przez barto0o 08 Gru 2010, 18:58
- Kod: Zaznacz wszystko
ComboFix 10-12-07.04 - Admin 2010-12-08 17:34:52.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2038.1520 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\hevwx.dll
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_fzozli
-------\Service_fzozli
((((((((((((((((((((((((( Pliki utworzone od 2010-11-08 do 2010-12-08 )))))))))))))))))))))))))))))))
.
2010-11-18 08:59 . 2010-11-18 08:59 -------- d-----w- c:\windows\Sun
2010-11-18 08:58 . 2010-11-18 08:58 -------- d-----w- c:\program files\Common Files\Java
2010-11-18 08:57 . 2010-09-15 03:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 17:00 . 2010-11-12 17:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-11-12 08:54 . 2010-11-12 08:54 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Mozilla
2010-11-10 17:12 . 2010-11-10 17:12 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-11-10 17:05 . 2010-11-10 17:05 -------- d-----w- c:\windows\ie8updates
2010-11-10 17:02 . 2010-11-10 17:02 -------- d-----w- c:\program files\MSXML 4.0
2010-11-10 16:47 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-10 16:42 . 2010-09-10 05:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-10 16:42 . 2010-09-10 05:52 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-10 16:42 . 2010-09-10 05:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-10 16:42 . 2010-09-10 05:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-10 16:42 . 2010-09-10 05:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-10 16:42 . 2010-09-10 05:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-10 16:42 . 2010-09-10 05:52 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-10 16:38 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-11-10 15:14 . 2010-11-10 15:14 -------- d-----w- c:\program files\Neostrada tp
2010-11-10 15:14 . 2009-07-09 14:43 389120 ----a-w- c:\windows\system32\actskn43.ocx
2010-11-10 15:05 . 2010-11-10 15:05 -------- d-----w- C:\ZTE usb driver
2010-11-10 15:05 . 2010-11-10 15:05 -------- d-----w- c:\program files\ADSL Router
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2009-10-06 08:58 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-10-06 08:58 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-10-06 08:58 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-10-06 08:58 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 01:29 . 2010-01-14 08:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:52 . 2009-10-06 08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2009-10-06 08:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2009-10-06 08:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 17421824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2009-11-11 15:18 870400 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 09:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 16:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9349:TCP"= 9349:TCP:tkejyjq
R2 MSSQL$INSERTGT;SQL Server (INSERTGT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 fzozli;Task Boot;c:\windows\system32\svchost.exe -k netsvcs [2009-10-06 14336]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys --> c:\windows\system32\drivers\ewfiltertdidriver.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fzozli
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B81F9F04-7D5B-461E-AD82-372948DA183F} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\c5q3qzl5.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\c5q3qzl5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
**************************************************************************
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fzozli]
"ServiceDll"="c:\windows\system32\hevwx.dll"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2010-12-08 17:45:23 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-12-08 16:45
Przed: 137 291 190 272 bajtów wolnych
Po: 137 336 455 168 bajtów wolnych
- - End Of File - - FCB4018AA1F447C64C4C7DD227BC34A5
