Kod: 49497 WKLEJTO.PL Darmowa wklejka, na zawsze!

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119. 120. 121. 122. 123. 124. 125. 126. 127. 128. 129. 130. 131. 132. 133. 134. 135. 136. 137. 138. 139. 140. 141. 142. 143. 144. 145. 146. 147. 148. 149. 150. 151. 152. 153. 154. 155. 156. 157. 158. 159. 160. 161. 162. 163. 164. 165. 166. 167. 168. 169. 170. 171. 172. 173. 174. 175. 176. 177. 178. 179. 180. 181. 182. 183. 184. 185. 186. 187. 188. 189. 190. 191. 192. 193. 194. 195. 196. 197. 198. 199. 200. 201. 202. 203. 204. 205. 206. 207. 208. 209. 210. 211. 212. 213. 214. 215. 216. 217. 218. 219. 220. 221. 222. 223. 224. 225. 226. 227. 228. 229. 230. 231. 232. 233. 234. 235. 236. 237. 238. 239. 240. 241. 242. 243. 244. 245. 246. 247. 248. 249. 250. 251. 252. 253. 254. 255. 256. 257. 258. 259. 260. 261. 262. 263. 264. 265. 266. 267. 268. 269. 270. 271. 272. 273. 274. 275. 276. 277. 278. 279. 280. 281. 282. 283. 284. 285. 286. 287. 288. 289. 290. 291. 292. 293. 294. 295. 296. 297. 298. 299. 300. 301. 302. 303. 304. 305. 306. 307. 308. 309. 310. 311. 312. 313. 314. 315. 316. 317. 318. 319. 320. 321. 322. 323. 324. 325. 326. 327. 328. 329. 330.

ComboFix 09-12-06.A3 - User 2009-12-07 21:01.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2037.1502 [GMT 1:00] Uruchomiony z: c:\\documents and settings\\User\\Moje dokumenty\\Downloads\\Programs\\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\\LOG.TXT Zainfekowana kopia c:\\windows\\system32\\DRIVERS\\atapi.sys została znaleziona. Problem naprawiono Plik odzyskano z - c:\\system volume information\\_restore{C52D6CA9-0A1A-41BE-ADEB-86DA458B5BCF}\\RP166\\A0136485.sys . ((((((((((((((((((((((((( Pliki utworzone od 2009-11-07 do 2009-12-07 ))))))))))))))))))))))))))))))) . 2009-12-07 16:10 . 2009-12-07 16:10 -------- d-----w- C:\\_OTL 2009-12-07 12:29 . 2009-12-07 12:29 -------- d-----w- c:\\program files\\SkanerOnline 2009-12-07 10:47 . 2009-12-07 10:49 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\HPAppData 2009-12-07 09:51 . 2009-12-07 09:51 152576 ----a-w- c:\\documents and settings\\User\\Dane aplikacji\\Sun\\Java\\jre1.6.0_17\\lzma.dll 2009-12-07 09:51 . 2009-12-07 09:51 79488 ----a-w- c:\\documents and settings\\User\\Dane aplikacji\\Sun\\Java\\jre1.6.0_17\\gtapi.dll 2009-12-06 20:37 . 2009-12-07 12:36 -------- d-----w- C:\\backups 2009-12-06 20:33 . 2009-12-06 20:33 396288 ----a-w- C:\\HijackThis.exe 2009-12-04 22:01 . 2009-12-04 22:01 198064 ----a-w- c:\\documents and settings\\User\\Dane aplikacji\\IDM\\idmmzcc3\\components\\idmmzcc.dll 2009-12-04 21:52 . 2009-12-06 20:45 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\IDM 2009-12-04 21:52 . 2009-12-04 22:09 -------- d-----w- c:\\program files\\Internet Download Manager 2009-12-04 21:49 . 2009-12-04 21:49 80400 ----a-w- c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\rollback\\patch\\AutoPatches\\kav9exec\\9.0.0.736\\fssync.dll 2009-12-04 21:49 . 2009-12-04 21:49 315408 ----a-w- c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\rollback\\patch\\AutoPatches\\kav9exec\\9.0.0.736\\sys\\i386\\5.1\\klif.sys 2009-12-04 21:49 . 2009-12-04 21:49 109072 ----a-w- c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\rollback\\patch\\AutoPatches\\kav9exec\\9.0.0.736\\mzvkbd3.dll 2009-12-04 21:49 . 2009-12-04 21:49 109072 ----a-w- c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\temporaryFolder\\AutoPatches\\kav9exec\\9.0.0.736\\mzvkbd3.dll 2009-12-04 21:49 . 2009-12-04 21:49 80400 ----a-w- c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\temporaryFolder\\AutoPatches\\kav9exec\\9.0.0.736\\fssync.dll 2009-12-04 21:49 . 2009-12-04 21:49 315408 ----a-w- c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab\\AVP9\\Data\\Updater\\Temporary Files\\temporaryFolder\\AutoPatches\\kav9exec\\9.0.0.736\\sys\\i386\\5.1\\klif.sys 2009-12-04 21:38 . 2009-12-04 21:38 95259 ----a-w- c:\\windows\\system32\\drivers\\klick.dat 2009-12-04 21:38 . 2009-12-04 21:38 108059 ----a-w- c:\\windows\\system32\\drivers\\klin.dat 2009-12-04 21:37 . 2009-12-07 17:41 -------- d-----w- c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab 2009-12-04 21:37 . 2009-12-04 21:37 -------- d-----w- c:\\program files\\Kaspersky Lab 2009-12-04 19:23 . 2009-12-04 19:23 -------- d-----w- c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files 2009-12-03 12:02 . 2009-06-30 08:37 28552 ----a-w- c:\\windows\\system32\\drivers\\pavboot.sys 2009-12-03 12:02 . 2009-12-03 12:02 -------- d-----w- c:\\program files\\Panda Security 2009-12-02 20:00 . 2009-12-03 18:12 -------- d-----w- c:\\program files\\Unlocker 2009-12-01 20:13 . 2009-12-01 20:14 1024 ----a-w- c:\\documents and settings\\All Users\\Dane aplikacji\\imgpdf2.dll 2009-12-01 20:12 . 2009-12-01 20:12 -------- d-----w- c:\\program files\\PDF-Convert 2009-12-01 20:12 . 2009-12-01 20:12 -------- d-----w- c:\\windows\\system32\\psconv 2009-12-01 20:12 . 2009-12-01 20:12 -------- d-----w- c:\\program files\\psconvert 2009-12-01 08:19 . 2009-12-01 08:19 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\Uniblue 2009-12-01 06:33 . 2009-12-01 06:33 -------- d-sh--w- c:\\windows\\system32\\config\\systemprofile\\IETldCache 2009-11-27 17:51 . 2009-11-27 17:51 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\URSoft 2009-11-22 21:54 . 2009-11-22 21:54 -------- d-----w- c:\\documents and settings\\User\\Ustawienia lokalne\\Dane aplikacji\\ChemTable Software 2009-11-22 21:53 . 2009-11-22 21:57 20576 ----a-w- c:\\windows\\system32\\RODefargBin.dat 2009-11-22 21:53 . 2009-11-22 21:53 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\ChemTable Software 2009-11-22 20:45 . 2009-11-22 20:45 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\Search Settings 2009-11-22 20:45 . 2009-11-22 20:45 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\Dealio 2009-11-22 20:42 . 2008-09-24 20:33 484352 ----a-w- c:\\windows\\system32\\lame_enc.dll 2009-11-22 10:26 . 2009-12-02 08:59 -------- d-----w- C:\\MP3 2009-11-17 11:47 . 2009-11-29 19:08 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\Any Video Converter 2009-11-17 11:47 . 2009-11-18 08:36 -------- d-----w- c:\\program files\\Any Video Converter 2009-11-17 11:34 . 2009-11-17 11:34 -------- d-----w- c:\\program files\\PhotoInstrument 2009-11-17 08:58 . 2009-12-02 08:53 -------- d-----w- C:\\videooutput 2009-11-16 20:10 . 2009-11-16 20:10 -------- d-----w- c:\\documents and settings\\User\\Ustawienia lokalne\\Dane aplikacji\\Ares 2009-11-13 13:34 . 2009-11-13 13:34 -------- d-----w- c:\\program files\\Common Files\\Skype 2009-11-11 17:19 . 2009-11-11 17:19 -------- d-----w- c:\\documents and settings\\All Users\\Dane aplikacji\\vsosdk 2009-11-08 11:56 . 2009-12-02 08:59 -------- d-----w- C:\\Most . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-07 20:16 . 2009-02-02 18:53 -------- d---a-w- c:\\documents and settings\\All Users\\Dane aplikacji\\TEMP 2009-12-07 20:15 . 2009-02-03 20:05 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\Skype 2009-12-07 20:15 . 2009-10-22 19:10 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\DMCache 2009-12-07 19:56 . 2008-04-15 12:00 148768 ----a-w- c:\\windows\\system32\\drivers\\atapi.sys 2009-12-07 17:42 . 2009-02-20 14:19 -------- d-----w- c:\\program files\\Kalendarz XP 2009-12-07 17:27 . 2009-12-07 17:00 148768 ----a-w- c:\\windows\\system32\\drivers\\OLD67.tmp 2009-12-07 17:27 . 2009-12-07 16:59 148768 ----a-w- c:\\windows\\system32\\drivers\\OLD58.tmp 2009-12-07 16:13 . 2009-02-03 20:07 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\skypePM 2009-12-07 09:57 . 2009-04-01 08:03 -------- d-----w- c:\\program files\\Spyware Doctor 2009-12-07 09:53 . 2009-02-03 20:21 -------- d-----w- c:\\program files\\Java 2009-12-07 09:35 . 2009-03-23 09:43 -------- d-----w- c:\\documents and settings\\All Users\\Dane aplikacji\\Google Updater 2009-12-06 21:08 . 2009-02-01 21:18 -------- d-----w- c:\\program files\\Common Files\\Adobe 2009-12-06 20:28 . 2009-03-05 13:28 -------- d-----w- c:\\program files\\English Translator 3 2009-12-06 11:54 . 2009-02-07 20:04 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\Nero 2009-12-04 19:35 . 2009-02-01 21:07 -------- d-----w- c:\\program files\\AVG 2009-12-04 19:34 . 2009-02-01 21:07 -------- d-----w- c:\\documents and settings\\All Users\\Dane aplikacji\\avg8 2009-12-04 14:02 . 2009-02-02 20:29 -------- d-----w- c:\\program files\\Recognita Plus 4.0 2009-12-02 12:03 . 2009-02-02 19:45 -------- d-----w- c:\\program files\\Odkurzacz 2009-12-01 07:46 . 2009-12-01 07:46 12 ----a-w- c:\\documents and settings\\LocalService\\Dane aplikacji\\fqpdsw.dat 2009-11-30 22:17 . 2009-11-30 22:17 12 ----a-w- c:\\windows\\system32\\config\\systemprofile\\Dane aplikacji\\fqpdsw.dat 2009-11-30 22:16 . 2009-11-30 22:16 4 ----a-w- c:\\documents and settings\\User\\Dane aplikacji\\avdrn.dat 2009-11-30 22:16 . 2008-04-15 12:00 14336 ------w- c:\\windows\\system32\\svchost.exe 2009-11-29 18:46 . 2009-09-10 16:34 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\HpUpdate 2009-11-27 20:09 . 2009-02-01 21:07 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\AVGTOOLBAR 2009-11-24 22:21 . 2009-02-15 20:14 -------- d-----w- c:\\program files\\Common Files\\ACD Systems 2009-11-22 21:21 . 2009-02-03 20:21 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\LimeWire 2009-11-22 20:43 . 2009-11-22 20:42 -------- d-----w- c:\\program files\\Free Audio Pack 2009-11-18 08:37 . 2009-02-22 19:44 -------- d-----w- c:\\documents and settings\\User\\Dane aplikacji\\Vso 2009-11-17 19:38 . 2009-02-02 21:20 77752 ----a-w- c:\\documents and settings\\User\\Ustawienia lokalne\\Dane aplikacji\\GDIPFONTCACHEV1.DAT 2009-11-16 13:48 . 2009-02-22 19:44 47360 ----a-w- c:\\documents and settings\\User\\Dane aplikacji\\pcouffin.sys 2009-11-16 13:48 . 2009-02-22 19:44 47360 ----a-w- c:\\documents and settings\\User\\Dane aplikacji\\pcouffin.sys 2009-11-13 13:34 . 2009-02-03 20:05 -------- d-----r- c:\\program files\\Skype 2009-11-13 13:34 . 2009-02-03 20:05 -------- d-----w- c:\\documents and settings\\All Users\\Dane aplikacji\\Skype 2009-11-08 12:42 . 2009-04-16 14:03 -------- d-----w- c:\\program files\\PWN 2009-11-05 12:28 . 2009-11-05 12:28 -------- d-----w- c:\\program files\\FLV Player 2009-11-02 15:02 . 2009-11-02 15:02 59976 ----a-w- c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2010 9.0.0.736\\Polish\\setup.exe 2009-10-25 07:40 . 2008-04-15 12:00 85136 ----a-w- c:\\windows\\system32\\perfc015.dat 2009-10-25 07:40 . 2008-04-15 12:00 493844 ----a-w- c:\\windows\\system32\\perfh015.dat 2009-10-20 18:34 . 2009-10-20 18:34 219664 ----a-w- c:\\windows\\system32\\klogon.dll 2009-10-14 19:18 . 2009-10-14 19:18 36880 ----a-w- c:\\windows\\system32\\drivers\\klbg.sys 2009-10-11 03:17 . 2009-02-03 20:21 411368 ----a-w- c:\\windows\\system32\\deploytk.dll 2009-10-02 17:39 . 2009-10-02 17:39 19472 ----a-w- c:\\windows\\system32\\drivers\\klmouflt.sys 2009-09-21 18:32 . 2009-03-30 17:51 3690 ----a-w- c:\\windows\\unins000.dat 2009-09-16 17:26 . 2009-09-16 17:26 45056 ----a-w- c:\\windows\\system32\\sstunst3.exe 2009-09-14 12:42 . 2009-09-14 12:42 32272 ----a-w- c:\\windows\\system32\\drivers\\klim5.sys 2009-09-11 14:19 . 2008-04-15 12:00 136192 ----a-w- c:\\windows\\system32\\msv1_0.dll 2009-09-09 18:23 . 2009-09-09 18:23 152576 ----a-w- c:\\documents and settings\\User\\Dane aplikacji\\Sun\\Java\\jre1.6.0_15\\lzma.dll 2009-09-09 17:01 . 2009-09-09 17:01 27675 ----a-w- c:\\windows\\system32\\drivers\\klopp.dat . ------- Sigcheck ------- [-] 2009-12-07 . D4A4C6D31E6D1F758F6C8D0CC63CA39C . 148768 . . [5.1.2600.5512] . . c:\\windows\\system32\\drivers\\atapi.sys [-] 2009-12-07 16:43 . 1D54E0455BB16C1D064EE782476C9B58 . 96512 . . [------] . . c:\\windows\\system32\\dllcache\\atapi.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\\windows\\$hf_mig$\\KB951748\\SP3QFE\\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\\windows\\system32\\dllcache\\tcpip.sys [-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\\windows\\system32\\drivers\\tcpip.sys [7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\\windows\\$NtUninstallKB951748$\\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-12-07_17.43.05 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-07 20:14 . 2009-12-07 20:14 16384 c:\\windows\\Temp\\Perflib_Perfdata_750.dat + 2009-12-07 20:15 . 2009-12-07 20:15 16384 c:\\windows\\Temp\\Perflib_Perfdata_14c.dat - 2009-02-01 20:27 . 2009-12-07 17:22 32768 c:\\windows\\system32\\config\\systemprofile\\Ustawienia lokalne\\Temporary Internet Files\\Content.IE5\\index.dat + 2009-02-01 20:27 . 2009-12-07 19:59 32768 c:\\windows\\system32\\config\\systemprofile\\Ustawienia lokalne\\Temporary Internet Files\\Content.IE5\\index.dat + 2009-02-01 20:27 . 2009-12-07 19:59 32768 c:\\windows\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\index.dat - 2009-02-01 20:27 . 2009-12-07 17:22 32768 c:\\windows\\system32\\config\\systemprofile\\Ustawienia lokalne\\Historia\\History.IE5\\index.dat + 2009-12-01 06:33 . 2009-12-07 19:59 16384 c:\\windows\\system32\\config\\systemprofile\\IETldCache\\index.dat - 2009-12-01 06:33 . 2009-12-07 17:22 16384 c:\\windows\\system32\\config\\systemprofile\\IETldCache\\index.dat + 2009-02-01 20:27 . 2009-12-07 19:59 16384 c:\\windows\\system32\\config\\systemprofile\\Cookies\\index.dat - 2009-02-01 20:27 . 2009-12-07 17:22 16384 c:\\windows\\system32\\config\\systemprofile\\Cookies\\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"Odkurzacz-MCD\"=\"c:\\program files\\Odkurzacz\\odk_mcd.exe\" [2008-08-16 264704] \"ccleaner\"=\"c:\\program files\\CCleaner\\CCleaner.exe\" [2009-11-24 1738040] \"Skype\"=\"c:\\program files\\Skype\\Phone\\Skype.exe\" [2009-10-09 25623336] \"IDMan\"=\"c:\\program files\\Internet Download Manager\\IDMan.exe\" [2009-08-19 3114416] [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"NeroFilterCheck\"=\"c:\\windows\\system32\\NeroCheck.exe\" [2001-07-09 155648] \"RemoteControl\"=\"c:\\program files\\CyberLink\\PowerDVD\\PDVDServ.exe\" [2004-11-02 32768] \"IgfxTray\"=\"c:\\windows\\system32\\igfxtray.exe\" [2007-09-05 141848] \"HotKeysCmds\"=\"c:\\windows\\system32\\hkcmd.exe\" [2007-09-05 166424] \"Persistence\"=\"c:\\windows\\system32\\igfxpers.exe\" [2007-09-05 137752] \"RTHDCPL\"=\"RTHDCPL.EXE\" [2008-02-13 16857600] \"ISTray\"=\"c:\\program files\\Spyware Doctor\\pctsTray.exe\" [2008-12-08 1173384] \"DemonStarter\"=\"c:\\program files\\PWN\\Definicje\\Bin\\Starter.exe\" [1999-12-01 36864] \"HP Software Update\"=\"c:\\program files\\HP\\HP Software Update\\HPWuSchd2.exe\" [2007-10-14 49152] \"hpqSRMon\"=\"c:\\program files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe\" [2007-08-22 80896] \"UnlockerAssistant\"=\"c:\\program files\\Unlocker\\UnlockerAssistant.exe\" [2009-10-26 15872] \"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre6\\bin\\jusched.exe\" [2009-10-11 149280] [HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run] \"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-15 15360] c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\ Adobe Gamma Loader.exe.lnk - c:\\program files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe [2009-2-2 108544] HP Digital Imaging Monitor.lnk - c:\\program files\\HP\\Digital Imaging\\bin\\hpqtra08.exe [2008-3-25 214360] Kalendarz XP.lnk - c:\\program files\\Kalendarz XP\\Kalendarz.exe [2009-2-20 882176] [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\sdauxservice] @=\"\" [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\sdcoreservice] @=\"\" [HKLM\\~\\startupfolder\\C:^Documents and Settings^User^Menu Start^Programy^Autostart^wintjo32.exe] path=c:\\documents and settings\\User\\Menu Start\\Programy\\Autostart\\wintjo32.exe backup=c:\\windows\\pss\\wintjo32.exeStartup [HKEY_LOCAL_MACHINE\\software\\microsoft\\security center] \"AntiVirusOverride\"=dword:00000001 [HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\KasperskyAntiVirus] \"DisableMonitoring\"=dword:00000001 [HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List] \"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"= \"%windir%\\\\system32\\\\sessmgr.exe\"= \"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqtra08.exe\"= \"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqste08.exe\"= \"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposid01.exe\"= \"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpiscnapp.exe\"= \"c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqkygrp.exe\"= \"c:\\\\Program Files\\\\Skype\\\\Plugin Manager\\\\skypePM.exe\"= \"c:\\\\Program Files\\\\Java\\\\jre6\\\\bin\\\\javaw.exe\"= \"c:\\\\Program Files\\\\Kyodai Mahjongg 2006\\\\kmj.exe\"= \"c:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\\windows\\system32\\drivers\\klbg.sys [2009-10-14 36880] R0 pavboot;pavboot;c:\\windows\\system32\\drivers\\pavboot.sys [2009-12-03 28552] R0 PCTCore;PCTools KDS;c:\\windows\\system32\\drivers\\PCTCore.sys [2009-04-01 130936] R2 sdAuxService;PC Tools Auxiliary Service;c:\\program files\\Spyware Doctor\\pctsAuxs.exe [2009-04-01 348752] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\\windows\\system32\\drivers\\AVerBDA3x.sys [2009-02-01 1176192] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\\windows\\system32\\drivers\\klim5.sys [2009-09-14 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\\windows\\system32\\drivers\\klmouflt.sys [2009-10-02 19472] S0 sptd;sptd;c:\\windows\\system32\\drivers\\sptd.sys [2009-02-07 717296] S2 gupdate1c9ab9c38b76c04;Usługa Google Update (gupdate1c9ab9c38b76c04);c:\\program files\\Google\\Update\\GoogleUpdate.exe [2009-03-23 133104] --- Inne Usługi/Sterowniki w Pamięci --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksport do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000 IE: Funkcja Google Sidewiki - c:\\program files\\Google\\Google Toolbar\\Component\\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Ściągnij przez IDM - c:\\program files\\Internet Download Manager\\IEExt.htm IE: Ściągnij wszystkie linki przez IDM - c:\\program files\\Internet Download Manager\\IEGetAll.htm IE: Ściągnij zawartość wideo FLV przez IDM - c:\\program files\\Internet Download Manager\\IEGetVL.htm . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-07 21:17 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5EF618]<< kernel: MBR read successfully detected MBR rootkit hooks: \\Driver\\Disk -> CLASSPNP.SYS @ 0xba0ecf28 \\Driver\\ACPI -> ACPI.sys @ 0xb9f7ecb8 \\Driver\\atapi -> atapi.sys @ 0xb9e1e852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \\Device\\Harddisk0\\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d07bb0 PacketIndicateHandler -> NDIS.sys @ 0xb9d14a21 SendHandler -> NDIS.sys @ 0xb9cf287b user & kernel MBR OK ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{450dbffd-ea0c-487b-b644-1ae275a75eed}] @Denied: (Full) (Everyone) \"Model\"=dword:00000143 \"Therad\"=dword:0000001e \"MData\"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,ab,9e,50,1b,eb,77,d1,ab,69,8c,ba,e9,8c,1c,cb,7c,83,e0,8b,c5,07,bb,\\ [HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) \"scansk\"=hex(0):ad,a1,36,57,8a,6c,e7,93,91,b5,f0,18,28,c9,64,ac,28,19,24,88,c9, 0a,3b,47,cb,b0,2a,a8,a6,0e,ec,f7,fc,3f,34,08,cd,bc,83,67,00,00,00,00,00,00,\\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > \'winlogon.exe\'(1008) c:\\windows\\system32\\WININET.dll - - - - - - - > \'lsass.exe\'(1072) c:\\windows\\system32\\WININET.dll - - - - - - - > \'explorer.exe\'(2212) c:\\windows\\system32\\WININET.dll c:\\program files\\Internet Download Manager\\idmmkb.dll c:\\windows\\system32\\webcheck.dll c:\\windows\\system32\\WPDShServiceObj.dll c:\\windows\\system32\\PortableDeviceTypes.dll c:\\windows\\system32\\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\\program files\\Java\\jre6\\bin\\jqs.exe c:\\program files\\Common Files\\LightScribe\\LSSrvc.exe c:\\program files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE c:\\program files\\Common Files\\Nero\\Nero BackItUp 4\\NBService.exe c:\\windows\\RTHDCPL.EXE c:\\windows\\system32\\igfxsrvc.exe c:\\program files\\Spyware Doctor\\pctsSvc.exe c:\\program files\\Skype\\Plugin Manager\\skypePM.exe c:\\windows\\system32\\wbem\\wmiapsrv.exe c:\\program files\\Internet Download Manager\\IEMonitor.exe c:\\program files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe c:\\program files\\HP\\Digital Imaging\\bin\\hpqbam08.exe c:\\program files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe . ************************************************************************** . Czas ukończenia: 2009-12-07 21:24 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-12-07 20:24 ComboFix2.txt 2009-12-07 18:00 Przed: 10 587 303 936 bajtów wolnych Po: 10 541 191 168 bajtów wolnych Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 0C2AC6D87293772DFB5A90851CBBFECD

Nowy Komentarz:

Komentarze: