Anonim / 6 lat, 1 miesiąc temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
ComboFix 11-10-19.04 - X 2011-10-19  19:07:40.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2303.1759 [GMT 2:00]
Uruchomiony z: c:\documents and settings\X\Moje dokumenty\Pobieranie\ComboFix.exe
AV: System antywirusowy NOD32 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-09-19 do 2011-10-19  )))))))))))))))))))))))))))))))
.
.
2011-10-19 16:59 . 2011-10-19 16:59	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\SpeedUpToolbar
2011-10-19 16:59 . 2011-10-19 16:59	--------	d-----w-	c:\program files\SpeedUpToolbar
2011-10-19 16:59 . 2011-10-19 17:03	--------	d-----w-	c:\program files\Przyspiesz Komputer
2011-10-19 13:48 . 2011-10-19 13:48	--------	d-----w-	C:\_OTL
2011-10-08 07:55 . 2011-10-08 07:55	--------	d-----w-	c:\documents and settings\LocalService\Dane aplikacji\McAfee
2011-10-02 21:51 . 2011-10-02 21:51	--------	d-----w-	c:\documents and settings\X\Ustawienia lokalne\Dane aplikacji\Opera
2011-10-02 21:51 . 2011-10-02 21:51	--------	d-----w-	c:\program files\Opera
2011-10-02 21:21 . 2011-10-02 21:21	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\McAfee
2011-10-02 21:21 . 2011-10-02 21:21	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan
2011-10-02 21:21 . 2011-10-08 07:54	--------	d-----w-	c:\program files\McAfee Security Scan
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 21:30 . 2011-06-25 18:12	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-02 11:19 . 2011-04-23 13:29	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-10-19_16.14.03   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-19 16:53 . 2011-10-19 16:53	16384              c:\windows\Temp\Perflib_Perfdata_69c.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-09-08 2372696]
.
[HKEY_CLASSES_ROOT\clsid\{0d52b2ca-c02e-4ec1-8e80-0a5cd2a640bd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}]
2011-09-08 02:49	2372696	----a-w-	c:\program files\SpeedUpToolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-09-08 2372696]
.
[HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-09-08 2372696]
.
[HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2006-02-17 2396160]
"PCSpeedUp"="c:\program files\Przyspiesz Komputer\PCSpeedUp.lnk" [2011-10-19 1878]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-03-11 949376]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-09-13 425984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]
"nwiz"="nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
2006-02-17 13:03	2396160	----a-w-	c:\program files\Gadu-Gadu\gg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2011-05-20 13:33	19759104	----a-w-	c:\program files\ipla\ipla.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\B2BPOKER\\Redbet\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\r1q2_multi_2\\quake2.exe"=
"d:\\Program Files\\r1q2_multi_2\\r1q2.exe"=
"d:\\r1q2_multi_2\\r1q2.exe"=
"c:\\Program Files\\BetsafeEnglishEuro\\Casino.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Counter-strike\\hl.exe"=
"c:\\Program Files\\Betsson Euro Tables\\pokerclient\\Betsson Euro Tables.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2010-03-11 15424]
R2 PCSUService;PC Speed Up Service;c:\program files\Przyspiesz Komputer\PCSUService.exe [2011-10-19 234720]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-03-14 1691480]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - PCSUSERVICE
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 21:28]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 21:28]
.
2011-10-19 c:\windows\Tasks\Norton Security Scan for X.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-08-20 11:19]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.igeared.com/dispatcher.aspx?i=63
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 10.255.255.13 10.255.255.14 10.255.255.12
Handler: speeduptoolbar - {A59E71FA-63AB-4695-B7B0-7B97BAA3CF9E} - c:\program files\SpeedUpToolbar\IEToolbar.dll
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\X\Dane aplikacji\Mozilla\Firefox\Profiles\3ssw1itn.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - prefs.js: browser.startup.homepage - onet.pl
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-19 19:14
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(572)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Czas ukończenia: 2011-10-19  19:16:07
ComboFix-quarantined-files.txt  2011-10-19 17:16
ComboFix2.txt  2011-10-19 16:16
.
Przed: 12 023 697 408 bajtów wolnych
Po: 12 010 565 632 bajtów wolnych
.
- - End Of File - - CDC88EBD2E4B36565B656C4BFE75BA7E