hef44 Opublikowano 24 Stycznia 2009 Zgłoś Opublikowano 24 Stycznia 2009 (edytowane) Witam, prosze o sprawdzenie loga: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combofix" ComboFix 09-01-21.04 - Administrator 2009-01-24 11:19:02.1 - NTFSx86 MINIMALMicrosoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.767.648 [GMT 1:00]Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exeUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\VirusRemover2008c:\windows\system32\5Hpq35FR.exe.a_a.((((((((((((((((((((((((( Pliki utworzone od 2008-12-24 do 2009-01-24 ))))))))))))))))))))))))))))))).2009-01-24 11:16 . 2009-01-24 11:21 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne2009-01-24 11:16 . 2008-03-27 16:20 <DIR> d-------- c:\documents and settings\Administrator\Ulubione2009-01-24 11:16 . 2008-03-27 15:27 <DIR> d--h----- c:\documents and settings\Administrator\Szablony2009-01-24 11:16 . 2009-01-24 11:16 <DIR> d-------- c:\documents and settings\Administrator\Pulpit2009-01-24 11:16 . 2008-03-27 16:20 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty2009-01-24 11:16 . 2008-03-27 16:20 <DIR> dr------- c:\documents and settings\Administrator\Menu Start2009-01-24 11:16 . 2008-03-27 16:20 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji2009-01-24 11:16 . 2009-01-24 11:16 <DIR> d-------- c:\documents and settings\Administrator2009-01-21 10:01 . 2009-01-21 10:01 <DIR> dr------- c:\documents and settings\NetworkService\Ulubione2009-01-20 20:49 . 2009-01-20 20:49 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Cleaner20092009-01-20 20:44 . 2009-01-20 20:44 <DIR> d-------- c:\documents and settings\Vobis\Dane aplikacji\Cleaner2009 Freeware2009-01-20 10:36 . 2009-01-20 10:36 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Cleaner2009 Freeware2009-01-20 10:35 . 2009-01-20 10:35 <DIR> d-------- C:\My Downloads2009-01-20 10:35 . 2009-01-20 10:35 <DIR> d-------- c:\documents and settings\Vobis\Dane aplikacji\VirusRemover20082009-01-20 09:54 . 2009-01-22 07:41 73,728 --a------ c:\windows\system32\5Hpq35FR.exe2009-01-04 15:10 . 2009-01-04 15:11 <DIR> d-------- c:\program files\ip-changer2009-01-04 15:07 . 2009-01-04 15:13 <DIR> d-------- c:\program files\Tibia.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-24 10:10 --------- d-----w c:\program files\DialNet2009-01-20 07:18 --------- d-----w c:\documents and settings\Vobis\Dane aplikacji\Skype2009-01-20 07:17 --------- d-----w c:\documents and settings\Vobis\Dane aplikacji\skypePM2008-12-28 20:12 --------- d-----w c:\program files\Java2008-12-20 16:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2008-12-19 21:01 --------- d-----w c:\program files\Pasek TVN242008-12-11 12:31 --------- d-----w c:\program files\Gadu-Gadu2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys2008-12-08 22:52 --------- d-----w c:\program files\Google2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll2008-11-01 17:09 98,304 ----a-w c:\windows\system32\CmdLineExt.dll2008-04-30 21:21 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat2008-11-23 08:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll2008-11-23 08:19 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll2008-11-23 08:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll2008-11-23 08:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll2008-11-23 08:19 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll2008-06-12 07:53 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008061220080613\index.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]"a-winpoet-service"="c:\program files\DialNet\winpppoverethernet.exe" [2007-07-06 405504]"z-WrDialer"="c:\program files\DialNet\WrDialer.exe" [2007-07-11 561152]"Onet.pl AutoUpdate"="c:\program files\Common Files\Onet.pl\AutoUpdate.exe" [2006-02-08 260096]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-09 185896]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]"Trans"="c:\program files\Trans\trans.exe" [2008-04-23 2381240]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]"SoundMan"="SOUNDMAN.EXE" [2004-02-09 c:\windows\SOUNDMAN.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]--a------ 2008-04-19 04:28 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Ares\\Ares.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="c:\\Program Files\\SopCast\\SopCast.exe"="c:\\Program Files\\SopCast\\adv\\SopAdver.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [2008-03-27 1121536]S3 FPD;Fine Point Packet Service;c:\windows\system32\drivers\fpd.sys [2008-04-07 30336]S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2008-04-12 1252474]S3 WrKPoET2000;WrKPoET2000;c:\program files\DialNet\WrKPoET2000.sys [2008-04-07 52214]S3 WRSWanDD;WinPoET PPPoE Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [2008-04-07 65604]S4 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:\windows\system32\drivers\WrKPoET2000.sys [2008-04-07 52214].Zawartość folderu 'Zaplanowane zadania'2009-01-20 c:\windows\Tasks\At1.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At10.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-21 c:\windows\Tasks\At11.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At12.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At13.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-23 c:\windows\Tasks\At14.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At15.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At16.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At17.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At18.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At19.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At2.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At20.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At21.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At22.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At23.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At24.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At25.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At26.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At27.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At28.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At29.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At3.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At30.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At31.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At32.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At33.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At34.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-21 c:\windows\Tasks\At35.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At36.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At37.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-23 c:\windows\Tasks\At38.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At39.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At4.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At40.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At41.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At42.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At43.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At44.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At45.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At46.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At47.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At48.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At49.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At5.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At50.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At51.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At52.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At53.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At54.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At55.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At56.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At57.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At58.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-21 c:\windows\Tasks\At59.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At6.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At60.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At61.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-23 c:\windows\Tasks\At62.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At63.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At64.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At65.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At66.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At67.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At68.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At69.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At7.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At70.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At71.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At72.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At73.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At74.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At75.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At76.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At77.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At78.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At79.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-20 c:\windows\Tasks\At8.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At80.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At81.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At82.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At83.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At84.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At85.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-23 c:\windows\Tasks\At86.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At87.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At88.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At89.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At9.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At90.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At91.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At92.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At93.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At94.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At95.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-22 c:\windows\Tasks\At96.job- c:\windows\system32\5Hpq35FR.exe [2009-01-22 07:41]2009-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1935655697-682003330-1004.job- c:\documents and settings\Vobis\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-01-20 09:50].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-RunOnce-NeroHomeFirstStart - c:\program files\Common Files\Nero\Lib\NMFirstStart.exeHKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exeHKLM-Run-SalesMonitor - c:\program files\Common Files\PersonalAntiSpy\pbm.exe dm=http://personalantispy.com;http://load.personalantispy.com ad=http://personalantispy.com;http://load.personalantispy.comMSConfigStartUp-Cleaner2009 Freeware - c:\program files\Cleaner2009 Freeware\UCLN.exeMSConfigStartUp-Cognac - c:\docume~1\Vobis\USTAWI~1\Temp\~tmpa.exeMSConfigStartUp-MSFox - c:\docume~1\Vobis\USTAWI~1\Temp\ert54347.exeMSConfigStartUp-PersonalAntiSpy Free - c:\program files\PersonalAntiSpy Free\pas.exe.------- Skan uzupełniający -------.DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocxDPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cabDPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://212.109.149.253/LNetCam.cabDPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} - hxxp://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocxFF - ProfilePath - .**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-24 11:22:39Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,43,de,8e,eb,e8, 8b,cb,a0,e2,63,26,f1,3f,c8,ff,68,78,bd,e9,38,0c,03,da,98,e2,63,26,f1,3f,c8,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,d2,1b,c5,f9,07, fe,e2,b1,6a,9c,d6,61,af,45,84,18,bf,6e,27,8c,c1,42,b7,c1,6a,9c,d6,61,af,45,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,30,a0,a9,d2,9b, f7,2b,16,ff,7c,85,e0,43,d4,0e,fe,34,ff,15,b2,1a,01,ba,f5,ff,7c,85,e0,43,d4,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,bf,4f,59,47,43, c8,f8,17,86,8c,21,01,be,91,eb,e7,96,32,c9,44,6c,f0,2c,c5,86,8c,21,01,be,91,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e8,e9,8d,35,70, 95,09,83,f5,1d,4d,73,a8,13,5c,05,86,21,bf,aa,bf,e8,6a,92,f5,1d,4d,73,a8,13,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e1,06,c7,e4,db, 1a,4b,2f,df,20,58,62,78,6b,cf,c8,3e,46,72,94,fe,fe,d7,51,df,20,58,62,78,6b,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,3e,c0,8c,f6,60, 99,74,84,fb,a7,78,e6,12,2f,9a,ea,10,db,c5,0c,5d,78,d8,e7,fb,a7,78,e6,12,2f,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,58,a3,49,77,a9, e3,5d,f5,01,3a,48,fc,e8,04,4a,f1,1b,b3,27,b3,ba,07,ec,14,01,3a,48,fc,e8,04,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,fa,b1,2c,d1,02, 1f,ef,8d,f6,0f,4e,58,98,5b,89,c9,8f,a8,df,22,36,86,8d,39,f6,0f,4e,58,98,5b,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a5,b6,f8,dc,22, 21,4e,c9,3d,ce,ea,26,2d,45,aa,78,17,8e,bc,7b,8a,f3,4c,88,3d,ce,ea,26,2d,45,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,09,12,af,c2,7b, a4,a2,09,2a,b7,cc,b5,b9,7f,41,e7,fb,86,78,6c,8a,ec,08,13,2a,b7,cc,b5,b9,7f,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b2,56,a2,34,66, af,ee,88,6c,43,2d,1e,aa,22,2f,9c,40,28,4f,d2,26,76,c4,c2,6c,43,2d,1e,aa,22,\.Czas ukończenia: 2009-01-24 11:24:13ComboFix-quarantined-files.txt 2009-01-24 10:24:11Przed: 7 920 570 368 bajtów wolnychPo: 10,596,196,352 bajtów wolnych388 --- E O F --- 2009-01-14 18:51:00 Log zasmiecony jak nie wiem, pochodzi z kompa znajomego. Edytowane 24 Stycznia 2009 przez Kolobos Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 24 Stycznia 2009 Zgłoś Opublikowano 24 Stycznia 2009 Wpisz w Start->Uruchom: cmd i tam: del /q /f c:\windows\Tasks\At*.job Utworz plik CFScript.txt z zawartoscia: Folder:: c:\documents and settings\All Users\Dane aplikacji\Cleaner2009 c:\documents and settings\Vobis\Dane aplikacji\Cleaner2009 Freeware c:\documents and settings\All Users\Dane aplikacji\Cleaner2009 Freeware C:\My Downloads c:\documents and settings\Vobis\Dane aplikacji\VirusRemover2008 File:: c:\windows\system32\5Hpq35FR.exe Zapisz i przeciagnij go na ikone combofix.exe, po wykonaniu daj nowy log. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
hef44 Opublikowano 24 Stycznia 2009 Zgłoś Opublikowano 24 Stycznia 2009 Zrobione oto wynik: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combo fix" ComboFix 09-01-21.04 - Administrator 2009-01-24 13:24:13.2 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.767.642 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Administrator\Pulpit\CFScript.txt.txt AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! FILE :: c:\windows\system32\5Hpq35FR.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dane aplikacji\Cleaner2009 Freeware c:\documents and settings\All Users\Dane aplikacji\Cleaner2009 Freeware\Data\ActivationCode c:\documents and settings\All Users\Dane aplikacji\Cleaner2009 c:\documents and settings\Vobis\Dane aplikacji\Cleaner2009 Freeware c:\documents and settings\Vobis\Dane aplikacji\Cleaner2009 Freeware\Logs\scns.log c:\documents and settings\Vobis\Dane aplikacji\VirusRemover2008 c:\documents and settings\Vobis\Dane aplikacji\VirusRemover2008\Logs\scns.log C:\My Downloads c:\windows\system32\5Hpq35FR.exe . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-24 do 2009-01-24 ))))))))))))))))))))))))))))))) . 2009-01-24 11:45 . 2009-01-24 11:45 <DIR> d-------- c:\program files\Avira 2009-01-24 11:45 . 2009-01-24 11:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Avira 2009-01-24 11:16 . 2009-01-24 13:26 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne 2009-01-24 11:16 . 2008-03-27 16:20 <DIR> d-------- c:\documents and settings\Administrator\Ulubione 2009-01-24 11:16 . 2008-03-27 15:27 <DIR> d--h----- c:\documents and settings\Administrator\Szablony 2009-01-24 11:16 . 2009-01-24 13:24 <DIR> d-------- c:\documents and settings\Administrator\Pulpit 2009-01-24 11:16 . 2008-03-27 16:20 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty 2009-01-24 11:16 . 2008-03-27 16:20 <DIR> dr------- c:\documents and settings\Administrator\Menu Start 2009-01-24 11:16 . 2008-03-27 16:20 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji 2009-01-24 11:16 . 2009-01-24 11:16 <DIR> d-------- c:\documents and settings\Administrator 2009-01-21 10:01 . 2009-01-21 10:01 <DIR> dr------- c:\documents and settings\NetworkService\Ulubione 2009-01-04 15:10 . 2009-01-04 15:11 <DIR> d-------- c:\program files\ip-changer 2009-01-04 15:07 . 2009-01-04 15:13 <DIR> d-------- c:\program files\Tibia . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 11:45 --------- d-----w c:\program files\DialNet 2009-01-20 07:18 --------- d-----w c:\documents and settings\Vobis\Dane aplikacji\Skype 2009-01-20 07:17 --------- d-----w c:\documents and settings\Vobis\Dane aplikacji\skypePM 2008-12-28 20:12 --------- d-----w c:\program files\Java 2008-12-20 16:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-12-19 21:01 --------- d-----w c:\program files\Pasek TVN24 2008-12-11 12:31 --------- d-----w c:\program files\Gadu-Gadu 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-08 22:52 --------- d-----w c:\program files\Google 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-11-01 17:09 98,304 ----a-w c:\windows\system32\CmdLineExt.dll 2008-04-30 21:21 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat 2008-11-23 08:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-11-23 08:19 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-11-23 08:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-11-23 08:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-11-23 08:19 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-06-12 07:53 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008061220080613\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-24_11.23.21,95 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-09 11:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys + 2007-03-01 08:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "a-winpoet-service"="c:\program files\DialNet\winpppoverethernet.exe" [2007-07-06 405504] "z-WrDialer"="c:\program files\DialNet\WrDialer.exe" [2007-07-11 561152] "Onet.pl AutoUpdate"="c:\program files\Common Files\Onet.pl\AutoUpdate.exe" [2006-02-08 260096] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-09 185896] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "Trans"="c:\program files\Trans\trans.exe" [2008-04-23 2381240] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SoundMan"="SOUNDMAN.EXE" [2004-02-09 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-04-19 04:28 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [2008-03-27 1121536] S3 FPD;Fine Point Packet Service;c:\windows\system32\drivers\fpd.sys [2008-04-07 30336] S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2008-04-12 1252474] S3 WrKPoET2000;WrKPoET2000;c:\program files\DialNet\WrKPoET2000.sys [2008-04-07 52214] S3 WRSWanDD;WinPoET PPPoE Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [2008-04-07 65604] S4 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;c:\windows\system32\drivers\WrKPoET2000.sys [2008-04-07 52214] . Zawartość folderu 'Zaplanowane zadania' 2009-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1935655697-682003330-1004.job - c:\documents and settings\Vobis\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-01-20 09:50] . . ------- Skan uzupełniający ------- . DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cab DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://212.109.149.253/LNetCam.cab DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} - hxxp://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx FF - ProfilePath - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 13:26:26 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,43,de,8e,eb,e8, 8b,cb,a0,e2,63,26,f1,3f,c8,ff,68,78,bd,e9,38,0c,03,da,98,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,d2,1b,c5,f9,07, fe,e2,b1,6a,9c,d6,61,af,45,84,18,bf,6e,27,8c,c1,42,b7,c1,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,30,a0,a9,d2,9b, f7,2b,16,ff,7c,85,e0,43,d4,0e,fe,34,ff,15,b2,1a,01,ba,f5,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,bf,4f,59,47,43, c8,f8,17,86,8c,21,01,be,91,eb,e7,96,32,c9,44,6c,f0,2c,c5,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e8,e9,8d,35,70, 95,09,83,f5,1d,4d,73,a8,13,5c,05,86,21,bf,aa,bf,e8,6a,92,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e1,06,c7,e4,db, 1a,4b,2f,df,20,58,62,78,6b,cf,c8,3e,46,72,94,fe,fe,d7,51,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,3e,c0,8c,f6,60, 99,74,84,fb,a7,78,e6,12,2f,9a,ea,10,db,c5,0c,5d,78,d8,e7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,58,a3,49,77,a9, e3,5d,f5,01,3a,48,fc,e8,04,4a,f1,1b,b3,27,b3,ba,07,ec,14,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,fa,b1,2c,d1,02, 1f,ef,8d,f6,0f,4e,58,98,5b,89,c9,8f,a8,df,22,36,86,8d,39,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a5,b6,f8,dc,22, 21,4e,c9,3d,ce,ea,26,2d,45,aa,78,17,8e,bc,7b,8a,f3,4c,88,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,09,12,af,c2,7b, a4,a2,09,2a,b7,cc,b5,b9,7f,41,e7,fb,86,78,6c,8a,ec,08,13,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b2,56,a2,34,66, af,ee,88,6c,43,2d,1e,aa,22,2f,9c,40,28,4f,d2,26,76,c4,c2,6c,43,2d,1e,aa,22,\ . Czas ukończenia: 2009-01-24 13:28:00 ComboFix-quarantined-files.txt 2009-01-24 12:27:58 ComboFix2.txt 2009-01-24 10:24:14 Przed: 13 580 124 160 bajtów wolnych Po: 13,567,987,712 bajtów wolnych 205 --- E O F --- 2009-01-14 18:51:00 Dzieki za pomoc 8O Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 24 Stycznia 2009 Zgłoś Opublikowano 24 Stycznia 2009 Wszystko wyglada ok. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
