wklejto.pl

Dodane przez: ~Anonim (2009-05-24 13:35) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
ComboFix 09-05-23.04 - Oskar 2009-05-24 13:06.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.3071.2538 [GMT 2:00]
Uruchomiony z: c:\\documents and settings\\Oskar\\Pulpit\\ComboFix.exe
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
 
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
 
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\\autorun.inf
c:\\documents and settings\\Oskar\\Dane aplikacji\\inst.exe
C:\\explore.exe
c:\\program files\\myglobalsearch
c:\\program files\\myglobalsearch\\bar\\History\\search
c:\\recycler\\S-1-5-21-1482476501-1644491937-682003330-1013
c:\\recycler\\S-1-5-21-1482476501-1644491937-682003330-1013\\Desktop.ini
c:\\windous\\system\\mmtaskclean.log
c:\\windous\\system\\svchost.exe
c:\\windous\\system\\win32in.dll
c:\\windous\\system\\win32out.dll
c:\\windous\\system\\wupdmgr.exe
c:\\windous\\system32\\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D}
c:\\windous\\system32\\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D}\\winlogon.dll
c:\\windous\\system32\\settings.dll
D:\\Autorun.inf
D:\\explore.exe
 
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\\Legacy_CREATEPROCESS
-------\\Service_CreateProcess
 
 
(((((((((((((((((((((((((   Pliki utworzone od 2009-04-24 do 2009-05-24  )))))))))))))))))))))))))))))))
.
 
2009-05-24 11:02 . 2009-05-24 11:02     --------        d-----w c:\\program files\\Trend Micro
2009-05-23 23:25 . 2009-05-23 23:25     --------        d-----w c:\\program files\\iPod
2009-05-23 23:25 . 2009-05-23 23:25     --------        d-----w c:\\program files\\iTunes
2009-05-23 23:25 . 2009-05-23 23:25     --------        d-----w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-21 13:55 . 2009-05-21 14:05     --------        d--h--w c:\\windous\\Icons
2009-05-21 13:45 . 2009-05-21 13:45     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\TuneUp Software
2009-05-21 13:45 . 2007-05-16 06:41     29704   ----a-w c:\\windous\\system32\\uxtuneup.dll
2009-05-21 13:45 . 2009-05-21 13:45     --------        d-----w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\TuneUp Software
2009-05-21 13:45 . 2009-05-21 13:46     --------        d-----w c:\\program files\\TuneUp Utilities 2007
2009-05-21 12:29 . 2009-05-21 12:29     --------        d-----w c:\\program files\\Guitar Pro 5
2009-05-15 13:12 . 2009-05-15 13:12     --------        d-----w c:\\documents and settings\\Oskar\\Ustawienia lokalne\\Dane aplikacji\\PunkBuster
2009-05-15 12:40 . 2009-05-23 22:13     138920  ----a-w c:\\windous\\system32\\drivers\\PnkBstrK.sys
2009-05-15 12:40 . 2009-05-15 12:40     22328   ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\PnkBstrK.sys
2009-05-15 12:39 . 2009-05-23 22:13     189072  ----a-w c:\\windous\\system32\\PnkBstrB.exe
2009-05-15 12:39 . 2009-05-15 13:12     75064   ----a-w c:\\windous\\system32\\PnkBstrA.exe
2009-05-15 12:23 . 2009-05-15 12:23     --------        d-sh--w c:\\windous\\ftpcache
2009-05-14 20:28 . 2009-05-14 20:28     --------        d-----w c:\\program files\\OpenSource DTSAC3DD+ Source Filter
2009-05-14 20:28 . 2009-05-14 20:28     --------        d-----w c:\\program files\\MONOGRAM AMR SplitterDecoder
2009-05-14 20:28 . 2009-05-14 20:28     --------        d-----w c:\\program files\\CD Audio Reader Filter
2009-05-14 20:28 . 2009-05-14 20:28     --------        d-----w c:\\program files\\DScaler5
2009-05-14 20:28 . 2009-05-14 20:28     --------        d-----w c:\\program files\\OpenSource Flash Video Splitter
2009-05-14 20:28 . 2009-05-14 20:28     --------        d-----w c:\\program files\\RealMedia
2009-05-14 20:27 . 2009-05-14 20:27     --------        d-----w c:\\program files\\Haali
2009-05-14 20:27 . 2009-05-14 20:27     --------        d-----w c:\\program files\\DSP-worx
2009-05-14 20:27 . 2008-12-17 17:22     57344   ----a-w c:\\windous\\system32\\ff_vfw.dll
2009-05-14 20:27 . 2008-12-11 11:26     60273   ----a-w c:\\windous\\system32\\pthreadGC2.dll
2009-05-14 20:27 . 2009-05-14 20:27     --------        d-----w c:\\program files\\ffdshow
2009-05-14 20:27 . 2009-05-14 20:27     --------        d-----w c:\\program files\\LD-Anime
2009-05-14 20:27 . 2009-05-14 20:27     --------        d-----w c:\\program files\\DirectVobSub
2009-05-14 20:26 . 2009-05-14 20:26     --------        d-----w c:\\program files\\Zoom Player
2009-05-14 20:26 . 2009-05-14 20:26     --------        d-----w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\Zoom Player
2009-05-13 15:10 . 2009-05-13 15:10     --------        d--h--w c:\\windous\\PIF
2009-05-13 15:10 . 2009-05-13 15:10     --------        d-----w c:\\program files\\Wormhole 2.0
2009-05-13 15:10 . 2009-05-13 15:10     --------        d-----w c:\\program files\\Liero
2009-05-10 10:03 . 2009-05-15 16:03     --------        d-----w c:\\program files\\Common Files\\Symantec Shared
2009-05-10 10:03 . 2009-05-20 16:00     --------        d-----w c:\\program files\\Norton Security Scan
2009-05-09 20:27 . 2009-05-09 20:27     --------        d-----w c:\\windous\\system32\\Adobe
2009-05-09 20:14 . 2009-05-09 20:14     --------        d-----w c:\\documents and settings\\Oskar\\Ustawienia lokalne\\Dane aplikacji\\ChemTable Software
2009-05-09 20:14 . 2009-05-09 20:14     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\ChemTable Software
2009-05-09 20:13 . 2009-05-09 20:13     --------        d-----w c:\\program files\\Reg Organizer
2009-05-08 22:36 . 2009-05-08 22:40     --------        d-----w c:\\program files\\ElastoMania111
2009-05-08 20:41 . 2009-05-08 20:41     --------        d-----w c:\\program files\\Marble Arena
2009-05-08 16:27 . 2009-05-08 16:27     --------        d-----w c:\\program files\\Sun
2009-05-08 13:54 . 2009-05-24 10:28     --------        d-----w c:\\documents and settings\\Oskar\\Ustawienia lokalne\\Dane aplikacji\\TSVNCache
2009-05-08 13:53 . 2009-05-19 14:24     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\TortoiseSVN
2009-05-08 13:49 . 2009-05-08 13:49     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\Subversion
2009-05-08 13:48 . 2009-05-08 13:48     --------        d-----w c:\\program files\\TortoiseSVN
2009-05-08 13:48 . 2009-05-08 13:48     --------        d-----w c:\\program files\\Common Files\\TortoiseOverlays
2009-05-07 16:42 . 2009-05-07 16:42     --------        d-----w c:\\documents and settings\\Oskar\\Ustawienia lokalne\\Dane aplikacji\\GHISLER
2009-05-07 16:39 . 2009-05-07 16:39     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\GHISLER
2009-05-07 16:39 . 2009-04-30 05:50     545     ----a-w c:\\windous\\UC.PIF
2009-05-07 16:39 . 2009-04-30 05:50     545     ----a-w c:\\windous\\RAR.PIF
2009-05-07 16:39 . 2009-04-30 05:50     545     ----a-w c:\\windous\\PKZIP.PIF
2009-05-07 16:39 . 2009-04-30 05:50     545     ----a-w c:\\windous\\PKUNZIP.PIF
2009-05-07 16:39 . 2009-04-30 05:50     545     ----a-w c:\\windous\\NOCLOSE.PIF
2009-05-07 16:39 . 2009-04-30 05:50     545     ----a-w c:\\windous\\LHA.PIF
2009-05-07 16:39 . 2009-04-30 05:50     545     ----a-w c:\\windous\\ARJ.PIF
2009-05-04 21:14 . 2009-05-04 21:17     --------        d-----w C:\\Fast And Furious
2009-05-04 19:46 . 2009-05-05 19:46     --------        d-----w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\Vso
2009-05-04 19:44 . 2009-05-04 19:44     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\Vso
2009-05-04 19:44 . 2009-05-04 19:44     47360   ----a-w c:\\windous\\system32\\drivers\\pcouffin.sys
2009-05-04 19:44 . 2009-05-04 19:44     47360   ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\pcouffin.sys
2009-05-04 19:44 . 2009-05-04 19:44     --------        d-----w c:\\program files\\VSO
2009-05-04 17:59 . 2009-05-04 17:59     --------        d-----w C:\\Adrenalina 2
2009-05-02 13:09 . 2009-05-03 12:14     --------        d-----w C:\\Bond
2009-04-30 19:37 . 2009-05-03 18:11     --------        d-----w C:\\Punisher Warzone
2009-04-30 17:02 . 2009-05-02 12:16     --------        d-----w c:\\program files\\Peer2Mail
2009-04-29 21:19 . 2009-04-29 21:19     41808   ----a-w c:\\windous\\system32\\xfcodec.dll
2009-04-28 19:27 . 2009-04-28 19:27     97      ----a-w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\Last.fm\\Client\\uninst2.bat
2009-04-28 19:27 . 2009-04-28 19:27     --------        d-----w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\Last.fm
2009-04-28 19:27 . 2009-04-28 19:27     683801  ----a-w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\Last.fm\\Client\\UninstWA\\unins000.exe
2009-04-28 19:27 . 2009-05-10 16:02     --------        d-----w c:\\documents and settings\\Oskar\\Ustawienia lokalne\\Dane aplikacji\\Last.fm
2009-04-28 19:27 . 2009-04-28 19:27     --------        d-----w c:\\program files\\Last.fm
2009-04-28 09:47 . 2009-04-28 09:47     499712  ----a-w c:\\windous\\system32\\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47     348160  ----a-w c:\\windous\\system32\\msvcr71.dll
2009-04-27 18:21 . 2009-05-02 17:15     --------        d-----w c:\\program files\\QuickTime
2009-04-24 21:21 . 2009-04-24 21:21     --------        d-----w c:\\documents and settings\\Oskar\\.jagex_cache_32
2009-04-24 19:59 . 2009-05-09 17:55     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\teamspeak2
2009-04-24 11:43 . 2009-05-23 11:46     --------        d-----w C:\\.jagex_cache_32
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 11:09 . 2009-04-18 08:28     --------        d-----w c:\\program files\\cFosSpeed
2009-05-24 11:09 . 2009-02-01 20:52     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\Xfire
2009-05-24 11:08 . 2009-02-02 20:16     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\mIRC
2009-05-24 10:29 . 2009-02-02 20:16     --------        d-----w c:\\program files\\mIRC
2009-05-23 22:45 . 2009-02-02 22:05     34      ----a-w c:\\documents and settings\\Oskar\\jagex_runescape_preferences.dat
2009-05-22 12:10 . 2009-01-27 18:12     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\Tlen.pl
2009-05-21 16:15 . 2009-02-01 20:52     --------        d-----w c:\\program files\\Xfire
2009-05-21 14:10 . 2009-01-27 18:12     --------        d-----w c:\\program files\\Tlen.pl
2009-05-21 13:45 . 2009-01-26 19:06     --------        d-----w c:\\program files\\Common Files\\Wise Installation Wizard
2009-05-21 12:31 . 2009-01-29 19:12     67992   ----a-w c:\\documents and settings\\Oskar\\Ustawienia lokalne\\Dane aplikacji\\GDIPFONTCACHEV1.DAT
2009-05-15 13:04 . 2009-01-18 14:11     --------        d--h--w c:\\program files\\InstallShield Installation Information
2009-05-08 16:29 . 2009-02-02 19:32     --------        d-----w c:\\program files\\Java
2009-05-05 13:33 . 2009-03-05 21:01     --------        d-----w c:\\program files\\Burn4Free
2009-05-02 12:19 . 2009-02-05 14:53     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\Winamp
2009-04-28 19:36 . 2009-02-05 14:53     --------        d-----w c:\\program files\\Winamp
2009-04-28 13:51 . 2009-01-27 16:35     --------        d---a-w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\TEMP
2009-04-23 16:51 . 2009-01-28 15:18     --------        d-----w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\Microsoft Help
2009-04-23 16:46 . 2009-04-21 15:39     --------        d-----w c:\\program files\\Majesco Entertainment
2009-04-23 15:21 . 2006-03-02 12:00     80664   ----a-w c:\\windous\\system32\\perfc015.dat
2009-04-23 15:21 . 2006-03-02 12:00     461370  ----a-w c:\\windous\\system32\\perfh015.dat
2009-04-23 09:22 . 2009-01-26 11:46     --------        d-----w c:\\program files\\Opera
2009-04-21 14:38 . 2009-04-21 14:37     --------        d-----w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\Total Gameplay
2009-04-18 09:22 . 2009-01-28 15:00     --------        d-----w c:\\program files\\DAEMON Tools Toolbar
2009-04-18 09:20 . 2009-01-30 12:15     --------        d-----w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\SwiftSwitch
2009-04-18 09:00 . 2009-04-18 09:00     --------        d-----w c:\\program files\\VS Revo Group
2009-04-18 08:49 . 2009-04-18 08:49     --------        d-----w c:\\documents and settings\\Oskar\\Dane aplikacji\\Uniblue
2009-04-17 12:34 . 2009-04-17 12:34     --------        d-----w c:\\program files\\PC Inspector File Recovery
2009-04-15 18:21 . 2009-04-15 18:21     98304   ----a-w c:\\windous\\system32\\qttask.exe
2009-04-15 18:20 . 2009-01-20 18:13     --------        d-----w c:\\program files\\ACE Mega CoDecS Pack
2009-04-07 13:26 . 2009-02-09 19:25     --------        d-----w c:\\program files\\Common Files\\Adobe
2009-04-06 08:57 . 2009-04-06 08:57     57344   ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\Sun\\Java\\Deployment\\cache\\6.0\\50\\5b902232-37f83d48-n\\Decora-SSE.dll
2009-04-06 08:57 . 2009-04-06 08:57     24064   ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\Sun\\Java\\Deployment\\cache\\6.0\\15\\4e09eacf-7ba65e20-n\\Decora-D3D.dll
2009-04-06 08:57 . 2009-04-06 08:57     20480   ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\Sun\\Java\\Deployment\\cache\\6.0\\62\\6baea4fe-55574a5f-n\\jogl_awt.dll
2009-04-06 08:57 . 2009-04-06 08:57     114688  ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\Sun\\Java\\Deployment\\cache\\6.0\\62\\6baea4fe-55574a5f-n\\jogl_cg.dll
2009-04-06 08:57 . 2009-04-06 08:57     315392  ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\Sun\\Java\\Deployment\\cache\\6.0\\62\\6baea4fe-55574a5f-n\\jogl.dll
2009-04-06 08:57 . 2009-04-06 08:57     499712  ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\Sun\\Java\\Deployment\\cache\\6.0\\33\\258cea61-47015c7c-n\\msvcp71.dll
2009-04-06 08:57 . 2009-04-06 08:57     499712  ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\Sun\\Java\\Deployment\\cache\\6.0\\33\\258cea61-47015c7c-n\\jmc.dll
2009-04-06 08:57 . 2009-04-06 08:57     348160  ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\Sun\\Java\\Deployment\\cache\\6.0\\33\\258cea61-47015c7c-n\\msvcr71.dll
2009-04-06 08:57 . 2009-04-06 08:57     20480   ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\Sun\\Java\\Deployment\\cache\\6.0\\45\\4f710eed-461e3d50-n\\gluegen-rt.dll
2009-04-06 08:56 . 2009-04-06 08:56     152576  ----a-w c:\\documents and settings\\Oskar\\Dane aplikacji\\Sun\\Java\\jre1.6.0_13\\lzma.dll
2009-04-02 14:29 . 2009-04-02 14:29     75048   ----a-w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\Apple Computer\\Installer Cache\\iTunes 8.1.1.10\\SetupAdmin.exe
2009-03-26 17:21 . 2009-01-30 21:43     --------        d-----w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\TrackMania
2009-03-19 14:32 . 2009-03-19 14:32     23400   ----a-w c:\\documents and settings\\All Users.WINDOUS\\Dane aplikacji\\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\\x86\\x86\\GEARAspiWDM.sys
2009-03-19 14:32 . 2009-02-05 14:26     23400   ----a-w c:\\windous\\system32\\drivers\\GEARAspiWDM.sys
2009-03-09 03:19 . 2009-02-02 19:30     410984  ----a-w c:\\windous\\system32\\deploytk.dll
2009-03-06 14:22 . 2006-03-02 12:00     285696  ----a-w c:\\windous\\system32\\pdh.dll
2009-03-01 20:11 . 2009-03-01 20:11     10134   ----a-r c:\\documents and settings\\Oskar\\Dane aplikacji\\Microsoft\\Installer\\{3101CB58-3482-4D21-AF1A-7057FC935355}\\ARPPRODUCTICON.exe
.
 
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\1TortoiseNormal]
@=\"{C5994560-53D9-4125-87C9-F193FC689CB2}\"
[HKEY_CLASSES_ROOT\\CLSID\\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26        80384   ----a-w c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\2TortoiseModified]
@=\"{C5994561-53D9-4125-87C9-F193FC689CB2}\"
[HKEY_CLASSES_ROOT\\CLSID\\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26        80384   ----a-w c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\3TortoiseConflict]
@=\"{C5994562-53D9-4125-87C9-F193FC689CB2}\"
[HKEY_CLASSES_ROOT\\CLSID\\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26        80384   ----a-w c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\4TortoiseLocked]
@=\"{C5994563-53D9-4125-87C9-F193FC689CB2}\"
[HKEY_CLASSES_ROOT\\CLSID\\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26        80384   ----a-w c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\5TortoiseReadOnly]
@=\"{C5994564-53D9-4125-87C9-F193FC689CB2}\"
[HKEY_CLASSES_ROOT\\CLSID\\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26        80384   ----a-w c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\6TortoiseDeleted]
@=\"{C5994565-53D9-4125-87C9-F193FC689CB2}\"
[HKEY_CLASSES_ROOT\\CLSID\\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26        80384   ----a-w c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\7TortoiseAdded]
@=\"{C5994566-53D9-4125-87C9-F193FC689CB2}\"
[HKEY_CLASSES_ROOT\\CLSID\\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26        80384   ----a-w c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\8TortoiseIgnored]
@=\"{C5994567-53D9-4125-87C9-F193FC689CB2}\"
[HKEY_CLASSES_ROOT\\CLSID\\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26        80384   ----a-w c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\shelliconoverlayidentifiers\\9TortoiseUnversioned]
@=\"{C5994568-53D9-4125-87C9-F193FC689CB2}\"
[HKEY_CLASSES_ROOT\\CLSID\\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26        80384   ----a-w c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Komunikator\"=\"c:\\program files\\Tlen.pl\\tlen.exe\" [2009-01-17 5853672]
\"ctfmon.exe\"=\"c:\\windous\\system32\\ctfmon.exe\" [2008-04-14 15360]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SoundMAXPnP\"=\"c:\\program files\\Analog Devices\\Core\\smax4pnp.exe\" [2005-05-20 925696]
\"Launch LGDCore\"=\"c:\\program files\\Common Files\\Logitech\\G-series Software\\LGDCore.exe\" [2006-07-23 1126400]
\"amd_dc_opt\"=\"c:\\program files\\AMD\\Dual-Core Optimizer\\amd_dc_opt.exe\" [2008-07-22 77824]
\"BearShare\"=\"c:\\program files\\BearShare\\BearShare.exe\" [2006-08-01 3313664]
\"AppleSyncNotifier\"=\"c:\\program files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe\" [2009-03-05 177472]
\"iTunesHelper\"=\"c:\\program files\\iTunes\\iTunesHelper.exe\" [2009-04-02 342312]
\"High Definition Audio Property Page Shortcut\"=\"HDAShCut.exe\" - c:\\windous\\system32\\HdAShCut.exe [2004-10-27 61952]
\"Kernel and Hardware Abstraction Layer\"=\"KHALMNPR.EXE\" - c:\\windous\\KHALMNPR.Exe [2008-02-29 76304]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windous\\system32\\CTFMON.EXE\" [2008-04-14 15360]
 
c:\\documents and settings\\Oskar\\Menu Start\\Programy\\Autostart\\
Xfire.lnk - c:\\program files\\Xfire\\Xfire.exe [2009-4-29 3145552]
 
c:\\documents and settings\\All Users.WINDOUS\\Menu Start\\Programy\\Autostart\\
Logitech Desktop Messenger.lnk - c:\\program files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe [2009-1-20 67128]
Logitech SetPoint.lnk - c:\\program files\\Logitech\\SetPoint\\SetPoint.exe [2009-3-1 805392]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\LBTWlgn]
2008-05-02 01:42        72208   ----a-w c:\\program files\\Common Files\\Logitech\\Bluetooth\\LBTWLgn.dll
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\WdfLoadGroup]
@=\"\"
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^Oskar^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
backup=c:\\windous\\pss\\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup
HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BitTorrent DNA
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\services]
\"wuauserv\"=2 (0x2)
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusOverride\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"c:\\\\Program Files\\\\NVIDIA Corporation\\\\NetworkAccessManager\\\\Apache Group\\\\Apache2\\\\bin\\\\Apache.exe\"=
\"c:\\\\Program Files\\\\Tlen.pl\\\\tlen.exe\"=
\"c:\\\\Program Files\\\\Logitech\\\\Desktop Messenger\\\\8876480\\\\Program\\\\LogitechDesktopMessenger.exe\"=
\"c:\\\\Program Files\\\\TmNationsForever\\\\TmForever.exe\"=
\"c:\\\\Program Files\\\\Xfire\\\\Xfire.exe\"=
\"c:\\\\Program Files\\\\mIRC\\\\mirc.exe\"=
\"c:\\\\Program Files\\\\BearShare\\\\BearShare.exe\"=
\"c:\\\\Program Files\\\\Bonjour\\\\mDNSResponder.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"c:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\java.exe\"=
\"c:\\\\WINDOUS\\\\system32\\\\PnkBstrA.exe\"=
\"c:\\\\WINDOUS\\\\system32\\\\PnkBstrB.exe\"=
\"d:\\\\COD 4\\\\iw3mp.exe\"=
\"c:\\\\Program Files\\\\iTunes\\\\iTunes.exe\"=
 
R2 LBeepKE;LBeepKE;c:\\windous\\system32\\drivers\\LBeepKE.sys [2009-01-29 10640]
S3 HWACCESS;HWACCESS;c:\\windous\\system32\\HWACCESS.SYS [2009-01-27 3869]
 
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost  - NetSvcs
UxTuneUp
.
Zawartość folderu \'Zaplanowane zadania\'
 
2009-05-21 c:\\windous\\Tasks\\1-Click Maintenance.job
- c:\\program files\\TuneUp Utilities 2007\\SystemOptimizer.exe [2007-08-02 16:35]
 
2009-05-18 c:\\windous\\Tasks\\AppleSoftwareUpdate.job
- c:\\program files\\Apple Software Update\\SoftwareUpdate.exe [2008-07-30 11:34]
 
2009-05-20 c:\\windous\\Tasks\\Norton Security Scan for Oskar.job
- c:\\program files\\Norton Security Scan\\Nss.exe [2009-03-13 18:20]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
 
SafeBoot-procexp90.Sys
 
 
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\\program files\\Logitech\\Desktop Messenger\\8876480\\Program\\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\\documents and settings\\Oskar\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\85r6s3uj.default\\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - plugin: c:\\program files\\ACE Mega CoDecS Pack\\SystemS\\RealMedia\\Browser\\plugins\\nppl3260.dll
FF - plugin: c:\\program files\\ACE Mega CoDecS Pack\\SystemS\\RealMedia\\Browser\\plugins\\nprpjplug.dll
 
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 13:09
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
skanowanie ukrytych procesów ...  
 
skanowanie ukrytych wpisów autostartu ... 
 
skanowanie ukrytych plików ...  
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > \'winlogon.exe\'(936)
c:\\windous\\system32\\Ati2evxx.dll
c:\\program files\\common files\\logitech\\bluetooth\\LBTWlgn.dll
c:\\program files\\common files\\logitech\\bluetooth\\LBTServ.dll
 
- - - - - - - > \'explorer.exe\'(576)
c:\\program files\\Logitech\\SetPoint\\GameHook.dll
c:\\program files\\Logitech\\SetPoint\\lgscroll.dll
c:\\program files\\Common Files\\TortoiseOverlays\\TortoiseOverlays.dll
c:\\program files\\TortoiseSVN\\bin\\TortoiseStub.dll
c:\\program files\\TortoiseSVN\\bin\\TortoiseSVN.dll
c:\\program files\\TortoiseSVN\\bin\\intl3_tsvn.dll
c:\\windous\\system32\\WPDShServiceObj.dll
c:\\windous\\system32\\PortableDeviceTypes.dll
c:\\windous\\system32\\PortableDeviceApi.dll
c:\\program files\\Haali\\MatroskaSplitter\\mmfinfo.dll
c:\\program files\\Haali\\MatroskaSplitter\\mkunicode.dll
c:\\program files\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\\windous\\system32\\savedump.exe
c:\\windous\\system32\\ati2evxx.exe
c:\\windous\\system32\\ati2evxx.exe
c:\\program files\\TortoiseSVN\\bin\\TSVNCache.exe
c:\\program files\\Common Files\\Logishrd\\KHAL2\\KHALMNPR.exe
c:\\program files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
c:\\program files\\Bonjour\\mDNSResponder.exe
c:\\program files\\cFosSpeed\\spd.exe
c:\\progra~1\\NVIDIA~1\\NETWOR~1\\Apache Group\\Apache2\\bin\\Apache.exe
c:\\program files\\Java\\jre6\\bin\\jqs.exe
c:\\progra~1\\NVIDIA~1\\NETWOR~1\\bin\\nSvcIp.exe
c:\\progra~1\\NVIDIA~1\\NETWOR~1\\bin\\nSvcLog.exe
c:\\progra~1\\NVIDIA~1\\NETWOR~1\\Apache Group\\Apache2\\bin\\Apache.exe
c:\\windous\\system32\\PnkBstrA.exe
c:\\program files\\iPod\\bin\\iPodService.exe
c:\\windous\\system32\\wbem\\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-24 13:13 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-05-24 11:13
 
Przed: 18 502 012 928 bajtów wolnych
Po: 22 288 998 400 bajtów wolnych
 
336     --- E O F ---   2009-05-24 10:43
Wygenerowano w 0.173s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!