Combofix -problem z odtwarzaniem płyt dvd


(system) #1

witam

przeskanowałem dwa komputery programem combofix i adaware , i po tym zabiegu mam problem z otwieraniem płyt z filmami. tzn nie chodzi o samo odtwarzanie filmu ale nawet o otwarcie płyty w celu przegrania lub zobaczenia plików. napędy otwierają bez problemu płyty z plikami np obraz systemu, jednak filmy dvd z gazety czy nagrywane - własne nie chcą się uruchomić ani nawet wyświetlić w postaci plików.

czy ktoś ma jakie kolwiek pojęcie co się mogło podziać ?

logi z combofixa

ComboFix 09-08-30.04 - Administrator 08/31/2009 16:09.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1527.870

[GMT 2:00]

Uruchomiony z: G:\ComboFix.exe

AV: Panda Global Protection 2009 *On-access scanning enabled*

(Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}

FW: Panda Personal Firewall 2009 *enabled*

{7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

.


((((((((((((((((((((((((((((((((((((((( Usunięto

)))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\ActiveSpeed_setup.exe

C:\inst.exe

c:\recycler\S-1-5-21-2052704981-3719797522-999930565-500

c:\recycler\S-1-5-21-790525478-436374069-682003330-1003

c:\windows\hosts

c:\windows\Installer\14e151b.msi

c:\windows\Installer\3760fec.msi

c:\windows\Installer\46601.msi

c:\windows\Installer\WMEncoder.msi

c:\windows\system32\drivers\Sonyhcp.dll

c:\windows\temp.exe

c:\windows\UA000035.DLL


.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi

)))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_NWCWORKSTATION

-------\Service_NWCWorkstation



((((((((((((((((((((((((( Pliki utworzone od 2009-07-28 do

2009-08-31 )))))))))))))))))))))))))))))))

.


2009-08-31 14:01 . 2009-08-31

14:01 -------- dc----w- c:\windows\system32\DRVSTORE

2009-08-31 14:01 . 2009-07-03

14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-08-31 14:01 . 2009-08-31 14:01 -------- dc-h--w- c:\documents and

settings\All Users\Dane

aplikacji\{EF63305C-BAD7-4144-9208-D65528260864}

2009-08-31 14:01 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and

settings\All Users\Dane

aplikacji\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe

2009-08-31 14:01 . 2009-08-31 14:01 -------- d-----w- c:\documents and

settings\All Users\Dane aplikacji\Lavasoft

2009-08-31 14:01 . 2009-08-31 14:01 -------- d-----w- c:\program files\Lavasoft

2009-08-31 13:58 . 2009-08-31

14:15 99256 ----a-w- c:\windows\system32\drivers\av5flt.sys

2009-08-18 15:35 . 2009-08-18 15:35 -------- d-----w- C:\1808.FPP

2009-08-13 03:30 . 2009-07-10

13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:01 . 2009-08-05

09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-04 16:40 . 2009-08-04 16:40 -------- d-----w- C:\0408.FPP

2009-08-03 17:51 . 2009-08-03 17:51 -------- d-----w- C:\0308.FPP


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M

))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-31 14:17 . 2007-11-06 15:29 -------- d-----w- c:\documents and

settings\Administrator\Dane aplikacji\Hamachi

2009-08-31 14:16 . 2008-12-16

14:28 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck

2009-08-31 14:16 . 2008-12-16

14:28 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG

2009-08-31 14:04 . 2008-12-16

14:28 333624 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck

2009-08-31 14:04 . 2008-12-16

14:28 333624 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT

2009-08-31 13:10 . 2009-02-10 09:15 -------- d-----w- c:\program

files\Mozilla Thunderbird

2009-08-31 09:55 . 2005-10-10 12:54 -------- d-----w- c:\documents and

settings\Administrator\Dane aplikacji\OpenOffice.org1.9.98

2009-08-29 06:23 . 2009-04-09 10:27 -------- d-----w- c:\program

files\Serwer wydruków graficznych dla CDN Klasyka

2009-08-27 08:10 . 2009-03-24 08:27 -------- d-----w- c:\documents and

settings\Administrator\Dane aplikacji\Winamp

2009-08-05 09:01 . 2004-08-04

12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 10:07 . 2005-10-07 17:39 -------- d-----w- c:\program

files\OpenOffice.org1.1.4

2009-07-17 19:04 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 08:08 . 2004-08-04

12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 15:59 . 2004-08-04

12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:59 . 2004-08-04

12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 15:59 . 2004-08-04

12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-25 08:27 . 2004-08-04

12:00 732160 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2004-08-04

12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2004-08-04

12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2004-08-04

12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:27 . 2004-08-04

12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2004-08-04

12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2004-08-04

12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:40 . 2004-08-04

12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2004-08-04

12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:45 . 2004-08-04

12:00 78336 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:45 . 2004-08-04

12:00 82944 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-10 14:15 . 2004-08-04

12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:22 . 2005-05-18

19:35 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:16 . 2004-08-04

12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:11 . 2004-08-04

12:00 1294848 ----a-w- c:\windows\system32\quartz.dll

2009-06-03 04:08 . 2009-06-03 04:08 390664 ----a-w- c:\documents and

settings\Administrator\Dane

aplikacji\Real\RealPlayer\Update\RealPlayer11.exe

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru

))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp

Toolbar\winamptb.dll" [2009-02-19 1262888]


[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"

[2003-10-31 32768]

"OrderReminder"="c:\program

files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30

98304]

"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 147456]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]

"MPTBox"="c:\program files\Canon\MultiPASS4\MPTBox.exe" [2001-12-12 151552]

"DellNSCST_GRNCH"="c:\program files\DELL\Dell Laser MFP

1815\NetworkScan\DNSCST.exe" [2006-12-05 278528]

"TkBellExe"="c:\program files\Common

Files\Real\Update_OB\realsched.exe" [2008-05-05 185896]

"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection

2009\APVXDWIN.EXE" [2009-07-15 881920]

"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection

2009\Inicio.exe" [2008-07-07 50432]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader

9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]

"EPSS"="c:\program files\Software Tools\Enterprise Pro Surveillance

System(Basic)\EPSS.exe" [2008-11-05 1462378]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"

- c:\windows\system32\Hdaudpropshortcut.exe [2004-08-12 61952]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-02-21 13783040]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]


c:\documents and settings\Administrator\Menu Start\Programy\Autostart\

hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-11-6 625952]

Skr˘t do Startup.lnk - c:\procyon\Startup.exe [2006-5-24 553984]

Skr˘t do start_r.lnk - c:\documents and

settings\Administrator\Pulpit\start_r.bat [2005-10-7 61]


c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Serwer wydruk˘w graficznych dla CDN Klasyka.lnk - c:\program

files\Serwer wydruk˘w graficznych dla CDN Klasyka\RpWinKla.exe

[2009-4-9 237568]

Skanowanie sieciowe.lnk - c:\program files\DELL\Dell Laser MFP

1815\NetworkScan\DNSCST.exe [2008-3-4 278528]


[HKEY_LOCAL_MACHINE\software\microsoft\windows

nt\currentversion\winlogon\notify\avldr]

2008-03-18 15:58 58672 ----a-w- c:\windows\system32\avldr.dll


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft

Ad-Aware Service]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\DVR\\Encode.exe"=

"c:\\Program Files\\Hamachi\\hamachi.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)


R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/31/2009 4:01 PM 64160]

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys

[12/16/2008 4:25 PM 28544]

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS

[12/16/2008 4:27 PM 73728]

R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys

[12/16/2008 4:28 PM 52992]

R1 FNETMON;NetMon Filter

Plugin;c:\windows\system32\drivers\fnetmon.sys [12/16/2008 4:27 PM

22072]

R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys

[12/16/2008 4:28 PM 193792]

R1 NETFLTDI;Panda Net Driver [TDI

Layer];c:\windows\system32\drivers\NETFLTDI.SYS [12/16/2008 4:27 PM

158848]

R1 ShldDrv;Panda File Shield

Driver;c:\windows\system32\drivers\ShlDrv51.sys [12/16/2008 4:25 PM

41144]

R1 WNMFLT;Wifi Monitor Filter

Plugin;c:\windows\system32\drivers\wnmflt.sys [12/16/2008 4:28 PM

46720]

R2 ATS;Absolute Time Server;c:\program files\Flexiblesoft\ATS\ats.exe

[12/10/2003 9:04 PM 1087488]

R2 Core;Core;c:\procyon\Coreservice.exe [4/26/2006 12:16 AM 902656]

R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k

Panda --> c:\windows\system32\svchost -k Panda [?]

R2 PavProc;Panda Process Protection

Driver;c:\windows\system32\drivers\PavProc.sys [12/16/2008 4:25 PM

179640]

R2 PskSvcRetail;Panda PSK service;c:\program files\Panda

Security\Panda Global Protection 2009\psksvc.exe [12/16/2008 4:27 PM

28928]

R3 AvFlt;Antivirus Filter

Driver;c:\windows\system32\drivers\av5flt.sys [8/31/2009 3:58 PM

99256]

R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport

v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [12/16/2008 4:26 PM

197888]

R3 SNXPCARD;Sunix PCI Multi I/O Card

Driver;c:\windows\system32\drivers\snxpcard.sys [4/30/2007 5:28 PM

20864]

R3 SNXPSERX;Sunix PCI Serial Port

Driver;c:\windows\system32\drivers\snxpserx.sys [4/30/2007 5:31 PM

54528]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program

files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 4:49 PM 1029456]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys -->

c:\windows\system32\Drivers\SSPORT.sys [?]

S3 cg300;cg300VidCap;c:\windows\system32\drivers\cg300vc.sys

[7/31/2006 8:28 PM 13468]

S3 cg300Au;cg300 Audio Capture;c:\windows\system32\drivers\cg300Au.sys

[7/31/2006 8:30 PM 17167]

S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys -->

c:\windows\system32\PavSRK.sys [?]

S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys -->

c:\windows\system32\PavTPK.sys [?]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 TW68AUD;Service for TW6802 Audio Driver

(WDM);c:\windows\system32\drivers\TW68AUD.sys [5/16/2008 4:21 PM

18048]

S3 XVVideo;%ETHER XVDriver%;c:\windows\system32\drivers\tw6802.sys

[4/30/2007 5:16 PM 24064]


--- Inne Usługi/Sterowniki w Pamięci ---


*NewlyCreated* - CORE


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

.

Zawartość folderu 'Zaplanowane zadania'


2009-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]


2009-08-27 c:\windows\Tasks\Podstawowe porządkowanie.job

- c:\program files\Panda Security\Panda Global Protection

2009\PlaTasks.exe [2008-12-16 16:55]

.

- - - - USUNIĘTO PUSTE WPISY - - - -


HKCU-Run-VideoViewer - c:\program files\VideoViewer\VideoViewer.exe

HKLM-Run-SpeedTouch USB Diagnostics - c:\program

files\Thomson\SpeedTouch USB\Dragdiag.exe



.

------- Skan uzupełniający -------

.

uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://192.168.1.16/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Winamp Search - c:\documents and settings\All Users\Dane

aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

Trusted Zone: com.pl\www.cdn

TCP: {16FDCB17-180E-4C18-8A85-D429BE3D9920} = 194.204.159.1,194.204.152.34

DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://192.168.1.16/webrec.cab

FF - ProfilePath - c:\documents and settings\Administrator\Dane

aplikacji\Mozilla\Firefox\Profiles\s83yzysn.default\

FF - prefs.js: browser.search.defaulturl -

hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/

FF - prefs.js: keyword.URL -

hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll


---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js -

pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js -

pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js -

pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js -

pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js -

pref("geo.wifi.uri", "https://www.google.com/loc/json");

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by

Gmer, http://www.gmer.net

Rootkit scan 2009-08-31 16:16

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...


skanowanie ukrytych wpisów autostartu ...


skanowanie ukrytych plików ...


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ATS]

"ImagePath"="c:\program files\Flexiblesoft\ATS\ats.exe

/startedbyscm:C29554C0-40E289BB-ATCService"

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami

---------------------


- - - - - - - > 'winlogon.exe'(1520)

c:\windows\system32\avldr.dll


- - - - - - - > 'explorer.exe'(2712)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Panda Security\Panda Global Protection 2009\PsCtrlS.exe

c:\program files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe

c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe

c:\program files\Panda Security\Panda Global Protection 2009\PsImSvc.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\wdfmgr.exe

c:\program files\RealVNC\VNC4\winvnc4.exe

c:\program files\Panda Security\Panda Global Protection 2009\PAVSRV51.EXE

c:\program files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE

c:\program files\Panda Security\Panda Global Protection 2009\FIREWALL\PSHost.exe

c:\program files\Panda Security\Panda Global Protection 2009\PavBckPT.exe

c:\program files\Serwer wydruków graficznych dla CDN Klasyka\RpWinKla.exe

c:\procyon\GraphicView.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2009-08-31 16:22 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-08-31 14:22


Przed: 38,220,161,024 bajtów wolnych

Po: 38,483,607,552 bajtów wolnych


WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP

Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP

Professional" /noexecute=optin /fastdetect


306 --- E O F --- 2009-08-26 05:07