- Kod: Zaznacz wszystko
ComboFix 09-08-10.06 - jmazurek 2009-08-13 0:46.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.503.133 [GMT 2:00]
Uruchomiony z: c:\documents and settings\jmazurek\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2009-07-12 do 2009-08-12 )))))))))))))))))))))))))))))))
.
2009-08-10 12:41 . 2009-08-10 12:41 -------- d-----w- c:\program files\CCleaner
2009-07-29 06:29 . 2009-07-29 06:29 -------- d-----w- c:\documents and settings\jmazurek\Ustawienia lokalne\Dane aplikacji\Help
2009-07-27 19:12 . 2009-08-10 08:17 -------- d-----w- c:\documents and settings\jmazurek\Dane aplikacji\ipla
2009-07-27 19:12 . 2009-07-27 19:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2009-07-27 19:12 . 2009-07-27 19:12 69232 ----a-w- c:\documents and settings\jmazurek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-07-27 19:10 . 2009-07-27 19:10 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-07-14 09:56 . 2008-04-14 21:50 26624 ----a-w- c:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 22:55 . 2009-07-03 18:03 -------- d-----w- c:\documents and settings\jmazurek\Dane aplikacji\Skype
2009-08-12 22:09 . 2009-07-03 18:05 -------- d-----w- c:\documents and settings\jmazurek\Dane aplikacji\skypePM
2009-08-10 09:54 . 2009-07-04 13:26 -------- d-----w- c:\program files\Winamp
2009-08-10 09:32 . 2009-07-03 22:44 -------- d-----w- c:\program files\Google
2009-08-10 09:29 . 2009-07-03 19:16 -------- d-----w- c:\program files\ALLPlayer
2009-08-10 09:29 . 2009-07-03 19:16 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-08-10 09:02 . 2009-07-12 18:38 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-07-12 18:28 . 2009-07-12 18:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-12 18:28 . 2009-07-12 18:28 -------- d-----w- c:\program files\Java
2009-07-12 18:28 . 2009-07-12 18:28 152576 ----a-w- c:\documents and settings\jmazurek\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-07 15:09 . 2009-07-07 15:09 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\ESET
2009-07-05 15:59 . 2007-10-29 12:00 90292 ----a-w- c:\windows\system32\perfc015.dat
2009-07-05 15:59 . 2007-10-29 12:00 503756 ----a-w- c:\windows\system32\perfh015.dat
2009-07-04 13:29 . 2009-07-04 13:29 -------- d-----w- c:\program files\Common Files\NSV
2009-07-03 19:27 . 2009-07-03 19:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-03 19:22 . 2009-07-03 19:21 -------- d-----w- c:\documents and settings\jmazurek\Dane aplikacji\Media Player Classic
2009-07-03 18:05 . 2009-07-03 18:05 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-03 18:03 . 2009-07-03 18:03 -------- d-----w- c:\program files\Skype
2009-07-03 18:03 . 2009-07-03 17:49 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-07-03 18:03 . 2009-07-03 18:03 -------- d-----w- c:\program files\Common Files\Skype
2009-07-03 17:42 . 2009-07-03 17:42 -------- d-----w- c:\program files\Common Files\snp2std
2009-07-03 17:42 . 2008-04-09 10:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 10:01 . 2008-04-10 08:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-07-02 09:53 . 2008-04-10 08:44 -------- d-----w- c:\program files\Microsoft Works
2009-07-02 08:38 . 2009-07-02 08:38 -------- d-----w- c:\documents and settings\jmazurek\Dane aplikacji\ESET
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-22 126976]
"KTPWare"="c:\program files\Elantech\ktp.exe" [2005-10-27 512000]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-04-21 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-12 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-05-12 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2008-04-09 27392]
S3 UNDPX2K;UNDPX2K;\??\c:\windows\system32\drivers\UNDPX2K.SYS --> c:\windows\system32\drivers\UNDPX2K.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'
2009-08-12 c:\windows\Tasks\User_Feed_Synchronization-{5D9E15B0-5A6E-41BA-9435-509564FEF379}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jmazurek\Dane aplikacji\Mozilla\Firefox\Profiles\mv4htdl7.default\
FF - prefs.js: browser.startup.homepage - hxxp://onet.pl
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 00:55
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(2188)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2009-08-12 1:02
ComboFix-quarantined-files.txt 2009-08-12 23:02
Przed: 5 687 975 936 bajtów wolnych
Po: 6 194 720 768 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
129 --- E O F --- 2009-03-03 11:03
