Aktualizacje na programosy.pl:
Praat • SIW (System Info) • StressMyPC • Chromium • Kaspersky Rescue Disk • Vim • Free YouTube to MP3 Converter • Far Manager • Free YouTube Download
-
- Ogłoszenie:
Antyvirus alert pro problem
8 posty(ów) • Strona 1 z 1
Antyvirus alert pro problem
przez kadosh44 04 Cze 2009, 13:08
Antyvirus alert pro problem
przez Okocza 04 Cze 2009, 14:39
kadosh44, daj log z combofixa oraz hijack this
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
-
Okocza - ~user
- Posty: 8001
- Dołączenie: 19 Mar 2006, 11:53
- Pochwały: 406
Re: antyvirus alert pro problem
przez kadosh44 05 Cze 2009, 12:51
- Kod: Zaznacz wszystko
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:23, on 2009-06-05
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\Xfire\Xfire.exe
D:\Program Files\OpenOffice.ux.pl 2.0.2\program\soffice.exe
D:\Program Files\OpenOffice.ux.pl 2.0.2\program\soffice.BIN
D:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlservr.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\UAService7.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\spider.exe
D:\Program Files\Sokaris\Faktura-NT\Fakt-NT.exe
D:\Program Files\Sokaris\Faktura-NT\CRM\SokCRM.exe
D:\Program Files\VUGames\SWAT 4\Content\System\Swat4.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system\rundll32.exe
C:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - D:\WINDOWS\system32\InternetExplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Firebird] D:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [shell] D:\WINDOWS\system\rundll32.exe 70175
O4 - HKLM\..\Run: [svchost] D:\WINDOWS\system\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ALLUpdate] "D:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.ux.pl 2.0.2.lnk = D:\Program Files\OpenOffice.ux.pl 2.0.2\program\quickstart.exe
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1E26210-D165-46E8-A66A-314B179964C0}: NameServer = 10.51.61.1
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - D:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - D:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe
--
Antyvirus alert pro problem
przez wojtas 05 Cze 2009, 12:52
Wykonaj to co jest podane w tym temacie
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje
Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z OTListIt2
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje
Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z OTListIt2
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
Antyvirus alert pro problem
przez kadosh44 05 Cze 2009, 13:04
- Kod: Zaznacz wszystko
ComboFix 09-06-04.08 - cb 2009-06-05 12:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.885 [GMT 2:00]
Uruchomiony z: C:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\system\svchost.exe
d:\windows\system32\GDS32.DLL
d:\windows\system32\wbem\proquota.exe
d:\windows\system32\proquota.exe - brakowało pliku
Plik odzyskano z -
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-05 do 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 11:01 . 2008-04-15 12:00 50688 -c--a-w- d:\windows\system32\dllcache\proquota.exe
2009-06-05 11:01 . 2008-04-15 12:00 50688 ----a-w- d:\windows\system32\proquota.exe
2009-06-05 10:46 . 2009-06-05 10:46 30208 ----a-w- d:\windows\system\dop.exe
2009-06-05 10:45 . 2009-06-05 10:45 -------- d-----w- d:\program files\Antivirus Plus
2009-06-05 10:45 . 2009-06-05 10:45 639488 ----a-w- d:\windows\system32\InternetExplorer.dll
2009-06-05 10:44 . 2009-06-05 10:45 1546752 ----a-w- d:\windows\system\rundll32.exe
2009-06-04 12:15 . 2009-04-03 09:18 130936 ----a-w- d:\windows\system32\drivers\PCTCore.sys
2009-06-04 12:15 . 2008-12-18 10:16 73840 ----a-w- d:\windows\system32\drivers\PCTAppEvent.sys
2009-06-04 12:15 . 2008-12-10 09:36 64392 ----a-w- d:\windows\system32\drivers\pctplsg.sys
2009-06-04 12:15 . 2009-06-04 12:15 -------- d-----w- d:\documents and settings\cb\Dane aplikacji\PC Tools
2009-06-04 12:15 . 2009-06-04 12:15 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-06-04 11:45 . 2009-06-04 13:30 -------- d---a-w- d:\documents and settings\All Users\Dane aplikacji\TEMP
2009-06-04 11:44 . 2009-06-04 12:23 -------- d-----w- d:\program files\Common Files\PC Tools
2009-06-04 11:44 . 2009-06-04 12:21 -------- d-----w- d:\program files\Spyware Doctor
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w- d:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 10:00 . 2009-01-14 14:37 -------- d-----w- d:\documents and settings\cb\Dane aplikacji\Xfire
2009-06-05 08:32 . 2009-01-15 09:23 -------- d-----w- d:\documents and settings\cb\Dane aplikacji\OpenOffice.ux.pl2
2009-06-04 12:13 . 2009-02-28 09:39 -------- d-----w- d:\documents and settings\cb\Dane aplikacji\uTorrent
2009-06-03 07:55 . 2009-01-14 14:37 -------- d-----w- d:\program files\Xfire
2009-05-06 08:08 . 2009-01-14 12:37 18776 ----a-w- d:\documents and settings\cb\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-30 12:07 . 2009-01-14 13:17 660 ----a-w- d:\windows\_system.dat
2009-04-27 12:33 . 2009-04-27 12:33 -------- d-----w- d:\program files\Microsoft ActiveSync
2009-04-23 07:31 . 2009-04-23 07:31 98304 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-04-23 07:31 . 2009-04-23 07:31 135168 ----a-w- d:\windows\system32\UAService7.exe
2009-04-17 07:21 . 2009-01-14 13:02 -------- d-----w- d:\program files\Gadu-Gadu
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"ALLUpdate"="d:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"H/PC Connection Agent"="d:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"Firebird"="d:\program files\Firebird\Firebird_2_1\bin\fbguard.exe" [2008-06-13 81920]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2007-08-03 1826816]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2008-12-25 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
d:\documents and settings\cb\Menu Start\Programy\Autostart\
OpenOffice.ux.pl 2.0.2.lnk - d:\program files\OpenOffice.ux.pl 2.0.2\program\quickstart.exe [2006-3-20 61440]
Xfire.lnk - d:\program files\Xfire\Xfire.exe [2009-5-22 3171664]
d:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Service Manager.lnk - d:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\Program Files\\Firebird\\Firebird_2_1\\bin\\fbserver.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\VUGames\\SWAT 4\\Content\\System\\Swat4.exe"=
"d:\\Program Files\\VUGames\\SWAT 4\\Content\\System\\Swat4DedicatedServer.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\WINDOWS\\system\\rundll32.exe"=
"d:\\WINDOWS\\system\\dop.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [2009-06-04 130936]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-01-14 81920]
R2 MSSQL$AIGSQLSKLEP;MSSQL$AIGSQLSKLEP;d:\program files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlservr.exe -sAIGSQLSKLEP --> d:\program files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlservr.exe -sAIGSQLSKLEP [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-01-14 2723840]
S3 FXDrv32;FXDrv32;\??\i:\fxdrv32.sys --> i:\FXDrv32.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [2009-06-04 348752]
S3 SQLAgent$AIGSQLSKLEP;SQLAgent$AIGSQLSKLEP;d:\program files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlagent.EXE -i AIGSQLSKLEP --> d:\program files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlagent.EXE -i AIGSQLSKLEP [?]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
SafeBoot-procexp90.Sys
.
------- Skan uzupełniający -------
.
TCP: {D1E26210-D165-46E8-A66A-314B179964C0} = 10.51.61.1
FF - ProfilePath - d:\documents and settings\cb\Dane aplikacji\Mozilla\Firefox\Profiles\zo7pchmk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 13:01
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Firebird = d:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -a?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-06-05 13:02
ComboFix-quarantined-files.txt 2009-06-05 11:02
ComboFix2.txt 2009-01-14 15:29
Przed: 184 640 417 792 bajtów wolnych
Po: 184 889 253 888 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Dodano Dzisiaj, 13:19:
- Kod: Zaznacz wszystko
[b]SDFix: Version 1.240 [/b]
Run by cb on 2009-06-05 at 13:11
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[i][size=85]Dodano Dzisiaj, 13:24:[/size][/i]
OTListIt logfile created on: 2009-06-05 13:22:32 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,33% Memory free
3,85 Gb Paging File | 3,43 Gb Available in Paging File | 89,10% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 48,83 Gb Total Space | 41,07 Gb Free Space | 84,11% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 172,16 Gb Free Space | 93,54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 2,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CB-716C584176B0
Current User Name: cb
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
[color=orange]========== Processes (SafeList) ==========[/color]
PRC - [2008-04-15 14:00:00 | 01,035,264 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Explorer.EXE
PRC - [2007-08-10 09:21:56 | 16,384,000 | R--- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\RTHDCPL.EXE
PRC - [2009-01-19 17:10:10 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\gg.exe
PRC - [2006-11-16 20:04:20 | 00,139,264 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006-11-13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
PRC - [2006-11-16 19:58:32 | 00,884,736 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2002-12-17 18:23:32 | 00,074,308 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2006-11-13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2009-05-22 00:51:42 | 03,171,664 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\Xfire.exe
PRC - [2006-03-22 13:52:06 | 02,252,800 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.ux.pl 2.0.2\program\soffice.exe
PRC - [2006-03-22 13:52:08 | 02,396,160 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.ux.pl 2.0.2\program\soffice.BIN
PRC - [2008-06-13 15:24:02 | 00,081,920 | ---- | M] (Firebird Project) -- D:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2009-01-19 17:10:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006-10-19 14:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- D:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2002-12-17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlservr.exe
PRC - [2008-12-26 01:08:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe
PRC - [2004-08-11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wdfmgr.exe
PRC - [2009-04-23 09:31:27 | 00,135,168 | ---- | M] (Sony DADC Austria AG.) -- D:\WINDOWS\system32\UAService7.exe
PRC - [2008-04-15 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wscntfy.exe
PRC - [2008-06-13 15:22:50 | 02,723,840 | ---- | M] (Firebird Project) -- D:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2009-04-29 09:05:19 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-01-19 17:10:09 | 00,382,384 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009-06-05 13:19:53 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\OTListIt2.exe
[color=orange]========== Win32 Services (SafeList) ==========[/color]
SRV - [2008-06-13 15:24:02 | 00,081,920 | ---- | M] (Firebird Project) -- D:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance [Auto | Running])
SRV - [2008-06-13 15:22:50 | 02,723,840 | ---- | M] (Firebird Project) -- D:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance [On_Demand | Running])
SRV - [2008-04-15 14:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008-04-15 00:50:34 | 00,028,672 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009-01-19 17:10:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006-10-19 14:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- D:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2002-12-17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlservr.exe -- (MSSQL$AIGSQLSKLEP [Auto | Running])
SRV - [2002-12-17 18:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2006-11-10 20:18:02 | 00,774,144 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008-12-26 01:08:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009-01-07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2009-01-21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2002-12-17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlagent.EXE -- (SQLAgent$AIGSQLSKLEP [On_Demand | Stopped])
SRV - [2004-08-11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2009-04-23 09:31:27 | 00,135,168 | ---- | M] (Sony DADC Austria AG.) -- D:\WINDOWS\system32\UAService7.exe -- (UserAccess7 [Auto | Running])
[color=orange]========== Driver Services (SafeList) ==========[/color]
DRV - [2008-04-15 14:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- D:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007-08-10 07:52:44 | 04,603,904 | R--- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2001-08-17 23:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running])
DRV - [2008-12-26 01:08:00 | 06,301,344 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009-04-03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- D:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2008-04-15 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- D:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007-08-07 11:40:38 | 00,098,944 | R--- | M] (Realtek Semiconductor Corporation ) -- D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2008-04-15 14:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003-07-16 15:27:40 | 00,043,264 | R--- | M] (Prolific Technology Inc.) -- D:\WINDOWS\system32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2008-04-14 00:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2006-11-06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
[color=orange]========== Standard Registry (SafeList) ==========[/color]
[color=orange]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=orange]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-04-29 09:05:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-04-29 09:05:22 | 00,000,000 | ---D | M]
[2009-01-14 14:52:41 | 00,000,000 | ---D | M] -- D:\Documents and Settings\cb\Dane aplikacji\mozilla\Extensions
[2009-01-14 14:52:41 | 00,000,000 | ---D | M] -- D:\Documents and Settings\cb\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-01-14 14:52:41 | 00,000,000 | ---D | M] -- D:\Documents and Settings\cb\Dane aplikacji\mozilla\Firefox\Profiles\zo7pchmk.default\extensions
[2009-06-04 16:30:07 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2009-04-29 09:05:19 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-01-19 17:10:15 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-04-29 09:05:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-04-29 09:05:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
O1 HOSTS File: (686 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Firebird] D:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -a (Firebird Project)
O4 - HKLM..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SDFix] C:\SDFix\SDFix\RunThis.bat /second ()
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ALLUpdate] "D:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe" (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\cb\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk = D:\Program Files\OpenOffice.ux.pl 2.0.2\program\quickstart.exe ()
O4 - Startup: D:\Documents and Settings\cb\Menu Start\Programy\Autostart\Xfire.lnk = D:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{D1E26210-D165-46E8-A66A-314B179964C0}\\NameServer = 10.51.61.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-01-14 14:33:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006-09-11 01:49:21 | 00,093,184 | R--- | M] () - I:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2005-02-23 17:18:46 | 00,002,238 | R--- | M] () - I:\autoplay.ico -- [ CDFS ]
O32 - AutoRun File - [2005-03-13 18:22:20 | 00,651,264 | R--- | M] () - I:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005-02-23 17:18:46 | 00,002,238 | R--- | M] () - I:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2006-09-11 01:48:49 | 00,000,049 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{053dd580-e237-11dd-8c66-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{053dd580-e237-11dd-8c66-806d6172696f}\Shell\AutoRun\command - "" = I:\autoplay.exe -- [2006-09-11 01:49:21 | 00,093,184 | R--- | M] ()
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autoplay.exe -- [2006-09-11 01:49:21 | 00,093,184 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-01-14 13:09:47 | 00,000,000 | ---D | M]
[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]
[3 D:\WINDOWS\*.tmp files]
[2009-06-05 13:09:43 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERUNT
[2009-06-05 13:06:15 | 00,000,000 | -HSD | C] -- D:\RECYCLER
[2009-06-05 13:01:27 | 00,050,688 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\proquota.exe
[2009-06-05 13:01:27 | 00,050,688 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\proquota.exe
[2009-06-05 12:57:10 | 00,154,624 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2009-06-05 12:57:03 | 00,000,000 | --SD | C] -- D:\ComboFix
[2009-06-05 12:46:08 | 00,000,007 | ---- | C] () -- D:\WINDOWS\System\cmd
[2009-06-05 12:46:05 | 00,030,208 | ---- | C] () -- D:\WINDOWS\System\dop.exe
[2009-06-05 12:45:36 | 00,000,763 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\Antivirus Plus.lnk
[2009-06-05 12:45:25 | 00,639,488 | ---- | C] () -- D:\WINDOWS\System32\InternetExplorer.dll
[2009-06-05 12:45:25 | 00,000,325 | ---- | C] () -- D:\WINDOWS\System32\dmns.cfg
[2009-06-05 12:44:57 | 01,546,752 | ---- | C] () -- D:\WINDOWS\System\rundll32.exe
[2009-06-05 12:44:57 | 00,000,005 | ---- | C] () -- D:\WINDOWS\System32\avp.id
[2009-06-04 14:15:34 | 00,130,936 | ---- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\PCTCore.sys
[2009-06-04 14:15:34 | 00,073,840 | ---- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009-06-04 14:15:30 | 00,001,655 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\Spyware Doctor.lnk
[2009-06-04 14:15:28 | 00,064,392 | ---- | C] (PC Tools) -- D:\WINDOWS\System32\drivers\pctplsg.sys
[2009-06-04 14:15:24 | 00,000,000 | ---D | C] -- D:\Documents and Settings\cb\Dane aplikacji\PC Tools
[2009-06-04 14:15:24 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\PC Tools
[2009-06-04 13:45:00 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-06-04 13:44:58 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\PC Tools
[2009-06-04 13:44:54 | 00,000,000 | ---D | C] -- D:\Program Files\Spyware Doctor
[2009-05-22 00:51:48 | 00,041,808 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll
[2009-05-19 10:37:11 | 00,038,704 | ---- | C] () -- D:\Documents and Settings\cb\Pulpit\zaswiadczenie_o_zatrudnieniu.pdf
[2009-05-16 12:14:19 | 19,406,34300 | ---- | C] () -- D:\Documents and Settings\cb\Pulpit\upgrade.zip
[2009-05-14 10:27:04 | 00,000,000 | ---D | C] -- D:\Documents and Settings\cb\Pulpit\fotoradary
[2009-05-14 10:26:58 | 00,166,523 | ---- | C] () -- D:\Documents and Settings\cb\Pulpit\fotoradary.zip
[2009-01-15 11:05:33 | 00,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2009-01-14 16:07:16 | 00,008,704 | ---- | C] () -- D:\WINDOWS\System32\CNMVS76.DLL
[2008-12-26 01:08:00 | 01,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2008-12-26 01:08:00 | 01,507,328 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2008-12-26 01:08:00 | 01,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2008-12-26 01:08:00 | 00,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2008-10-07 10:13:30 | 00,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 10:13:22 | 00,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[2008-04-15 14:00:00 | 00,000,477 | ---- | C] () -- D:\WINDOWS\win.ini
[2008-04-15 14:00:00 | 00,000,227 | ---- | C] () -- D:\WINDOWS\system.ini
[color=orange]========== Files - Modified Within 30 Days ==========[/color]
[2 D:\WINDOWS\System32\*.tmp files]
[3 D:\WINDOWS\*.tmp files]
[2009-06-05 13:14:43 | 00,816,258 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2009-06-05 13:14:43 | 00,373,316 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat
[2009-06-05 13:14:43 | 00,329,434 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2009-06-05 13:14:43 | 00,057,108 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat
[2009-06-05 13:14:43 | 00,047,608 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2009-06-05 13:13:35 | 00,206,492 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2009-06-05 13:13:30 | 00,000,062 | -HS- | M] () -- D:\Documents and Settings\cb\Ustawienia lokalne\desktop.ini
[2009-06-05 13:13:29 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009-06-05 13:13:28 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009-06-05 13:11:25 | 00,000,686 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\HOSTS
[2009-06-05 13:01:39 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009-06-05 12:46:08 | 00,000,007 | ---- | M] () -- D:\WINDOWS\System\cmd
[2009-06-05 12:46:06 | 00,030,208 | ---- | M] () -- D:\WINDOWS\System\dop.exe
[2009-06-05 12:45:36 | 00,639,488 | ---- | M] () -- D:\WINDOWS\System32\InternetExplorer.dll
[2009-06-05 12:45:36 | 00,000,763 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Antivirus Plus.lnk
[2009-06-05 12:45:25 | 01,546,752 | ---- | M] () -- D:\WINDOWS\System\rundll32.exe
[2009-06-05 12:45:25 | 00,000,325 | ---- | M] () -- D:\WINDOWS\System32\dmns.cfg
[2009-06-05 12:44:57 | 00,000,005 | ---- | M] () -- D:\WINDOWS\System32\avp.id
[2009-06-04 14:15:30 | 00,001,655 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Spyware Doctor.lnk
[2009-06-02 10:06:22 | 00,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009-05-31 11:08:41 | 00,154,624 | ---- | M] () -- D:\WINDOWS\PEV.exe
[2009-05-22 00:51:48 | 00,041,808 | ---- | M] () -- D:\WINDOWS\System32\xfcodec.dll
[2009-05-19 10:37:11 | 00,038,704 | ---- | M] () -- D:\Documents and Settings\cb\Pulpit\zaswiadczenie_o_zatrudnieniu.pdf
[2009-05-16 21:12:41 | 19,406,34300 | ---- | M] () -- D:\Documents and Settings\cb\Pulpit\upgrade.zip
[2009-05-14 10:26:58 | 00,166,523 | ---- | M] () -- D:\Documents and Settings\cb\Pulpit\fotoradary.zip
[2009-05-07 09:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\MRT.exe
[color=orange]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 112 bytes -> D:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
< End of report >
- Kod: Zaznacz wszystko
Dodano Dzisiaj, 13:25:
chyba z duze to wyszlo sorry
Antyvirus alert pro problem
przez wojtas 05 Cze 2009, 14:39
Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :
Kliknij w Run Fix. I potwierdz reset kompa .
Otworz notatnik i wklej w nim to:
>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2006-09-11 01:49:21 | 00,093,184 | R--- | M] () - I:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2005-02-23 17:18:46 | 00,002,238 | R--- | M] () - I:\autoplay.ico -- [ CDFS ]
O32 - AutoRun File - [2005-03-13 18:22:20 | 00,651,264 | R--- | M] () - I:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005-02-23 17:18:46 | 00,002,238 | R--- | M] () - I:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2006-09-11 01:48:49 | 00,000,049 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
Kliknij w Run Fix. I potwierdz reset kompa .
Otworz notatnik i wklej w nim to:
File::
d:\windows\system\dop.exe
d:\windows\system32\InternetExplorer.dll
D:\WINDOWS\system\rundll32.exe
D:\Documents and Settings\All Users\Pulpit\Antivirus Plus.lnk
D:\WINDOWS\System32\dmns.cfg
D:\WINDOWS\System\cmd
D:\WINDOWS\System32\avp.id
Folder::
d:\program files\Antivirus Plus
>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
Antyvirus alert pro problem
przez kadosh44 05 Cze 2009, 15:08
- Kod: Zaznacz wszystko
ComboFix 09-06-04.08 - cb 2009-06-05 15:03.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1516 [GMT 2:00]
Uruchomiony z: C:\ComboFix.exe
Użyto następujących komend :: d:\documents and settings\cb\Pulpit\CFScript.txt
FILE ::
"d:\documents and settings\All Users\Pulpit\Antivirus Plus.lnk"
"d:\windows\System\cmd"
"d:\windows\system\dop.exe"
"d:\windows\system\rundll32.exe"
"d:\windows\System32\avp.id"
"d:\windows\System32\dmns.cfg"
"d:\windows\system32\InternetExplorer.dll"
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\All Users\Pulpit\Antivirus Plus.lnk
d:\windows\System\cmd
d:\windows\system\dop.exe
d:\windows\system\rundll32.exe
d:\windows\System32\avp.id
d:\windows\System32\dmns.cfg
d:\windows\system32\InternetExplorer.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-05 do 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 11:09 . 2009-06-05 11:09 -------- d-----w- d:\windows\ERUNT
2009-06-05 11:01 . 2008-04-15 12:00 50688 -c--a-w- d:\windows\system32\dllcache\proquota.exe
2009-06-05 11:01 . 2008-04-15 12:00 50688 ----a-w- d:\windows\system32\proquota.exe
2009-06-04 12:15 . 2009-04-03 09:18 130936 ----a-w- d:\windows\system32\drivers\PCTCore.sys
2009-06-04 12:15 . 2008-12-18 10:16 73840 ----a-w- d:\windows\system32\drivers\PCTAppEvent.sys
2009-06-04 12:15 . 2008-12-10 09:36 64392 ----a-w- d:\windows\system32\drivers\pctplsg.sys
2009-06-04 12:15 . 2009-06-04 12:15 -------- d-----w- d:\documents and settings\cb\Dane aplikacji\PC Tools
2009-06-04 12:15 . 2009-06-04 12:15 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-06-04 11:45 . 2009-06-04 13:30 -------- d---a-w- d:\documents and settings\All Users\Dane aplikacji\TEMP
2009-06-04 11:44 . 2009-06-04 12:23 -------- d-----w- d:\program files\Common Files\PC Tools
2009-06-04 11:44 . 2009-06-04 12:21 -------- d-----w- d:\program files\Spyware Doctor
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w- d:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 12:58 . 2009-01-15 09:23 -------- d-----w- d:\documents and settings\cb\Dane aplikacji\OpenOffice.ux.pl2
2009-06-05 11:14 . 2008-04-15 12:00 57108 ----a-w- d:\windows\system32\perfc015.dat
2009-06-05 11:14 . 2008-04-15 12:00 373316 ----a-w- d:\windows\system32\perfh015.dat
2009-06-05 10:00 . 2009-01-14 14:37 -------- d-----w- d:\documents and settings\cb\Dane aplikacji\Xfire
2009-06-04 12:13 . 2009-02-28 09:39 -------- d-----w- d:\documents and settings\cb\Dane aplikacji\uTorrent
2009-06-03 07:55 . 2009-01-14 14:37 -------- d-----w- d:\program files\Xfire
2009-05-06 08:08 . 2009-01-14 12:37 18776 ----a-w- d:\documents and settings\cb\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-30 12:07 . 2009-01-14 13:17 660 ----a-w- d:\windows\_system.dat
2009-04-27 12:33 . 2009-04-27 12:33 -------- d-----w- d:\program files\Microsoft ActiveSync
2009-04-23 07:31 . 2009-04-23 07:31 98304 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-04-23 07:31 . 2009-04-23 07:31 135168 ----a-w- d:\windows\system32\UAService7.exe
2009-04-17 07:21 . 2009-01-14 13:02 -------- d-----w- d:\program files\Gadu-Gadu
.
((((((((((((((((((((((((((((( SnapShot@2009-06-05_11.01.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-05 12:57 . 2009-06-05 12:57 16384 d:\windows\temp\Perflib_Perfdata_248.dat
+ 2009-06-05 12:57 . 2009-06-05 12:57 16384 d:\windows\temp\Perflib_Perfdata_210.dat
+ 2008-04-15 12:00 . 2009-06-05 11:14 47608 d:\windows\system32\perfc009.dat
+ 2008-04-15 12:00 . 2009-06-05 11:14 329434 d:\windows\system32\perfh009.dat
+ 2009-06-05 11:09 . 2009-06-05 11:09 180224 d:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2009-06-05 11:09 . 2008-08-07 13:27 163328 d:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-06-05 11:10 . 2009-06-05 11:10 180224 d:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2009-06-05 11:10 . 2008-08-07 13:27 163328 d:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-06-05 11:09 . 2009-06-05 11:09 2990080 d:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-06-05 11:09 . 2009-06-05 11:10 2990080 d:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"ALLUpdate"="d:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"H/PC Connection Agent"="d:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"Firebird"="d:\program files\Firebird\Firebird_2_1\bin\fbguard.exe" [2008-06-13 81920]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
"SDFix"="c:\sdfix\SDFix\RunThis.bat" [2008-11-05 964661]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" - d:\windows\SkyTel.exe [2007-08-03 1826816]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2008-12-25 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
d:\documents and settings\cb\Menu Start\Programy\Autostart\
OpenOffice.ux.pl 2.0.2.lnk - d:\program files\OpenOffice.ux.pl 2.0.2\program\quickstart.exe [2006-3-20 61440]
Xfire.lnk - d:\program files\Xfire\Xfire.exe [2009-5-22 3171664]
d:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Service Manager.lnk - d:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\Program Files\\Firebird\\Firebird_2_1\\bin\\fbserver.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\VUGames\\SWAT 4\\Content\\System\\Swat4.exe"=
"d:\\Program Files\\VUGames\\SWAT 4\\Content\\System\\Swat4DedicatedServer.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [2009-06-04 130936]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-01-14 81920]
R2 MSSQL$AIGSQLSKLEP;MSSQL$AIGSQLSKLEP;d:\program files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlservr.exe -sAIGSQLSKLEP --> d:\program files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlservr.exe -sAIGSQLSKLEP [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-01-14 2723840]
S3 FXDrv32;FXDrv32;\??\i:\fxdrv32.sys --> i:\FXDrv32.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [2009-06-04 348752]
S3 SQLAgent$AIGSQLSKLEP;SQLAgent$AIGSQLSKLEP;d:\program files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlagent.EXE -i AIGSQLSKLEP --> d:\program files\Microsoft SQL Server\MSSQL$AIGSQLSKLEP\Binn\sqlagent.EXE -i AIGSQLSKLEP [?]
.
.
------- Skan uzupełniający -------
.
TCP: {D1E26210-D165-46E8-A66A-314B179964C0} = 10.51.61.1
FF - ProfilePath - d:\documents and settings\cb\Dane aplikacji\Mozilla\Firefox\Profiles\zo7pchmk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 15:04
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Firebird = d:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -a?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-06-05 15:05
ComboFix-quarantined-files.txt 2009-06-05 13:05
ComboFix2.txt 2009-06-05 11:02
ComboFix3.txt 2009-01-14 15:29
Przed: 184 854 757 376 bajtów wolnych
Po: 184 842 371 072 bajtów wolnych
Dodano Dzisiaj, 15:14:
jest log ale jest i jeszcze jeden problem nie moam zadnych programow w zakledce dodaj usun programy
Dodano Dzisiaj, 15:17:
ok sorry sa tylko dlugo sie ladowały
Antyvirus alert pro problem
przez wojtas 05 Cze 2009, 15:18
1.Uruchom OTListIt2 z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.
i tym (skasuj co znajdzie)
Malwarebytes Anti-Malware
Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.
i tym (skasuj co znajdzie)
Malwarebytes Anti-Malware
Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
8 posty(ów) • Strona 1 z 1
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 31 gości