witam
przeskanowałem dwa komputery programem combofix i adaware , i po tym zabiegu mam problem z otwieraniem płyt z filmami. tzn nie chodzi o samo odtwarzanie filmu ale nawet o otwarcie płyty w celu przegrania lub zobaczenia plików. napędy otwierają bez problemu płyty z plikami np obraz systemu, jednak filmy dvd z gazety czy nagrywane - własne nie chcą się uruchomić ani nawet wyświetlić w postaci plików.
czy ktoś ma jakie kolwiek pojęcie co się mogło podziać ?
logi z combofixa
ComboFix 09-08-30.04 - Administrator 08/31/2009 16:09.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1527.870
[GMT 2:00]
Uruchomiony z: G:\ComboFix.exe
AV: Panda Global Protection 2009 *On-access scanning enabled*
(Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2009 *enabled*
{7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
((((((((((((((((((((((((((((((((((((((( Usunięto
)))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ActiveSpeed_setup.exe
C:\inst.exe
c:\recycler\S-1-5-21-2052704981-3719797522-999930565-500
c:\recycler\S-1-5-21-790525478-436374069-682003330-1003
c:\windows\hosts
c:\windows\Installer\14e151b.msi
c:\windows\Installer\3760fec.msi
c:\windows\Installer\46601.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\temp.exe
c:\windows\UA000035.DLL
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi
)))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NWCWORKSTATION
-------\Service_NWCWorkstation
((((((((((((((((((((((((( Pliki utworzone od 2009-07-28 do
2009-08-31 )))))))))))))))))))))))))))))))
.
2009-08-31 14:01 . 2009-08-31
14:01 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-31 14:01 . 2009-07-03
14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-31 14:01 . 2009-08-31 14:01 -------- dc-h--w- c:\documents and
settings\All Users\Dane
aplikacji\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-31 14:01 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and
settings\All Users\Dane
aplikacji\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-31 14:01 . 2009-08-31 14:01 -------- d-----w- c:\documents and
settings\All Users\Dane aplikacji\Lavasoft
2009-08-31 14:01 . 2009-08-31 14:01 -------- d-----w- c:\program files\Lavasoft
2009-08-31 13:58 . 2009-08-31
14:15 99256 ----a-w- c:\windows\system32\drivers\av5flt.sys
2009-08-18 15:35 . 2009-08-18 15:35 -------- d-----w- C:\1808.FPP
2009-08-13 03:30 . 2009-07-10
13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05
09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 16:40 . 2009-08-04 16:40 -------- d-----w- C:\0408.FPP
2009-08-03 17:51 . 2009-08-03 17:51 -------- d-----w- C:\0308.FPP
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 14:17 . 2007-11-06 15:29 -------- d-----w- c:\documents and
settings\Administrator\Dane aplikacji\Hamachi
2009-08-31 14:16 . 2008-12-16
14:28 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-08-31 14:16 . 2008-12-16
14:28 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-08-31 14:04 . 2008-12-16
14:28 333624 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-08-31 14:04 . 2008-12-16
14:28 333624 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-08-31 13:10 . 2009-02-10 09:15 -------- d-----w- c:\program
files\Mozilla Thunderbird
2009-08-31 09:55 . 2005-10-10 12:54 -------- d-----w- c:\documents and
settings\Administrator\Dane aplikacji\OpenOffice.org1.9.98
2009-08-29 06:23 . 2009-04-09 10:27 -------- d-----w- c:\program
files\Serwer wydruków graficznych dla CDN Klasyka
2009-08-27 08:10 . 2009-03-24 08:27 -------- d-----w- c:\documents and
settings\Administrator\Dane aplikacji\Winamp
2009-08-05 09:01 . 2004-08-04
12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 10:07 . 2005-10-07 17:39 -------- d-----w- c:\program
files\OpenOffice.org1.1.4
2009-07-17 19:04 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2004-08-04
12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:59 . 2004-08-04
12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:59 . 2004-08-04
12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2004-08-04
12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:27 . 2004-08-04
12:00 732160 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-08-04
12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-08-04
12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-08-04
12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:27 . 2004-08-04
12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-08-04
12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04
12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:40 . 2004-08-04
12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-04
12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2004-08-04
12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-04
12:00 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-04
12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:22 . 2005-05-18
19:35 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-04
12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-04
12:00 1294848 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 04:08 . 2009-06-03 04:08 390664 ----a-w- c:\documents and
settings\Administrator\Dane
aplikacji\Real\RealPlayer\Update\RealPlayer11.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp
Toolbar\winamptb.dll" [2009-02-19 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
[2003-10-31 32768]
"OrderReminder"="c:\program
files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30
98304]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 147456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"MPTBox"="c:\program files\Canon\MultiPASS4\MPTBox.exe" [2001-12-12 151552]
"DellNSCST_GRNCH"="c:\program files\DELL\Dell Laser MFP
1815\NetworkScan\DNSCST.exe" [2006-12-05 278528]
"TkBellExe"="c:\program files\Common
Files\Real\Update_OB\realsched.exe" [2008-05-05 185896]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection
2009\APVXDWIN.EXE" [2009-07-15 881920]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection
2009\Inicio.exe" [2008-07-07 50432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader
9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"EPSS"="c:\program files\Software Tools\Enterprise Pro Surveillance
System(Basic)\EPSS.exe" [2008-11-05 1462378]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
- c:\windows\system32\Hdaudpropshortcut.exe [2004-08-12 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-11-6 625952]
Skr˘t do Startup.lnk - c:\procyon\Startup.exe [2006-5-24 553984]
Skr˘t do start_r.lnk - c:\documents and
settings\Administrator\Pulpit\start_r.bat [2005-10-7 61]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Serwer wydruk˘w graficznych dla CDN Klasyka.lnk - c:\program
files\Serwer wydruk˘w graficznych dla CDN Klasyka\RpWinKla.exe
[2009-4-9 237568]
Skanowanie sieciowe.lnk - c:\program files\DELL\Dell Laser MFP
1815\NetworkScan\DNSCST.exe [2008-3-4 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\avldr]
2008-03-18 15:58 58672 ----a-w- c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft
Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\DVR\\Encode.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/31/2009 4:01 PM 64160]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys
[12/16/2008 4:25 PM 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS
[12/16/2008 4:27 PM 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys
[12/16/2008 4:28 PM 52992]
R1 FNETMON;NetMon Filter
Plugin;c:\windows\system32\drivers\fnetmon.sys [12/16/2008 4:27 PM
22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys
[12/16/2008 4:28 PM 193792]
R1 NETFLTDI;Panda Net Driver [TDI
Layer];c:\windows\system32\drivers\NETFLTDI.SYS [12/16/2008 4:27 PM
158848]
R1 ShldDrv;Panda File Shield
Driver;c:\windows\system32\drivers\ShlDrv51.sys [12/16/2008 4:25 PM
41144]
R1 WNMFLT;Wifi Monitor Filter
Plugin;c:\windows\system32\drivers\wnmflt.sys [12/16/2008 4:28 PM
46720]
R2 ATS;Absolute Time Server;c:\program files\Flexiblesoft\ATS\ats.exe
[12/10/2003 9:04 PM 1087488]
R2 Core;Core;c:\procyon\Coreservice.exe [4/26/2006 12:16 AM 902656]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k
Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection
Driver;c:\windows\system32\drivers\PavProc.sys [12/16/2008 4:25 PM
179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda
Security\Panda Global Protection 2009\psksvc.exe [12/16/2008 4:27 PM
28928]
R3 AvFlt;Antivirus Filter
Driver;c:\windows\system32\drivers\av5flt.sys [8/31/2009 3:58 PM
99256]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport
v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [12/16/2008 4:26 PM
197888]
R3 SNXPCARD;Sunix PCI Multi I/O Card
Driver;c:\windows\system32\drivers\snxpcard.sys [4/30/2007 5:28 PM
20864]
R3 SNXPSERX;Sunix PCI Serial Port
Driver;c:\windows\system32\drivers\snxpserx.sys [4/30/2007 5:31 PM
54528]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program
files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 4:49 PM 1029456]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys -->
c:\windows\system32\Drivers\SSPORT.sys [?]
S3 cg300;cg300VidCap;c:\windows\system32\drivers\cg300vc.sys
[7/31/2006 8:28 PM 13468]
S3 cg300Au;cg300 Audio Capture;c:\windows\system32\drivers\cg300Au.sys
[7/31/2006 8:30 PM 17167]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys -->
c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys -->
c:\windows\system32\PavTPK.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TW68AUD;Service for TW6802 Audio Driver
(WDM);c:\windows\system32\drivers\TW68AUD.sys [5/16/2008 4:21 PM
18048]
S3 XVVideo;%ETHER XVDriver%;c:\windows\system32\drivers\tw6802.sys
[4/30/2007 5:16 PM 24064]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - CORE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Zawartość folderu 'Zaplanowane zadania'
2009-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
2009-08-27 c:\windows\Tasks\Podstawowe porządkowanie.job
- c:\program files\Panda Security\Panda Global Protection
2009\PlaTasks.exe [2008-12-16 16:55]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-VideoViewer - c:\program files\VideoViewer\VideoViewer.exe
HKLM-Run-SpeedTouch USB Diagnostics - c:\program
files\Thomson\SpeedTouch USB\Dragdiag.exe
.
------- Skan uzupełniający -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://192.168.1.16/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Dane
aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Trusted Zone: com.pl\www.cdn
TCP: {16FDCB17-180E-4C18-8A85-D429BE3D9920} = 194.204.159.1,194.204.152.34
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://192.168.1.16/webrec.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dane
aplikacji\Mozilla\Firefox\Profiles\s83yzysn.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - prefs.js: keyword.URL -
hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js -
pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js -
pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js -
pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 16:16
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ATS]
"ImagePath"="c:\program files\Flexiblesoft\ATS\ats.exe
/startedbyscm:C29554C0-40E289BB-ATCService"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami
---------------------
- - - - - - - > 'winlogon.exe'(1520)
c:\windows\system32\avldr.dll
- - - - - - - > 'explorer.exe'(2712)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Panda Security\Panda Global Protection 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\Panda Security\Panda Global Protection 2009\PAVSRV51.EXE
c:\program files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\Panda Security\Panda Global Protection 2009\FIREWALL\PSHost.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
c:\program files\Serwer wydruków graficznych dla CDN Klasyka\RpWinKla.exe
c:\procyon\GraphicView.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-08-31 16:22 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-08-31 14:22
Przed: 38,220,161,024 bajtów wolnych
Po: 38,483,607,552 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /noexecute=optin /fastdetect
306 --- E O F --- 2009-08-26 05:07