Skocz do zawartości
jacekk20

Prośba O Sprawdzenie Raportu Z Combofix

Przez jacekk20, w Centrum Bezpieczeństwa

Rekomendowane odpowiedzi

jacekk20 Newbie

jacekk20

Opublikowano
Opublikowano

witam

prosiłbym żeby ktoś bardziej zorientowany przejrzał raport z Combofixa, jest też wklejony jako załączony plik tomek.txt

jeśli coś jest nie tak to gdzie i jak to usunąć?

system niedawno całkiem był instalowany na nowo, nie mój komputer ale podobno coś tu siedzi, tylko osobiście w combofixie nie bardzo się orientuję i nie używam

pozdrawiam

 

 

 

ComboFix 10-02-21.02 - Ewelina 2010-02-22 18:36:24.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.2046.976 [GMT 1:00]

Uruchomiony z: c:\users\Ewelina\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\windows\system32\AutoRun.inf

c:\windows\system32\gatherWirelessInfo.vbs

 

.

((((((((((((((((((((((((( Pliki utworzone od 2010-01-22 do 2010-02-22 )))))))))))))))))))))))))))))))

.

 

2010-02-22 17:42 . 2010-02-22 17:43 -------- d-----w- c:\users\Ewelina\AppData\Local\temp

2010-02-22 17:42 . 2010-02-22 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-22 16:41 . 2010-02-22 16:41 -------- d-----w- c:\windows\system32\EventProviders

2010-02-22 15:56 . 2010-02-22 15:56 -------- d-----w- c:\windows\CheckSur

2010-02-22 15:51 . 2010-02-22 15:51 -------- d-----w- c:\users\Ewelina\AppData\Roaming\Media Player Classic

2010-02-17 08:45 . 2010-02-17 08:45 -------- d-----w- c:\users\Ewelina\AppData\Roaming\Microgaming

2010-02-17 08:06 . 2010-02-17 08:06 122880 ----a-w- c:\programdata\MGS\cache\f\frenchroulette.181434980597f8ff07c31ab5432ab080.dll

2010-02-17 08:05 . 2010-02-17 08:05 942080 ----a-w- c:\programdata\MGS\cache\f\flightzonebonus.bb993454d3170414b7655081a3ec7db9.dll

2010-02-17 08:03 . 2010-02-17 08:03 884736 ----a-w- c:\programdata\MGS\cache\f\fatladybonus.1bbd616c1ce52b392c6981c202173fe7.dll

2010-02-17 07:57 . 2010-02-17 07:57 229486 ----a-w- c:\programdata\MGS\cache\c\classicblackjack.cd8f07669d8ad1880944c3c957f8a558.dll

2010-02-17 07:55 . 2010-02-17 07:55 213264 ----a-w- c:\programdata\MGS\cache\c\choosebonus.df815bbfb8ae7a29a353f0ae65e4af17.dll

2010-02-17 07:54 . 2010-02-17 07:54 131072 ----a-w- c:\programdata\MGS\cache\t\type_5reelprogressive3_4_5.c65d2830787ed7999b948455e324121b.dll

2010-02-17 07:54 . 2010-02-17 07:54 159744 ----a-w- c:\programdata\MGS\cache\p\progressive_temp.979c9e04248bf52052c2caf1e627d86b.dll

2010-02-17 07:54 . 2010-02-17 07:54 151552 ----a-w- c:\programdata\MGS\cache\p\progressive.8fe1347dac5a6804834d35e86c789f9a.dll

2010-02-17 07:54 . 2010-02-17 07:54 122880 ----a-w- c:\programdata\MGS\cache\t\type_3reelprogressive1_2.a0c5e56438d504531121ead802e24dcf.dll

2010-02-17 07:53 . 2010-02-17 07:53 135168 ----a-w- c:\programdata\MGS\cache\c\cashanovagetlucky_temp.b71b6ce6d93f57e6e8d79f64bfda39ca.dll

2010-02-17 07:53 . 2010-02-17 07:53 434448 ----a-w- c:\programdata\MGS\cache\c\cashanovafreerangebonus.c80646018f801b82af1a85ac0f07ba46.dll

2010-02-17 07:53 . 2010-02-17 07:53 159744 ----a-w- c:\programdata\MGS\cache\c\cashanovagetlucky.70edc0ef64acff9d67d53ba965b991b4.dll

2010-02-17 07:53 . 2010-02-17 07:53 217360 ----a-w- c:\programdata\MGS\cache\c\cashanovafreerangebonus_temp.598336f9707e832cab943342026367f4.dll

2010-02-17 07:52 . 2010-02-17 07:52 303376 ----a-w- c:\programdata\MGS\cache\m\mermaidsmillions.9379e4aac1e4731bf7922c8c2544bd7a.dll

2010-02-17 07:52 . 2010-02-17 07:52 295184 ----a-w- c:\programdata\MGS\cache\m\mermaidsmillionsxxx.85e8ee4057b7c3d431514729821caee1.dll

2010-02-17 07:52 . 2010-02-17 07:52 119056 ----a-w- c:\programdata\MGS\cache\m\mermaidsbonus.f520937c2ec436ae80b67d9c967dd3f6.dll

2010-02-17 07:50 . 2010-02-17 07:50 155648 ----a-w- c:\programdata\MGS\cache\b\bonuspaigowpoker.7a255497429caa23df774f47d3465136.dll

2010-02-17 07:50 . 2010-02-17 07:50 483600 ----a-w- c:\programdata\MGS\cache\h\hilowbonus_tggg.10cdcb3e64c301c60db4d11d2d7781a4.dll

2010-02-17 07:50 . 2010-02-17 07:50 446736 ----a-w- c:\programdata\MGS\cache\h\hilowbonus.ecf70c1bd892c000f22ce30d5b0ba784.dll

2010-02-17 07:50 . 2010-02-17 07:50 958464 ----a-w- c:\programdata\MGS\cache\h\hilowbonus_flightzone.1173d08d2670eede892e3adf07022f08.dll

2010-02-16 19:57 . 2010-02-16 19:57 594192 ----a-w- c:\programdata\MGS\cache\s\snakesandladdersbonus.1b7d7437b87cc53b7a00c4efd2db679d.dll

2010-02-16 19:55 . 2010-02-16 19:55 61440 ----a-w- c:\programdata\MGS\cache\t\tikimaskbonusgame.0dc1c149f619ef0a72aacd3abdeb0dfb.dll

2010-02-16 19:55 . 2010-02-16 19:55 57344 ----a-w- c:\programdata\MGS\cache\v\volcanobonusgame.1f5cd5f4b800bd1a6e740e08a3119e10.dll

2010-02-16 19:55 . 2010-02-16 19:55 213089 ----a-w- c:\programdata\MGS\cache\b\bigkahuna.769fd4a48b95c8614a738f1cad88bcd5.dll

2010-02-16 19:51 . 2010-02-16 19:51 684032 ----a-w- c:\programdata\MGS\cache\a\arcticfortunetransition.cdb6c11f100d3a3cb0c0550c21b277e4.dll

2010-02-16 19:51 . 2010-02-16 19:51 1568768 ----a-w- c:\programdata\MGS\cache\a\arcticfortune.b328b57943682e2d7fd4847916ff9b2b.dll

2010-02-16 19:51 . 2010-02-16 19:51 1232896 ----a-w- c:\programdata\MGS\cache\a\arcticfortune_gspider.770d41ad6c8d6246716f0968e4501795.dll

2010-02-16 19:51 . 2010-02-16 19:51 1236992 ----a-w- c:\programdata\MGS\cache\a\arcticfortune_spiderbonus.c6f7df06987955caf77bb513ebf7e5b5.dll

2010-02-16 19:51 . 2010-02-16 19:51 1064960 ----a-w- c:\programdata\MGS\cache\a\arcticfortunexxx.88b69b79191872d92329d1cfa9817586.dll

2010-02-16 19:51 . 2010-02-16 19:51 1224704 ----a-w- c:\programdata\MGS\cache\a\arcticfortune_crankbonus.79fd1aae910e128f743d90232d089b3b.dll

2010-02-16 19:15 . 2010-02-16 19:15 1040384 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_novgao_09.0f4a9e5f0c3aacc5fd59c75d3646b44e.dll

2010-02-16 19:15 . 2010-02-16 19:15 1478656 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_novgao_09.51f332de91be61de7b100bafa017beaa.dll

2010-02-16 19:15 . 2010-02-16 19:15 897024 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_novgao_09.cf52962a5fbf37c5c088bd5d667653d4.dll

2010-02-16 19:15 . 2010-02-16 19:15 921600 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_novgao_09.2d0e2f5fb79a1dee2f0dba3ac916277d.dll

2010-02-16 19:15 . 2010-02-16 19:15 679936 ----a-w- c:\programdata\MGS\cache\t\transition_novgao_09.002d2269f327b0c9a9e9f327bc91130b.dll

2010-02-16 19:15 . 2010-02-16 19:15 618496 ----a-w- c:\programdata\MGS\cache\g\gamble2_novgao_09.5e06bb19f897ab866a50c262ff639055.dll

2010-02-16 18:58 . 2010-02-16 18:58 204905 ----a-w- c:\programdata\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll

2010-02-16 18:58 . 2010-02-16 18:58 237840 ----a-w- c:\programdata\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll

2010-02-16 18:58 . 2010-02-16 18:58 290941 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll

2010-02-16 18:58 . 2010-02-16 18:58 139264 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll

2010-02-16 18:58 . 2010-02-16 18:58 114688 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll

2010-02-16 18:57 . 2010-02-16 18:57 217360 ----a-w- c:\programdata\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll

2010-02-16 18:57 . 2010-02-16 18:57 114960 ----a-w- c:\programdata\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll

2010-02-16 18:56 . 2010-02-16 18:56 32768 ----a-w- c:\programdata\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll

2010-02-16 18:51 . 2010-02-16 18:51 606208 ----a-w- c:\programdata\MGS\cache\g\gamble2_summerholiday.b02744e18c4cdb3dd3394f69d8987073.dll

2010-02-16 18:51 . 2010-02-16 18:51 524560 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_tggg.f8ba0ccac248b6026b2705996790640a.dll

2010-02-16 18:51 . 2010-02-16 18:51 1056768 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_flightzone.1f65e9ffaab494fa7dea6b149ec7a671.dll

2010-02-16 18:51 . 2010-02-16 18:51 925696 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_hellboy.ee1c177b2b367dc15184591e57db5798.dll

2010-02-16 18:51 . 2010-02-16 18:51 679936 ----a-w- c:\programdata\MGS\cache\t\transition_octgao_09.7768fe95f9efff3962c913196fe05f6a.dll

2010-02-16 17:59 . 2010-02-16 18:51 -------- d-----w- c:\programdata\MGS

2010-02-16 15:09 . 2008-05-27 05:17 11776 ----a-w- c:\windows\system32\msshooks.dll

2010-02-16 15:09 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin

2010-02-16 15:09 . 2008-05-27 04:59 106605 ----a-w- c:\windows\system32\StructuredQuerySchema.bin

2010-02-16 15:09 . 2008-05-27 05:17 34816 ----a-w- c:\windows\system32\msscb.dll

2010-02-16 15:03 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll

2010-02-14 21:16 . 2010-02-14 21:16 -------- d-----w- C:\PerfLogs

2010-02-14 20:27 . 2008-01-19 07:33 1363968 ----a-w- c:\windows\system32\wbem\cimwin32.dll

2010-02-14 20:26 . 2008-01-19 07:36 56320 ----a-w- c:\windows\system32\wecapi.dll

2010-02-14 20:25 . 2008-01-19 07:36 223232 ----a-w- c:\windows\system32\WMASF.DLL

2010-02-14 20:24 . 2008-01-19 07:36 8704 ----a-w- c:\windows\system32\rdpcfgex.dll

2010-02-14 20:23 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll

2010-02-14 20:23 . 2008-01-19 07:36 704512 ----a-w- c:\windows\system32\SmiEngine.dll

2010-02-14 20:23 . 2008-01-19 07:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll

2010-02-14 20:23 . 2008-01-19 07:36 218624 ----a-w- c:\windows\system32\wdscore.dll

2010-02-14 20:23 . 2008-01-19 07:33 130560 ----a-w- c:\windows\system32\PkgMgr.exe

2010-02-14 20:22 . 2008-01-19 07:34 246784 ----a-w- c:\windows\system32\drvstore.dll

2010-02-14 20:22 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll

2010-02-14 20:22 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll

2010-02-14 20:22 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll

2010-02-13 17:40 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll

2010-02-13 11:25 . 2010-02-13 11:25 499712 ----a-w- c:\windows\system32\kerberos.dll

2010-02-13 11:25 . 2010-02-13 11:25 270848 ----a-w- c:\windows\system32\schannel.dll

2010-02-13 11:25 . 2010-02-13 11:25 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-13 11:25 . 2010-02-13 11:25 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-13 09:03 . 2010-02-13 09:05 -------- d-----w- c:\users\Ewelina\AppData\Roaming\Nero

2010-02-13 09:02 . 2010-02-13 09:02 -------- d-----w- c:\program files\Nero

2010-02-13 09:02 . 2010-02-13 09:02 -------- d-----w- c:\programdata\Nero

2010-02-13 09:02 . 2010-02-13 09:03 -------- d-----w- c:\program files\Common Files\Nero

2010-02-12 21:42 . 2010-02-12 21:42 269312 ----a-w- c:\windows\system32\es.dll

2010-02-12 20:28 . 2010-02-12 20:28 72704 ----a-w- c:\windows\system32\fontsub.dll

2010-02-12 20:28 . 2010-02-12 20:28 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-02-12 20:28 . 2010-02-12 20:28 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-02-12 20:28 . 2010-02-12 20:28 23552 ----a-w- c:\windows\system32\lpk.dll

2010-02-12 20:28 . 2010-02-12 20:28 156672 ----a-w- c:\windows\system32\t2embed.dll

2010-02-12 20:28 . 2010-02-12 20:28 10240 ----a-w- c:\windows\system32\dciman32.dll

2010-02-12 20:25 . 2010-02-12 20:25 61440 ----a-w- c:\windows\system32\winipsec.dll

2010-02-12 20:25 . 2010-02-12 20:25 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL

2010-02-12 20:25 . 2010-02-12 20:25 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll

2010-02-12 20:25 . 2010-02-12 20:25 272896 ----a-w- c:\windows\system32\polstore.dll

2010-02-12 20:24 . 2010-02-12 20:24 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-02-12 20:24 . 2010-02-12 20:24 301568 ----a-w- c:\windows\system32\drivers\srv.sys

2010-02-12 20:23 . 2010-02-12 20:23 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2010-02-12 20:23 . 2010-02-12 20:23 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2010-02-12 20:23 . 2010-02-12 20:23 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2010-02-12 20:21 . 2010-02-12 20:21 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2010-02-12 20:21 . 2010-02-12 20:21 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2010-02-12 20:21 . 2010-02-12 20:21 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2010-02-12 20:21 . 2010-02-12 20:21 19968 ----a-w- c:\windows\system32\ARP.EXE

2010-02-12 20:21 . 2010-02-12 20:21 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2010-02-12 20:21 . 2010-02-12 20:21 17920 ----a-w- c:\windows\system32\netevent.dll

2010-02-12 20:21 . 2010-02-12 20:21 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2010-02-12 20:21 . 2010-02-12 20:21 104960 ----a-w- c:\windows\system32\netiohlp.dll

2010-02-12 20:21 . 2010-02-12 20:21 10240 ----a-w- c:\windows\system32\finger.exe

2010-02-12 20:18 . 2010-02-12 20:18 68096 ----a-w- c:\windows\system32\wlanhlp.dll

2010-02-12 20:18 . 2010-02-12 20:18 64512 ----a-w- c:\windows\system32\wlanapi.dll

2010-02-12 20:18 . 2010-02-12 20:18 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2010-02-12 20:18 . 2010-02-12 20:18 513024 ----a-w- c:\windows\system32\wlansvc.dll

2010-02-12 20:18 . 2010-02-12 20:18 302592 ----a-w- c:\windows\system32\wlansec.dll

2010-02-12 20:18 . 2010-02-12 20:18 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2010-02-12 20:17 . 2010-02-12 20:17 2048 ----a-w- c:\windows\system32\msxml6r.dll

2010-02-12 20:17 . 2010-02-12 20:17 2048 ----a-w- c:\windows\system32\msxml3r.dll

2010-02-12 20:17 . 2010-02-12 20:17 1399296 ----a-w- c:\windows\system32\msxml6.dll

2010-02-12 20:17 . 2010-02-12 20:17 1257472 ----a-w- c:\windows\system32\msxml3.dll

2010-02-12 20:16 . 2010-02-12 20:16 9728 ----a-w- c:\windows\system32\lsass.exe

2010-02-12 20:16 . 2010-02-12 20:16 72704 ----a-w- c:\windows\system32\secur32.dll

2010-02-12 20:16 . 2010-02-12 20:16 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2010-02-12 20:16 . 2010-02-12 20:16 213504 ----a-w- c:\windows\system32\msv1_0.dll

2010-02-12 20:16 . 2010-02-12 20:16 175104 ----a-w- c:\windows\system32\wdigest.dll

2010-02-12 20:16 . 2010-02-12 20:16 1256448 ----a-w- c:\windows\system32\lsasrv.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-22 15:31 . 2006-12-05 05:22 661818 ----a-w- c:\windows\system32\perfh015.dat

2010-02-22 15:31 . 2006-12-05 05:22 126702 ----a-w- c:\windows\system32\perfc015.dat

2010-02-20 21:00 . 2010-02-20 21:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2010-02-14 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2010-02-14 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2010-02-14 21:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-02-14 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2010-02-14 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2010-02-14 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2010-02-14 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2010-02-14 21:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-02-14 21:06 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2010-02-14 21:06 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll

2010-02-12 19:39 . 2010-02-12 19:39 40960 ----a-w- c:\windows\AppPatch\apihex86.dll

2010-02-12 19:04 . 2010-02-12 19:04 2560 ----a-w- c:\windows\AppPatch\AcRes.dll

2010-02-12 19:04 . 2010-02-12 19:04 2153984 ----a-w- c:\windows\AppPatch\AcGenral.dll

2010-02-12 19:04 . 2010-02-12 19:04 541696 ----a-w- c:\windows\AppPatch\AcLayers.dll

2010-02-12 19:04 . 2010-02-12 19:04 459776 ----a-w- c:\windows\AppPatch\AcSpecfc.dll

2010-02-12 19:04 . 2010-02-12 19:04 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll

2010-02-11 19:18 . 2010-02-11 19:14 -------- d-----w- c:\program files\HP

2010-02-11 19:18 . 2010-02-11 19:18 -------- d-----w- c:\users\Ewelina\AppData\Roaming\HPAppData

2010-02-11 19:17 . 2010-02-11 19:17 -------- d-----w- c:\programdata\HP Product Assistant

2010-02-11 19:17 . 2010-02-11 19:17 -------- d-----w- c:\program files\Common Files\HP

2010-02-11 19:16 . 2010-02-11 19:16 -------- d-----w- c:\program files\Hewlett-Packard

2010-02-11 19:16 . 2010-02-11 19:16 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2010-02-11 18:47 . 2010-02-11 16:44 104040 ----a-w- c:\users\Ewelina\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-11 16:53 . 2010-02-11 16:44 680 ----a-w- c:\users\Ewelina\AppData\Local\d3d9caps.dat

2010-02-11 16:51 . 2010-02-11 16:51 -------- d-----w- c:\program files\Realtek

2010-02-11 16:51 . 2010-02-11 16:51 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-11 16:51 . 2010-02-11 16:51 319456 ----a-w- c:\windows\DIFxAPI.dll

2010-02-11 16:51 . 2010-02-11 16:51 -------- d-----w- c:\users\Ewelina\AppData\Roaming\InstallShield

2010-02-11 16:51 . 2010-02-11 16:51 315392 ----a-w- c:\windows\HideWin.exe

2010-02-11 16:51 . 2010-02-11 16:51 -------- d-----w- c:\program files\Common Files\InstallShield

2010-02-11 16:42 . 2010-02-11 16:42 -------- d-sh--we c:\programdata\Ulubione

2010-02-11 16:42 . 2010-02-11 16:42 -------- d-sh--we c:\programdata\Szablony

2010-02-11 16:42 . 2010-02-11 16:42 -------- d-sh--we c:\programdata\Pulpit

2010-02-11 16:42 . 2010-02-11 16:42 -------- d-sh--we c:\programdata\Menu Start

2010-02-11 16:42 . 2010-02-11 16:42 -------- d-sh--we c:\programdata\Dokumenty

2010-02-11 16:42 . 2010-02-11 16:42 -------- d-sh--we c:\programdata\Dane aplikacji

2010-02-04 09:01 . 2010-02-11 18:24 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2010-02-04 09:01 . 2010-02-11 18:24 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2010-02-04 09:01 . 2010-02-11 18:24 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2010-02-04 09:01 . 2010-02-11 18:24 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2010-01-02 06:38 . 2010-02-13 17:46 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-02-13 17:46 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32 . 2010-02-13 17:46 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57 . 2010-02-13 17:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"uTorrent"="d:\programy\utorrent\uTorrent.exe" [2010-02-11 319280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]

"Skytel"="Skytel.exe" [2007-04-13 1822720]

"Gainward"="c:\windows\TBPanel.exe" [2007-06-26 2173480]

"avast5"="d:\programy\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

"COMODO Internet Security"="d:\programy\Comodo\COMODO Internet Security\cfp.exe" [2010-02-11 1800464]

"Adobe Reader Speed Launcher"="d:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-23 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [2010-02-11 162512]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2010-02-11 130960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2010-02-11 29520]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2010-02-11 19024]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2010-02-11 51792]

S3 DfSdkS;Defragmentation-Service;d:\programy\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2010-02-11 406016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Skan uzupełniający -------

.

IE: E&ksport do programu Microsoft Excel - d:\programy\MICROS~1\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Ewelina\AppData\Roaming\Mozilla\Firefox\Profiles\5gafkixm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.o2.pl

FF - plugin: d:\programy\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: d:\programy\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: d:\programy\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: d:\programy\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: d:\programy\Real Alternative\browser\plugins\nppl3260.dll

FF - plugin: d:\programy\Real Alternative\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

d:\programy\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

d:\programy\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

d:\programy\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

d:\programy\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

d:\programy\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-22 18:42

Windows 6.0.6001 Service Pack 1 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

 

- - - - - - - > 'winlogon.exe'(736)

c:\windows\system32\guard32.dll

 

- - - - - - - > 'lsass.exe'(636)

c:\windows\system32\guard32.dll

.

Czas ukończenia: 2010-02-22 18:45:29

ComboFix-quarantined-files.txt 2010-02-22 17:45

 

Przed: 549 687 296 bajtów wolnych

Po: 486 703 104 bajtów wolnych

 

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,11

- - End Of File - - 57F12047E6C957BCC8966984269DCCD2

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

Dołącz do dyskusji

Możesz dodać zawartość już teraz a zarejestrować się później. Jeśli posiadasz już konto, zaloguj się aby dodać zawartość za jego pomocą.

Gość
Dodaj odpowiedź do tematu...

×   Wklejono zawartość z formatowaniem.   Przywróć formatowanie

  Dozwolonych jest tylko 75 emoji.

×   Odnośnik został automatycznie osadzony.   Przywróć wyświetlanie jako odnośnik

×   Przywrócono poprzednią zawartość.   Wyczyść edytor

×   Nie możesz bezpośrednio wkleić grafiki. Dodaj lub załącz grafiki z adresu URL.

Ładowanie
×
Tematy
×
×
  • Dodaj nową pozycję...