009-11-12 17:46 -------- d-----w- c:\documents and settings\User\Dane aplikacji\IDM
2009-12-12 16:12 . 2009-12-12 16:12 367680 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\baseq3\cgamex86.dll
2009-12-12 16:11 . 2009-12-12 16:11 179264 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\baseq3\uix86.dll
2009-12-12 16:11 . 2009-12-12 16:11 461888 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\baseq3\qagamex86.dll
2009-12-12 16:11 . 2009-12-12 16:11 887856 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\pb\pbcl.dll
2009-12-12 16:11 . 2009-12-12 16:11 57344 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\pb\pbag.dll
2009-12-12 16:11 . 2009-12-12 16:11 2407488 ----a-w- c:\documents and settings\User\Dane aplikacji\id Software\quakelive\home\baseq3\quakelive.dll
2009-12-12 15:26 . 2009-12-12 15:26 -------- d-----w- c:\documents and settings\User\Dane aplikacji\id Software
2009-12-12 15:22 . 2009-12-12 15:22 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-12 15:22 . 2009-12-12 15:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-12 15:22 . 2009-12-12 15:22 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-12 15:21 . 2009-12-12 15:21 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\id Software
2009-12-12 14:52 . 2009-11-12 17:45 -------- d-----w- c:\program files\Internet Download Manager
2009-12-11 20:53 . 2009-11-12 17:48 120240 ----a-w- c:\documents and settings\User\Dane aplikacji\IDM\idmmzcc2\components\idmmzcc.dll
2009-11-30 11:19 . 2009-11-30 11:19 625728 ----a-w- c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll
2009-11-30 11:17 . 2009-11-30 11:17 2373712 ----a-w- c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\pbsvc.exe
2009-08-30 08:52 . 2009-08-30 08:51 2319645 ----a-w- c:\program files\m4a120t.exe
1998-04-30 12:56 . 2008-10-19 13:47 129024 ----a-w- c:\program files\UNWISE.EXE
.
------- Sigcheck -------
[-] 2008-06-16 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-16 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-06-16 . 37ED43F3DEC4400586554D61C3129478 . 112128 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[-] 2008-06-16 . 7F059A93D251284A8BC758327ECD3D69 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-07-06 . 37D5DAAEDA594B9BEE00C82F185CC549 . 2197376 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-07-10 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2008-06-27 . 4EC7ED41D95D18B3CD1A2BD9DFEFB591 . 1424896 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-06-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2001-02-20 12:09 . D36A33C21EEED5A6C1DAECB7C80A1909 . 8192 . . [1.00.2409.7 built by: Lab06_N] . . c:\windows\system32\CTFMON.EXE
[-] 2008-07-07 . 0DBF1939DF18AC8F8C1E4BD63D7D4B0F . 2074240 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
c:\windows\System32\wscntfy.exe ... - brak elementu !!
c:\windows\System32\regsvc.dll ... - brak elementu !!
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 15:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-10-28 11539048]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-01-23 2577840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-31 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-16 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-17 07:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2008-12-15 13:06 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:Polish /KBD:2
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^hamachi.lnk]
path=c:\documents and settings\User\Menu Start\Programy\Autostart\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2009-06-04 20:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-03 00:23 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
2006-08-01 16:04 3313664 ----a-w- d:\instalki\bearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2001-12-07 13:24 1216512 ----a-r- c:\windows\Mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2001-02-20 12:09 8192 ----a-w- c:\windows\system32\CTFMON.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- d:\instalki\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-09 11:30 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2009-11-28 13:14 2923192 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2009-11-01 15:18 744992 ----a-w- c:\program files\PowerStrip\PStrip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedX]
2006-06-27 12:11 46718 ----a-w- c:\progra~1\MyPortal\Speed-X\SpeedX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-31 15:46 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wru]
2010-01-17 18:58 2138112 ----a-w- c:\program files\Wru\Wru.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"pr2arjjb"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"iPod Service"=3 (0x3)
"Imapi Helper"=3 (0x3)
"FsUsbExService"=2 (0x2)
"DfSdkS"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Gry\\Q3 arena\\quake3.exe"=
"d:\\Instalki\\bearShare\\BearShare.exe"=
"c:\\Program Files\\ePSXe\\ePSXe.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Gry\\Pazur\\CLAW.EXE"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\FIFA05\\FIFA 2005\\fifa2005.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Polish\\setup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Metin2\\metin2.bin"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ITTerritory\\DragonsPl\\dwarclientpl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Gry\\Finalongju2222a\\mc.exe"=
"f:\\Metin2\\mt2.exe"=
"c:\\Program Files\\Wru\\Wru.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"21082:TCP"= 21082:TCP:BitCometLite 21082 TCP
"21082:UDP"= 21082:UDP:BitCometLite 21082 UDP
"58656:TCP"= 58656:TCP:Pando Media Booster
"58656:UDP"= 58656:UDP:Pando Media Booster
R0 pe3arjjb;Moj wymarzony chlopak Environment Driver (pe3arjjb);c:\windows\system32\drivers\pe3arjjb.sys [2008-04-16 69264]
R0 ps7arjjb;Moj wymarzony chlopak Synchronization Driver (ps7arjjb);c:\windows\system32\drivers\ps7arjjb.sys [2008-04-16 68760]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-09-25 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-17 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-17 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-10-17 285392]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-24 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-10-24 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-10-24 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-10-24 121856]
S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]
S4 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2009-12-05 406016]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - HELPSVC
.
Zawartość folderu 'Zaplanowane zadania'
2010-02-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-16 15:22]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Pobierz z &BitSpirit - d:\instalki\BitSpirit\bsurl.htm
IE: ÅšciÄ…gnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: ÅšciÄ…gnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {6EDE32E2-A2A1-42C6-AF3B-CD807F44DE02} = 192.168.197.1
FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\bdqzbp7y.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - component: c:\documents and settings\User\Dane aplikacji\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-cdoosoft - c:\docume~1\User\USTAWI~1\Temp\herss.exe
MSConfigStartUp-eMuleAutoStart - c:\program files\eMule\emule.exe
MSConfigStartUp-GoD - d:\instalki\GoD\GoD.exe
MSConfigStartUp-hfxp - d:\instalki\Hide Folders XP 2\hfxp.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
AddRemove-Cutthroats - c:\program files\Eidos Interactive\Hothouse Creations\Cutthroats\Uninst.isu
AddRemove-GTA2 - d:\gta2\Uninst.isu
AddRemove-Half-Life - d:\gry\Uninst.isu
AddRemove-{6A1DC8D4-9FA4-43C3-00B3-5993B4BBE7D4} - d:\fifa\FIFA 2003\EAUninstall.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 21:52
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spbi.sys hal.dll >>UNKNOWN [0x813CE938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf9286f28
\Driver\ACPI -> ACPI.sys @ 0xf90d0cb8
\Driver\atapi -> atapi.sys @ 0xf904fb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf8f58bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8f65a21
SendHandler -> NDIS.sys @ 0xf8f4387b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1214440339-484763869-1202660629-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53c35e49-d534-4e7e-b490-bd5be8cc37c6}]
@Denied: (Full) (Everyone)
"Model"=dword:00000140
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):47,21,de,df,c8,78,cf,94,ec,fa,77,81,75,4c,6a,d9,68,15,98,7e,04,
e3,24,63,16,12,c5,0f,35,88,1b,40,01,03,c7,45,52,76,c2,58,00,00,00,00,00,00,\
.
--------------------- Pliki DLL Å‚adowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\sfc_os.dll
c:\program files\Stardock\MyColors\fastload.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1368)
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(2496)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Czas ukończenia: 2010-02-08 22:01:27 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-02-08 21:01
Przed: 1 783 005 184 bajtów wolnych
Po: 1 798 184 960 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3FD7FB1F079842ECB38E0FE74B7FA3BB
Komentarze: