Logi:- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:44, on 2008-11-11
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Porządkujące\Advanced WindowsCare V2 Pro\Awc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Komunikatory\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Użytkowe\Desktop Sidebar\dsidebar.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Użytkowe\Java\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\PRZEGL~1\MOZILL~1\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Manieq\Pulpit\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Użytkowe\Desktop Sidebar\sbhelp.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Biuro\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Użytkowe\Java\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Użytkowe\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Użytkowe\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\Porządkujące\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Komunikatory\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Użytkowe\Desktop Sidebar\dsidebar.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\Biuro\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Użytkowe\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Użytkowe\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Biuro\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Biuro\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Biuro\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1EE116A-6715-4784-8B2D-014D214B5988}: NameServer = 82.177.140.1,82.177.174.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Biuro\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Użytkowe\Java\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
--
End of file - 6950 bytes
Combofix:
- Kod: Zaznacz wszystko
ComboFix 08-11-10.01 - Manieq 2008-11-11 13:00:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.528 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\Manieq\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\msvrc20.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-11 do 2008-11-11 )))))))))))))))))))))))))))))))
.
2008-11-11 13:04 . 2008-11-11 13:04 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-11-11 13:04 . 2008-11-11 13:04 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-11-11 10:24 . 2008-11-11 10:24 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-11-11 10:24 . 2008-11-11 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-11-11 10:24 . 2008-11-11 13:03 4,895,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-11-11 10:24 . 2008-11-11 13:03 270,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-11-11 10:24 . 2008-11-11 10:24 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-11-11 10:24 . 2008-11-11 10:24 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-11-11 10:24 . 2008-11-11 13:03 41,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-11-11 10:24 . 2008-11-11 13:03 4,100 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-11-11 10:18 . 2008-11-11 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-11-11 09:22 . 2008-11-11 09:22 <DIR> d-------- C:\Program Files\Odzyskiwanie Danych
2008-11-09 14:11 . 2008-11-09 14:11 <DIR> d-------- C:\Documents and Settings\Manieq\Dane aplikacji\Media Player Classic
2008-11-08 15:50 . 2008-11-08 17:08 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-11-08 15:21 . 2008-11-08 15:26 <DIR> d-------- C:\Program Files\VstPlugins
2008-11-08 15:21 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-11-08 15:21 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-11-08 15:19 . 2008-11-08 15:26 <DIR> d-------- C:\Program Files\Image-Line
2008-11-08 14:47 . 2008-11-08 14:47 <DIR> d-------- C:\Documents and Settings\Manieq\.mysqlcc
2008-11-08 11:08 . 2007-06-19 21:52 419,840 --a------ C:\WINDOWS\system32\ws_edit.lib
2008-11-08 11:08 . 2006-08-17 22:37 130,048 --a------ C:\WINDOWS\system32\webserv.cpl
2008-11-08 11:07 . 2008-11-08 16:27 45,963 --a------ C:\WINDOWS\php.ini
2008-11-08 11:07 . 2008-11-08 14:29 502 --a------ C:\WINDOWS\my.ini
2008-11-08 11:06 . 2008-11-08 11:06 <DIR> d-------- C:\Program Files\WWW
2008-11-08 00:36 . 2008-11-08 00:36 <DIR> d-------- C:\Program Files\Macromedia
2008-11-08 00:33 . 2008-11-08 00:33 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-11-08 00:33 . 2008-11-08 00:33 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-11-06 20:02 . 2008-11-06 20:02 <DIR> d-------- C:\Program Files\Gry
2008-11-06 17:45 . 2008-11-06 17:45 <DIR> d-------- C:\Documents and Settings\Manieq\Dane aplikacji\teamspeak2
2008-11-06 15:55 . 2008-11-06 15:55 <DIR> d-------- C:\Program Files\TightVNC
2008-11-05 21:56 . 2008-11-05 21:56 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-11-05 18:01 . 2008-11-05 18:05 81,920 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-11-05 18:01 . 2008-11-05 18:01 81,920 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-11-05 16:46 . 1998-10-07 13:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2008-11-04 15:57 . 2008-11-04 15:57 <DIR> d-------- C:\Program Files\Dźwięki
2008-11-03 07:31 . 2008-11-03 07:44 1,674 --a------ C:\explo.pl
2008-11-03 07:26 . 2008-11-06 17:27 <DIR> d-------- C:\Documents and Settings\Manieq\Dane aplikacji\Skype
2008-11-03 07:25 . 2008-11-03 07:31 <DIR> d-------- C:\Perl
2008-11-02 18:06 . 2008-11-04 20:03 <DIR> d-------- C:\Documents and Settings\Manieq\Dane aplikacji\XnView
2008-11-02 15:53 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-11-01 14:28 . 2008-11-10 21:51 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-11-01 12:56 . 2008-11-01 13:16 <DIR> d-------- C:\Program Files\Porządkujące
2008-11-01 11:55 . 2008-11-11 13:03 <DIR> d-------- C:\Documents and Settings\Manieq\Dane aplikacji\Desktop Sidebar
2008-11-01 11:40 . 2008-11-01 11:42 <DIR> d-------- C:\Documents and Settings\Manieq\Pasek Boczny
2008-11-01 11:07 . 2005-09-14 20:17 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-11-01 10:55 . 2008-11-01 10:55 <DIR> d-------- C:\Documents and Settings\Manieq\Dane aplikacji\WinAmp Control
2008-11-01 10:26 . 2008-11-08 16:57 <DIR> d-------- C:\Program Files\Google
2008-11-01 10:22 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-11-01 10:22 . 2008-11-01 10:22 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-11-01 10:03 . 2008-11-01 10:02 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-11-01 10:03 . 2008-11-01 10:02 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-11-01 00:09 . 2008-11-08 12:07 <DIR> d-------- C:\Program Files\SAM
2008-10-31 23:53 . 2008-11-08 15:46 <DIR> d-------- C:\Documents and Settings\Manieq\Dane aplikacji\MySQL
2008-10-31 23:44 . 2008-10-31 23:52 <DIR> d-------- C:\Program Files\MySQL
2008-10-31 23:20 . 2008-10-31 23:20 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-31 22:52 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-10-31 22:50 . 2008-10-31 22:50 <DIR> d-------- C:\Program Files\Microsoft Works
2008-10-31 22:49 . 2008-10-31 22:49 <DIR> d-------- C:\Program Files\MSBuild
2008-10-31 22:44 . 2008-10-31 22:49 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-10-31 22:43 . 2008-10-31 22:43 <DIR> dr-h----- C:\MSOCache
2008-10-31 22:43 . 2008-11-03 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-10-31 22:38 . 2008-10-31 22:38 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-10-31 22:38 . 2008-10-31 22:57 <DIR> d-------- C:\Program Files\ObjectDock
2008-10-31 22:38 . 2008-11-01 10:24 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-10-31 22:38 . 2008-10-31 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-10-31 22:36 . 2008-10-31 22:37 <DIR> d-------- C:\Program Files\Nero
2008-10-31 22:36 . 2008-10-31 22:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-10-31 22:36 . 2008-10-31 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-10-31 22:36 . 2004-07-26 16:16 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll
2008-10-31 22:36 . 2003-03-19 06:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-10-31 22:36 . 2003-03-18 20:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-10-31 22:36 . 2003-03-18 22:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-10-31 22:36 . 2004-07-26 16:16 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-10-31 22:36 . 2004-07-26 16:16 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-10-31 22:36 . 2004-07-09 08:43 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-10-31 22:36 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-10-31 22:36 . 2004-07-26 16:16 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-10-31 22:31 . 2008-10-31 23:19 <DIR> d-------- C:\Program Files\Przeglądarki
2008-10-31 22:28 . 2008-11-01 11:56 <DIR> d-------- C:\Program Files\Kodeki
2008-10-31 22:26 . 2008-10-31 22:26 <DIR> d-------- C:\Documents and Settings\Manieq\Dane aplikacji\Gadu-Gadu
2008-10-31 22:26 . 2008-10-31 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-10-31 22:25 . 2008-11-06 17:44 <DIR> d-------- C:\Program Files\Komunikatory
2008-10-31 22:25 . 2008-11-03 00:12 <DIR> d-------- C:\Documents and Settings\Manieq\Gadu-Gadu
2008-10-31 22:18 . 2008-11-08 00:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-10-31 22:18 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-10-31 22:18 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-10-31 22:07 . 2008-10-31 22:43 <DIR> d-------- C:\Program Files\Biuro
2008-10-31 22:04 . 2008-10-31 22:04 <DIR> d-------- C:\Program Files\Bonjour
2008-10-31 22:04 . 2008-04-14 22:51 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-10-31 22:03 . 2008-04-14 22:35 58,880 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-10-31 22:03 . 2008-04-14 01:06 14,208 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-10-31 22:03 . 2008-04-14 01:06 13,952 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2008-10-31 22:03 . 2008-04-14 01:06 10,240 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-10-31 22:02 . 2008-04-14 23:50 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-10-31 22:02 . 2008-04-14 01:06 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-10-31 22:00 . 2008-11-11 13:00 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-10-31 22:00 . 2008-10-31 22:00 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-10-31 22:00 . 2008-10-31 22:00 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-10-31 22:00 . 2008-10-31 21:11 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2008-10-31 22:00 . 2008-10-31 22:00 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2008-10-31 22:00 . 2008-10-31 22:00 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2008-10-31 22:00 . 2008-10-31 22:00 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2008-10-31 22:00 . 2008-10-31 22:00 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2008-10-31 22:00 . 2008-10-31 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2008-10-31 22:00 . 2008-10-31 22:00 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2008-10-31 22:00 . 2008-11-08 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2008-10-31 22:00 . 2008-11-08 09:58 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2008-10-31 22:00 . 2008-10-31 22:05 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-10-31 22:00 . 2008-11-11 10:24 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 10:55 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-11-11 09:21 --------- d-----w C:\Program Files\Bezpieczeństwo
2008-11-09 13:53 --------- d-----w C:\Program Files\Dźwięk
2008-11-08 11:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-11-07 23:33 --------- d-----w C:\Program Files\Użytkowe
2008-11-07 23:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-11-04 18:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-01 11:51 --------- d-----w C:\Program Files\Grafika
2008-11-01 09:23 1,015,296 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-10-31 21:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-31 20:58 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-10-31 20:54 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-10-31 20:43 --------- d-----w C:\Documents and Settings\Manieq\Dane aplikacji\URSoft
2008-10-31 20:35 --------- d-----w C:\Program Files\Synaptics
2008-10-31 20:35 --------- d-----w C:\Program Files\Intel
2008-10-31 20:30 --------- d-----w C:\Program Files\Realtek
2008-10-31 20:25 --------- d-----w C:\Program Files\Firebird
2008-10-31 20:14 --------- d-----w C:\Program Files\Usługi online
.
------- Sigcheck -------
2008-05-02 07:48 361344 8e036eec565910417ea020ce0962aa24 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Komunikatory\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 21:51 15360]
"SIDEBAR"="C:\Program Files\Użytkowe\Desktop Sidebar\dsidebar.exe" [2006-07-09 21:58 1777664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 12:07 761946]
"Advanced WindowsCare V2 Pro"="C:\Program Files\Porządkujące\Advanced WindowsCare V2 Pro\Awc.exe" [2006-11-21 20:19 2507776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 19:20 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 21:51 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-03-01 15:02 124928 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Biuro\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Biuro\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Biuro\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Komunikatory\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 17:29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 17:06 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09186593-af2b-11dd-ab8a-0016d4c9b294}]
\Shell\AutoRun\command - H:\whi.com
\Shell\explore\Command - H:\whi.com
\Shell\open\Command - H:\whi.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576f9d19-af68-11dd-ab8d-0016d4c9b294}]
\Shell\AutoRun\command - H:\whi.com
\Shell\explore\Command - H:\whi.com
\Shell\open\Command - H:\whi.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a648be-a8f8-11dd-ab5e-0016d4c9b294}]
\Shell\AutoRun\command - H:\setup.exe
.
Zawartość folderu 'Zaplanowane zadania'
2008-11-10 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job
- C:\Program Files\Porz []
2008-11-10 C:\WINDOWS\Tasks\AwcProUpdate.job
- C:\Program Files\Porz []
2008-11-10 C:\WINDOWS\Tasks\AwcProUpdate.job
- C:\Program Files\Porz []
.
- - - - USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-kamsoft - C:\WINDOWS\system32\kamsoft.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Manieq\Dane aplikacji\Mozilla\Firefox\Profiles\02ng3lol.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.allegro.pl
FF -: plugin - C:\PROGRA~1\PRZEGL~1\MOZILL~1\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Biuro\Reader\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Kodeki\Real Alternative\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Kodeki\Real Alternative\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\PrzeglÄ…darki\Opera\program\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\PrzeglÄ…darki\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\PrzeglÄ…darki\Opera\program\plugins\NPSWF32.dll
FF -: plugin - C:\Program Files\PrzeglÄ…darki\Opera\program\plugins\npwmsdrm.dll
FF -: plugin - C:\Program Files\UĹĽytkowe\Java\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\UĹĽytkowe\Java\bin\new_plugin\npjp2.dll
.
MSConfigStartUp-kamsoft - C:\WINDOWS\system32\kamsoft.exe Ten plik był zainfekowany wirusem, Kasperski go skasował
