- Kod: Zaznacz wszystko
ComboFix 09-03-14.02 - user 2009-03-15 23:43:26.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.511.192 [GMT 1:00]
Uruchomiony z: c:\documents and settings\user\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-15 do 2009-03-15 )))))))))))))))))))))))))))))))
.
2009-03-10 19:12 . 2009-03-10 19:12 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Pinnacle
2009-03-10 16:07 . 2009-03-10 16:07 <DIR> d-------- c:\documents and settings\Gość\Dane aplikacji\OpenOffice.org
2009-03-02 16:29 . 2009-03-02 16:29 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\OpenOffice.org
2009-03-02 16:26 . 2009-03-02 16:26 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-02-28 22:40 . 2009-02-28 22:40 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 22:01 . 2009-02-28 22:01 697 ---hs---- C:\comment.htt
2009-02-28 10:18 . 2009-02-28 10:18 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-02-26 17:19 . 2009-02-26 17:19 <DIR> d-------- c:\documents and settings\Gość\Dane aplikacji\GanymedeNet
2009-02-25 18:42 . 2009-02-25 18:46 <DIR> d-------- c:\program files\Unlocker
2009-02-25 18:42 . 2009-02-25 18:42 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\Desktopicon
2009-02-20 15:38 . 2009-03-10 15:04 <DIR> d-------- c:\documents and settings\Gość\Dane aplikacji\Nowe Gadu-Gadu
2009-02-17 14:30 . 2009-02-18 09:26 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\Nowe Gadu-Gadu
2009-02-17 14:29 . 2009-02-17 14:30 <DIR> d-------- c:\program files\Nowe Gadu-Gadu
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2026-10-18 13:05 65,024 ----a-w C:\WINFILE.EXE
2026-10-18 13:05 65,024 ----a-w c:\documents and settings\Gość\KodWINFILE.EXE
2026-10-18 13:05 65,024 ----a-w c:\documents and settings\Gość\KodWINFILE.EXE
2026-10-18 13:05 65,024 ----a-w c:\documents and settings\Gość\Ja1WINFILE.EXE
2026-10-18 13:05 65,024 ----a-w c:\documents and settings\Gość\Ja1WINFILE.EXE
2009-03-15 22:46 --------- d-----w c:\documents and settings\user\Dane aplikacji\Skype
2009-03-15 21:56 --------- d-----w c:\program files\FinePixViewer
2009-03-15 16:35 --------- d-----w c:\documents and settings\user\Dane aplikacji\skypePM
2009-03-14 18:33 --------- d-----w c:\documents and settings\user\Dane aplikacji\GanymedeNet
2009-03-10 10:31 --------- d-----w c:\program files\Ganymede
2009-03-02 15:25 --------- d-----w c:\program files\OpenOffice.org 2.3
2009-03-02 15:25 --------- d-----w c:\documents and settings\user\Dane aplikacji\OpenOffice.org2
2009-02-28 23:52 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-28 19:43 --------- d-----w c:\documents and settings\Gość\Dane aplikacji\OpenOffice.org2
2009-02-27 09:11 --------- d-----w c:\documents and settings\user\Dane aplikacji\Image Zone Express
2009-02-09 14:07 1,847,040 ----a-w c:\windows\system32\win32k.sys
2009-01-31 15:44 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-31 15:44 --------- d-----w c:\program files\Java
2009-01-31 09:37 --------- d-----w c:\program files\JetAudio
2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2007-12-22 20:53 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2008-08-05 06:55 32,768 -csha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008080520080806\index.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-12 21686568]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-05 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-16 9302632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Spik"="c:\program files\Spik\Spik.exe" [2008-02-20 103912]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\user\Menu Start\Programy\Autostart\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-19 344064]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-11-20 303104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Spik\\Spik.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\kopia\\Wiolka\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/pl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files\Spik\url_wpmsg.dll
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\yhns4wi6.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=pl-pl&FORM=MICPPL&q=
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBOARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDARTS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDEMON.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMARBLES.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS70.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwpk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Spik\mozilla\npwpk.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 23:46:26
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,16,4e,03,25,9f,
58,fe,32,c8,28,51,af,b0,29,a3,98,e0,22,32,f5,6f,32,87,59,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,05,4a,8e,21,75,
a2,b0,a2,71,3b,04,66,8b,46,0d,96,1b,88,6b,cb,34,d1,ec,11,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,03,1d,f5,2c,97,
95,b5,99,25,da,ec,7e,55,20,c9,26,3a,e8,04,ed,da,da,7d,4a,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,8c,c1,17,97,c5,
64,1e,ba,3e,1e,9e,e0,57,5a,93,61,9e,b2,6e,91,fe,4e,1f,b5,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,0b,23,5f,27,22,
58,46,2b,cd,44,cd,b9,a6,33,6c,cd,01,f2,a7,cc,88,8c,de,6b,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,c7,d8,e8,fb,43,
60,90,ef,b0,18,ed,a7,3f,8d,37,a4,a1,49,88,28,01,40,17,34,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,52,c7,d5,cd,b4,
b0,d1,1e,31,77,e1,ba,b1,f8,68,02,1c,55,71,76,67,64,13,d2,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,61,04,89,a6,eb,
e8,f0,d0,83,6c,56,8b,a0,85,96,ab,53,55,42,79,85,c4,1e,8d,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,13,36,d3,c5,a0,
df,af,0d,51,fa,6e,91,28,9e,14,cc,e7,8b,85,db,ec,d6,dd,da,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,74,22,2c,98,98,
96,b0,34,b1,cd,45,5a,a8,c4,f8,b9,6d,bb,da,d5,59,78,f5,ff,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ae,ae,6d,09,5d,
f2,b8,6d,e3,0e,66,d5,eb,bc,2f,6b,fc,d2,61,55,e7,b4,93,60,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d1,4a,23,1c,05,
f7,e2,03,fa,ea,66,7f,d4,3b,6b,70,0c,21,b4,4e,20,f0,65,fd,6c,43,2d,1e,aa,22,\
.
Czas ukończenia: 2009-03-15 23:49:13
ComboFix-quarantined-files.txt 2009-03-15 22:48:11
Przed: 11,905,441,792 bajtów wolnych
Po: 11,891,953,664 bajtów wolnych
200 --- E O F --- 2009-03-11 22:07:55
dziękuję
oraz skasuj folder C:\