- Kod: Zaznacz wszystko
ComboFix 09-02-25.02 - Dariusz Marzec 2009-02-26 12:05:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1014.599 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Dariusz Marzec\Pulpit\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Desktop_.ini
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Passthru
((((((((((((((((((((((((( Pliki utworzone od 2009-01-26 do 2009-02-26 )))))))))))))))))))))))))))))))
.
2009-02-26 12:07 . 2009-02-26 12:07 <DIR> d-------- c:\windows\system32\xircom
2009-02-26 12:07 . 2009-02-26 12:07 <DIR> d-------- c:\program files\microsoft frontpage
2009-02-26 11:11 . 2009-02-26 11:11 275 --a------ C:\Skrót do Dysk lokalny (E).lnk
2009-02-25 17:00 . 2009-02-25 17:00 <DIR> d-------- c:\documents and settings\LocalService\Pulpit
2009-02-21 10:56 . 2009-02-21 10:56 67,584 ---h----- c:\windows\system32\secupdat.dat
2009-02-21 10:56 . 2009-02-21 10:56 11,776 --ah----- c:\documents and settings\Dariusz Marzec\owvm.exe
2009-02-21 10:19 . 2009-02-21 10:19 <DIR> d-------- c:\program files\OrangeBS
2009-02-21 10:19 . 2008-09-11 09:18 94,208 --a------ c:\windows\system32\w32n50.dll
2009-02-21 10:19 . 2008-09-11 09:18 34,688 --a------ c:\windows\system32\pcampr5.sys
2009-02-21 10:19 . 2008-09-11 09:18 32,128 --a------ c:\windows\system32\pcandis5.sys
2009-02-21 10:18 . 2009-02-21 10:18 <DIR> d-------- c:\program files\Common Files\France Telecom
2009-02-21 10:14 . 2008-10-16 10:44 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys
2009-02-21 10:14 . 2008-10-16 10:44 99,840 -ra------ c:\windows\system32\drivers\ewusbfake.sys
2009-02-21 10:13 . 2009-02-21 10:13 <DIR> d-------- c:\program files\CardDetector
2009-02-17 08:16 . 2009-02-17 09:49 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-17 08:09 . 2008-02-07 01:00 25,088 --a------ c:\windows\system32\userinit.exe
2009-02-15 22:27 . 2009-02-15 22:27 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-15 22:26 . 2009-02-15 22:31 <DIR> d-------- c:\windows\system32\DllCache
2009-02-15 10:07 . 2008-06-14 19:01 273,024 --------- c:\windows\system32\drivers\bthport.sys
2009-02-15 10:07 . 2008-06-14 19:01 273,024 --------- c:\windows\system32\DllCache\bthport.sys
2009-02-15 10:03 . 2008-10-16 11:35 1,499,136 --------- c:\windows\system32\DllCache\shdocvw.dll
2009-02-15 10:03 . 2008-10-16 11:35 620,032 --------- c:\windows\system32\DllCache\urlmon.dll
2009-02-15 10:03 . 2008-10-16 11:35 251,904 --------- c:\windows\system32\DllCache\iepeers.dll
2009-02-15 10:03 . 2008-10-16 11:35 96,768 --------- c:\windows\system32\DllCache\inseng.dll
2009-02-15 10:03 . 2008-10-16 11:35 39,424 --------- c:\windows\system32\DllCache\pngfilt.dll
2009-02-15 10:03 . 2008-10-16 11:35 16,384 --------- c:\windows\system32\DllCache\jsproxy.dll
2009-02-15 10:00 . 2008-08-14 14:40 2,187,264 --------- c:\windows\system32\DllCache\ntoskrnl.exe
2009-02-15 10:00 . 2008-08-14 14:40 2,144,256 --------- c:\windows\system32\DllCache\ntkrnlmp.exe
2009-02-15 10:00 . 2008-08-14 14:40 2,064,256 --------- c:\windows\system32\DllCache\ntkrnlpa.exe
2009-02-15 10:00 . 2008-08-14 14:40 2,022,400 --------- c:\windows\system32\DllCache\ntkrpamp.exe
2009-02-15 10:00 . 2008-09-15 16:17 1,847,168 --------- c:\windows\system32\DllCache\win32k.sys
2009-02-15 09:59 . 2008-12-12 18:30 3,088,384 --------- c:\windows\system32\DllCache\mshtml.dll
2009-02-15 09:55 . 2008-10-24 12:25 455,936 --------- c:\windows\system32\DllCache\mrxsmb.sys
2009-02-15 09:55 . 2008-12-11 11:24 333,184 --------- c:\windows\system32\DllCache\srv.sys
2009-02-15 09:55 . 2008-05-01 15:33 331,776 --------- c:\windows\system32\DllCache\msadce.dll
2009-02-15 09:55 . 2008-05-08 13:28 202,752 --------- c:\windows\system32\DllCache\rmcast.sys
2009-02-15 09:54 . 2008-04-11 19:41 683,520 --------- c:\windows\system32\DllCache\inetcomm.dll
2009-02-15 09:50 . 2008-09-04 17:46 1,106,944 --------- c:\windows\system32\DllCache\msxml3.dll
2009-02-15 09:50 . 2008-10-15 17:55 339,456 --------- c:\windows\system32\DllCache\netapi32.dll
2009-02-15 09:50 . 2008-10-03 11:17 247,326 --------- c:\windows\system32\DllCache\strmdll.dll
2009-02-15 09:45 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-15 09:45 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-27 22:55 . 2009-01-27 22:55 6,656 --ahs---- C:\Thumbs.db
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 09:48 --------- d-----w c:\program files\Lavasoft
2009-02-26 09:48 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2009-02-25 20:58 --------- d-----w c:\program files\English Translator 3
2009-02-25 15:06 --------- d-----w c:\program files\Deutsch Translator 2
2009-02-25 11:56 --------- d-----w c:\program files\Gadu-Gadu
2009-02-21 09:56 52,672 ----a-w c:\windows\system32\drivers\ndisio.sys
2009-02-17 08:18 --------- d-----w c:\program files\Windows Live
2009-02-02 06:55 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-02 06:55 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-02 06:55 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\avg8
2009-01-12 16:22 --------- d-----w c:\program files\AVG
2009-01-12 15:54 --------- d-----w c:\program files\Windows Live Toolbar
2009-01-12 15:43 --------- d-----w c:\program files\CCleaner
2009-01-12 15:25 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-12 15:23 66 ---ha-w C:\aaw7boot.cmd
2009-01-11 10:20 --------- d-----w c:\program files\Trend Micro
2009-01-10 09:03 --------- d-----w c:\documents and settings\Dariusz Marzec\Dane aplikacji\Apple Computer
2009-01-07 14:07 --------- d-----w c:\program files\Bonjour
2009-01-07 14:06 --------- d-----w c:\program files\iTunes
2009-01-07 14:05 --------- d-----w c:\program files\iPod
2009-01-07 14:05 --------- d-----w c:\program files\Common Files\Apple
2009-01-07 14:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-07 14:03 --------- d-----w c:\program files\QuickTime
2009-01-07 13:50 --------- d-----w c:\program files\Safari
2008-12-18 15:48 8,000 ----a-w C:\RNDS2.DLL
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-02 1601304]
"CardDetectorHUAWEI160"="c:\program files\CardDetector\HUAWEI160\CardDetector.exe" [2008-09-29 274432]
"BEWINTERNET-PLSessionManager"="c:\program files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe" [2008-10-13 131824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-02 07:55 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Photosmart Premier - Szybkie uruchomienie.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Photosmart Premier - Szybkie uruchomienie.lnk
backup=c:\windows\pss\HP Photosmart Premier - Szybkie uruchomienie.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
c:\progra~1\Grisoft\AVG7\avgcc.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-12-19 11:08 159744 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-10-14 21:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 16:31 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-12-19 11:08 135168 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:55 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2006-01-30 17:00 98304 c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-12-19 11:07 131072 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rhetch]
c:\windows\system32\rhetch.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 03:28 144784 c:\program files\Java\jre1.6.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-03-21 07:49 16126464 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternet-PL\\Connectivity\\ConnectivityManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58156:TCP"= 58156:TCP:Pando P2P TCP Listening Port
"58156:UDP"= 58156:UDP:Pando P2P UDP Listening Port
"80:TCP"= 80:TCP:Promo
"53:UDP"= 53:UDP:Promo
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-12 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-12 107272]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-12 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-12 298264]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-02-21 99840]
S3 abcazppc;abcazppc;\??\c:\windows\System32\Drivers\abcazppc.sys --> c:\windows\System32\Drivers\abcazppc.sys [?]
S3 asrcsojk;asrcsojk;\??\c:\windows\System32\Drivers\asrcsojk.sys --> c:\windows\System32\Drivers\asrcsojk.sys [?]
S3 bkjqknxs;bkjqknxs;\??\c:\windows\System32\Drivers\bkjqknxs.sys --> c:\windows\System32\Drivers\bkjqknxs.sys [?]
S3 bmcjfmgp;bmcjfmgp;\??\c:\windows\System32\Drivers\bmcjfmgp.sys --> c:\windows\System32\Drivers\bmcjfmgp.sys [?]
S3 brmsneue;brmsneue;\??\c:\windows\System32\Drivers\brmsneue.sys --> c:\windows\System32\Drivers\brmsneue.sys [?]
S3 cytvrstd;cytvrstd;\??\c:\windows\System32\Drivers\cytvrstd.sys --> c:\windows\System32\Drivers\cytvrstd.sys [?]
S3 dixhmkkj;dixhmkkj;\??\c:\windows\System32\Drivers\dixhmkkj.sys --> c:\windows\System32\Drivers\dixhmkkj.sys [?]
S3 dlxoytqm;dlxoytqm;\??\c:\windows\System32\Drivers\dlxoytqm.sys --> c:\windows\System32\Drivers\dlxoytqm.sys [?]
S3 drnfpyyo;drnfpyyo;\??\c:\windows\System32\Drivers\drnfpyyo.sys --> c:\windows\System32\Drivers\drnfpyyo.sys [?]
S3 dtdscvrv;dtdscvrv;\??\c:\windows\System32\Drivers\dtdscvrv.sys --> c:\windows\System32\Drivers\dtdscvrv.sys [?]
S3 duiiegij;duiiegij;\??\c:\windows\System32\Drivers\duiiegij.sys --> c:\windows\System32\Drivers\duiiegij.sys [?]
S3 etyqodky;etyqodky;\??\c:\windows\System32\Drivers\etyqodky.sys --> c:\windows\System32\Drivers\etyqodky.sys [?]
S3 fixdnlgp;fixdnlgp;\??\c:\windows\System32\Drivers\fixdnlgp.sys --> c:\windows\System32\Drivers\fixdnlgp.sys [?]
S3 gkusmkgr;gkusmkgr;\??\c:\windows\System32\Drivers\gkusmkgr.sys --> c:\windows\System32\Drivers\gkusmkgr.sys [?]
S3 hhtvhtbt;hhtvhtbt;\??\c:\windows\System32\Drivers\hhtvhtbt.sys --> c:\windows\System32\Drivers\hhtvhtbt.sys [?]
S3 hmbeibiv;hmbeibiv;\??\c:\windows\System32\Drivers\hmbeibiv.sys --> c:\windows\System32\Drivers\hmbeibiv.sys [?]
S3 hzuxcmjj;hzuxcmjj;\??\c:\windows\System32\Drivers\hzuxcmjj.sys --> c:\windows\System32\Drivers\hzuxcmjj.sys [?]
S3 ilxkvobn;ilxkvobn;\??\c:\windows\System32\Drivers\ilxkvobn.sys --> c:\windows\System32\Drivers\ilxkvobn.sys [?]
S3 ircuiqpp;ircuiqpp;\??\c:\windows\System32\Drivers\ircuiqpp.sys --> c:\windows\System32\Drivers\ircuiqpp.sys [?]
S3 jnevgddf;jnevgddf;\??\c:\windows\System32\Drivers\jnevgddf.sys --> c:\windows\System32\Drivers\jnevgddf.sys [?]
S3 jursqeif;jursqeif;\??\c:\windows\System32\Drivers\jursqeif.sys --> c:\windows\System32\Drivers\jursqeif.sys [?]
S3 jzwipdiz;jzwipdiz;\??\c:\windows\System32\Drivers\jzwipdiz.sys --> c:\windows\System32\Drivers\jzwipdiz.sys [?]
S3 lfcseijd;lfcseijd;\??\c:\windows\System32\Drivers\lfcseijd.sys --> c:\windows\System32\Drivers\lfcseijd.sys [?]
S3 lmkgamwl;lmkgamwl;\??\c:\windows\System32\Drivers\lmkgamwl.sys --> c:\windows\System32\Drivers\lmkgamwl.sys [?]
S3 lrvezcsg;lrvezcsg;\??\c:\windows\System32\Drivers\lrvezcsg.sys --> c:\windows\System32\Drivers\lrvezcsg.sys [?]
S3 mabwidsh;mabwidsh;\??\c:\windows\System32\Drivers\mabwidsh.sys --> c:\windows\System32\Drivers\mabwidsh.sys [?]
S3 mspljkbf;mspljkbf;\??\c:\windows\System32\Drivers\mspljkbf.sys --> c:\windows\System32\Drivers\mspljkbf.sys [?]
S3 mvjwanti;mvjwanti;\??\c:\windows\System32\Drivers\mvjwanti.sys --> c:\windows\System32\Drivers\mvjwanti.sys [?]
S3 nmmnowxf;nmmnowxf;\??\c:\windows\System32\Drivers\nmmnowxf.sys --> c:\windows\System32\Drivers\nmmnowxf.sys [?]
S3 npfyawza;npfyawza;\??\c:\windows\System32\Drivers\npfyawza.sys --> c:\windows\System32\Drivers\npfyawza.sys [?]
S3 pdxecxqz;pdxecxqz;\??\c:\windows\System32\Drivers\pdxecxqz.sys --> c:\windows\System32\Drivers\pdxecxqz.sys [?]
S3 pmgqepdl;pmgqepdl;\??\c:\windows\System32\Drivers\pmgqepdl.sys --> c:\windows\System32\Drivers\pmgqepdl.sys [?]
S3 pxtrctsh;pxtrctsh;\??\c:\windows\System32\Drivers\pxtrctsh.sys --> c:\windows\System32\Drivers\pxtrctsh.sys [?]
S3 qaqmgwpb;qaqmgwpb;\??\c:\windows\System32\Drivers\qaqmgwpb.sys --> c:\windows\System32\Drivers\qaqmgwpb.sys [?]
S3 qlvzbftj;qlvzbftj;\??\c:\windows\System32\Drivers\qlvzbftj.sys --> c:\windows\System32\Drivers\qlvzbftj.sys [?]
S3 qnlwmkho;qnlwmkho;\??\c:\windows\System32\Drivers\qnlwmkho.sys --> c:\windows\System32\Drivers\qnlwmkho.sys [?]
S3 qpkekhgb;qpkekhgb;\??\c:\windows\System32\Drivers\qpkekhgb.sys --> c:\windows\System32\Drivers\qpkekhgb.sys [?]
S3 rcrsflhd;rcrsflhd;\??\c:\windows\System32\Drivers\rcrsflhd.sys --> c:\windows\System32\Drivers\rcrsflhd.sys [?]
S3 ruaackda;ruaackda;\??\c:\windows\System32\Drivers\ruaackda.sys --> c:\windows\System32\Drivers\ruaackda.sys [?]
S3 sgnphspp;sgnphspp;\??\c:\windows\System32\Drivers\sgnphspp.sys --> c:\windows\System32\Drivers\sgnphspp.sys [?]
S3 sljccesg;sljccesg;\??\c:\windows\System32\Drivers\sljccesg.sys --> c:\windows\System32\Drivers\sljccesg.sys [?]
S3 tloufnmz;tloufnmz;\??\c:\windows\System32\Drivers\tloufnmz.sys --> c:\windows\System32\Drivers\tloufnmz.sys [?]
S3 tpxuirmw;tpxuirmw;\??\c:\windows\System32\Drivers\tpxuirmw.sys --> c:\windows\System32\Drivers\tpxuirmw.sys [?]
S3 uztwfdtf;uztwfdtf;\??\c:\windows\System32\Drivers\uztwfdtf.sys --> c:\windows\System32\Drivers\uztwfdtf.sys [?]
S3 vsokmdyh;vsokmdyh;\??\c:\windows\System32\Drivers\vsokmdyh.sys --> c:\windows\System32\Drivers\vsokmdyh.sys [?]
S3 vtniewoi;vtniewoi;\??\c:\windows\System32\Drivers\vtniewoi.sys --> c:\windows\System32\Drivers\vtniewoi.sys [?]
S3 vxcdrnsm;vxcdrnsm;\??\c:\windows\System32\Drivers\vxcdrnsm.sys --> c:\windows\System32\Drivers\vxcdrnsm.sys [?]
S3 wecolkxa;wecolkxa;\??\c:\windows\System32\Drivers\wecolkxa.sys --> c:\windows\System32\Drivers\wecolkxa.sys [?]
S3 wqcsxawy;wqcsxawy;\??\c:\windows\System32\Drivers\wqcsxawy.sys --> c:\windows\System32\Drivers\wqcsxawy.sys [?]
S3 wzzyjygm;wzzyjygm;\??\c:\windows\System32\Drivers\wzzyjygm.sys --> c:\windows\System32\Drivers\wzzyjygm.sys [?]
S3 xfppluby;xfppluby;\??\c:\windows\System32\Drivers\xfppluby.sys --> c:\windows\System32\Drivers\xfppluby.sys [?]
S3 xipkcdcb;xipkcdcb;\??\c:\windows\System32\Drivers\xipkcdcb.sys --> c:\windows\System32\Drivers\xipkcdcb.sys [?]
S3 xwqznwow;xwqznwow;\??\c:\windows\System32\Drivers\xwqznwow.sys --> c:\windows\System32\Drivers\xwqznwow.sys [?]
S3 yeujpoun;yeujpoun;\??\c:\windows\System32\Drivers\yeujpoun.sys --> c:\windows\System32\Drivers\yeujpoun.sys [?]
S3 ygbkbghx;ygbkbghx;\??\c:\windows\System32\Drivers\ygbkbghx.sys --> c:\windows\System32\Drivers\ygbkbghx.sys [?]
S3 yodnfmkh;yodnfmkh;\??\c:\windows\System32\Drivers\yodnfmkh.sys --> c:\windows\System32\Drivers\yodnfmkh.sys [?]
S3 yuitiymy;yuitiymy;\??\c:\windows\System32\Drivers\yuitiymy.sys --> c:\windows\System32\Drivers\yuitiymy.sys [?]
S3 yvafysss;yvafysss;\??\c:\windows\System32\Drivers\yvafysss.sys --> c:\windows\System32\Drivers\yvafysss.sys [?]
S3 zlcgxrwv;zlcgxrwv;\??\c:\windows\System32\Drivers\zlcgxrwv.sys --> c:\windows\System32\Drivers\zlcgxrwv.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5de2e72-fff7-11dd-ab6c-001e4c2c3066}]
\Shell\AutoRun\command - H:\AutoRunCardDetector.exe
.
Zawartość folderu 'Zaplanowane zadania'
2009-02-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]
2009-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Dariusz Marzec\Dane aplikacji\Mozilla\Firefox\Profiles\uz1t1ju7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 12:08:21
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-26 12:10:40 - komputer został uruchomiony ponownie [Dariusz Marzec]
ComboFix-quarantined-files.txt 2009-02-26 11:10:33
ComboFix2.txt 2009-02-26 08:00:31
Przed: 56,138,780,672 bajtów wolnych
Po: 56,131,051,520 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
285 --- E O F --- 2009-02-25 07:56:35
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59, on 2009-02-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CardDetectorHUAWEI160] C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-PLSessionManager] "C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202567056250
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 4359 bytes
