Log z combofix-Win pokazuje,że pendrive pełny


(Bartehz) #1

Proszę o sprawdzenie logu z Combofixa.

ComboFix 09-08-24.06 - AA 2009-09-26 20:23.4.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.3327.2778 [GMT 2:00]

Uruchomiony z: C:\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -

.


((((((((((((((((((((((((( Pliki utworzone od 2009-08-26 do 2009-09-26 )))))))))))))))))))))))))))))))

.


2009-09-22 21:29 . 2009-09-22 21:31	--------	d-----w-	c:\documents and settings\AA\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files

2009-09-21 08:25 . 2009-09-21 08:26	--------	d-----w-	c:\program files\Java

2009-09-16 19:06 . 2009-09-16 19:06	--------	d-----w-	c:\windows\system32\XPSViewer

2009-09-16 19:06 . 2009-09-16 19:06	--------	d-----w-	c:\program files\MSBuild

2009-09-16 19:06 . 2009-09-16 19:06	--------	d-----w-	c:\program files\Reference Assemblies

2009-09-16 19:06 . 2008-07-06 12:06	89088	-c----w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-09-16 19:06 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll

2009-09-16 19:06 . 2008-07-06 12:06	575488	-c----w-	c:\windows\system32\dllcache\xpsshhdr.dll

2009-09-16 19:06 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll

2009-09-16 19:06 . 2008-07-06 12:06	1676288	-c----w-	c:\windows\system32\dllcache\xpssvcs.dll

2009-09-16 19:06 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll

2009-09-16 19:06 . 2008-07-06 10:50	597504	-c----w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-09-16 19:05 . 2009-09-16 19:05	--------	d-----w-	c:\program files\MSXML 6.0

2009-09-16 17:32 . 2009-09-16 19:09	--------	d-----w-	c:\windows\system32\CatRoot_bak

2009-09-16 17:27 . 2009-09-16 17:27	--------	d-----w-	c:\windows\ServicePackFiles

2009-09-16 17:27 . 2009-09-16 17:27	--------	d-----w-	c:\program files\MSXML 4.0

2009-09-16 17:20 . 2008-06-14 18:01	273024	-c----w-	c:\windows\system32\dllcache\bthport.sys

2009-09-16 17:20 . 2008-06-14 18:01	273024	------w-	c:\windows\system32\drivers\bthport.sys

2009-09-16 17:15 . 2009-02-09 11:52	2017280	-c----w-	c:\windows\system32\dllcache\ntkrpamp.exe

2009-09-16 17:15 . 2009-02-09 11:52	2181760	-c----w-	c:\windows\system32\dllcache\ntoskrnl.exe

2009-09-16 17:15 . 2009-02-09 11:52	2059008	-c----w-	c:\windows\system32\dllcache\ntkrnlpa.exe

2009-09-16 17:15 . 2009-02-09 11:52	2137600	-c----w-	c:\windows\system32\dllcache\ntkrnlmp.exe

2009-09-16 17:09 . 2008-10-24 11:10	453632	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys

2009-09-16 15:53 . 2009-09-21 08:29	--------	d--h--w-	c:\windows\$hf_mig$

2009-09-15 20:59 . 2009-09-15 20:59	--------	d-----w-	c:\program files\Common Files\Java

2009-09-15 20:01 . 2009-09-15 20:01	--------	d-s---w-	c:\documents and settings\AA\UserData

2009-09-10 11:47 . 2008-10-10 02:52	452440	----a-w-	c:\windows\system32\d3dx10_40.dll

2009-09-10 11:47 . 2008-10-10 02:52	2036576	----a-w-	c:\windows\system32\D3DCompiler_40.dll

2009-09-10 11:47 . 2008-10-10 02:52	4379984	----a-w-	c:\windows\system32\D3DX9_40.dll

2009-09-10 11:47 . 2008-10-27 08:04	514384	----a-w-	c:\windows\system32\XAudio2_3.dll

2009-09-10 11:47 . 2008-10-27 08:04	70992	----a-w-	c:\windows\system32\XAPOFX1_2.dll

2009-09-10 11:47 . 2008-10-27 08:04	235856	----a-w-	c:\windows\system32\xactengine3_3.dll

2009-09-10 11:47 . 2008-10-27 08:04	23376	----a-w-	c:\windows\system32\X3DAudio1_5.dll

2009-09-10 11:45 . 2007-04-04 16:55	261480	----a-w-	c:\windows\system32\xactengine2_7.dll

2009-09-10 11:39 . 2009-09-10 11:39	--------	d-----w-	c:\program files\DirectX

2009-09-10 10:37 . 2009-09-10 11:16	--------	d-----w-	c:\program files\Debugging Tools for Windows (x86)

2009-09-09 18:44 . 2009-09-09 18:44	--------	d-----w-	c:\documents and settings\AA\Ustawienia lokalne\Dane aplikacji\{7148F0A6-6813-11D6-A77B-00B0D0142130}

2009-09-09 17:56 . 2009-09-09 17:56	--------	d-----w-	c:\documents and settings\AA\Ustawienia lokalne\Dane aplikacji\{7148F0A6-6813-11D6-A77B-00B0D0142000}

2009-09-07 09:57 . 2009-09-07 09:57	--------	d-----w-	c:\program files\Combined Community Codec Pack

2009-09-07 09:51 . 2009-09-07 09:51	--------	d-----w-	c:\documents and settings\AA\Dane aplikacji\Media Player Classic

2009-09-07 09:46 . 2009-09-07 09:46	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Apple Computer

2009-09-07 09:46 . 2009-09-07 09:46	--------	d-----w-	c:\program files\QuickTime Alternative

2009-09-03 08:59 . 2009-09-03 08:59	--------	d-----r-	c:\documents and settings\AA\Dane aplikacji\Brother

2009-08-31 11:14 . 2009-08-31 11:14	--------	d-----w-	c:\windows\Sun

2009-08-31 11:13 . 2009-08-31 11:13	411368	----a-w-	c:\windows\system32\deploytk.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-26 18:19 . 2001-10-26 16:15	555626	----a-w-	c:\windows\system32\perfh015.dat

2009-09-26 18:19 . 2001-10-26 16:15	117550	----a-w-	c:\windows\system32\perfc015.dat

2009-09-26 16:45 . 2009-08-18 21:58	--------	d-----w-	c:\program files\Nokia

2009-09-26 16:11 . 2009-08-11 15:58	51096	----a-w-	c:\documents and settings\AA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-09-24 19:09 . 2009-08-11 17:27	--------	d-----w-	c:\documents and settings\AA\Dane aplikacji\Winamp

2009-09-05 20:36 . 2009-08-11 17:42	--------	d-----w-	c:\program files\NAPI-PROJEKT

2009-09-04 17:56 . 2009-08-11 17:46	--------	d-----w-	c:\program files\Gadu-Gadu

2009-09-02 22:54 . 2009-08-11 16:58	--------	d-----w-	c:\program files\Opera

2009-08-25 08:56 . 2009-08-25 08:55	3184368	----a-r-	C:\ComboFix.exe

2009-08-23 18:35 . 2009-08-11 20:29	--------	d-----w-	c:\program files\ICeQ

2009-08-23 13:26 . 2009-08-23 13:26	--------	d-----w-	c:\program files\ESET

2009-08-23 13:26 . 2009-08-23 13:26	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ESET

2009-08-18 21:59 . 2009-08-18 21:58	--------	d-----w-	c:\documents and settings\AA\Dane aplikacji\PC Suite

2009-08-18 21:59 . 2009-08-18 21:58	--------	d-----w-	c:\documents and settings\AA\Dane aplikacji\Nokia

2009-08-18 21:59 . 2009-08-18 21:59	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-08-18 21:59 . 2009-08-18 21:59	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-08-18 21:58 . 2009-08-18 21:58	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PC Suite

2009-08-18 21:58 . 2009-08-18 21:58	--------	d-----w-	c:\program files\Common Files\PCSuite

2009-08-18 21:58 . 2009-08-18 21:58	--------	d-----w-	c:\program files\Common Files\Nokia

2009-08-18 21:58 . 2009-08-18 21:58	--------	d-----w-	c:\program files\DIFX

2009-08-18 21:58 . 2009-08-18 21:58	--------	d-----w-	c:\program files\PC Connectivity Solution

2009-08-18 21:57 . 2009-08-18 21:57	95232	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe

2009-08-18 21:57 . 2009-08-18 21:57	8192	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe

2009-08-18 21:57 . 2009-08-18 21:57	61440	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-08-18 21:57 . 2009-08-18 21:57	10240	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe

2009-08-18 21:57 . 2009-08-18 21:57	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Installations

2009-08-18 21:55 . 2009-08-18 21:58	33984304	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_pol_web.exe

2009-08-18 20:55 . 2009-08-11 20:32	--------	d-----w-	c:\program files\mp3DirectCut

2009-08-18 10:35 . 2009-08-11 17:14	--------	d-----w-	c:\program files\Summa

2009-08-18 09:40 . 2009-08-17 12:13	--------	d-----w-	c:\program files\SummaWinplot

2009-08-17 14:18 . 2009-08-17 14:18	50	----a-w-	c:\windows\system32\bridf08b.dat

2009-08-17 14:18 . 2009-08-17 14:13	--------	d-----w-	c:\program files\Brother

2009-08-17 14:13 . 2009-08-11 15:52	--------	d--h--w-	c:\program files\InstallShield Installation Information

2009-08-17 14:13 . 2009-08-17 14:13	--------	d-----w-	c:\documents and settings\AA\Dane aplikacji\InstallShield

2009-08-17 14:12 . 2009-08-17 14:12	10134	----a-r-	c:\documents and settings\AA\Dane aplikacji\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe

2009-08-17 14:12 . 2009-08-17 14:12	--------	d-----w-	c:\program files\Nuance

2009-08-17 14:11 . 2009-08-17 14:11	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\InstallShield

2009-08-17 14:11 . 2009-08-17 14:11	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ScanSoft

2009-08-17 14:11 . 2009-08-17 14:11	--------	d-----w-	c:\program files\Common Files\ScanSoft Shared

2009-08-17 14:11 . 2009-08-11 15:51	--------	d-----w-	c:\program files\Common Files\InstallShield

2009-08-17 14:11 . 2009-08-17 14:11	--------	d-----w-	c:\program files\ScanSoft

2009-08-17 14:10 . 2009-08-17 14:10	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Brother

2009-08-12 17:10 . 2009-08-11 15:44	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-08-12 13:44 . 2009-08-11 17:09	--------	d-----w-	c:\program files\SubEdit-Player

2009-08-12 10:25 . 2009-08-12 10:25	--------	d-----w-	c:\documents and settings\AA\Dane aplikacji\Corel

2009-08-12 08:49 . 2009-08-11 15:52	--------	d-----w-	c:\program files\ATI Technologies

2009-08-12 08:34 . 2009-08-12 08:34	--------	d-----w-	c:\program files\AtiHotKey

2009-08-12 06:32 . 2009-08-12 06:32	--------	d-----w-	c:\program files\Summa Cutter Tools

2009-08-11 20:47 . 2009-08-11 20:47	--------	d-----w-	c:\program files\SopCast

2009-08-11 19:04 . 2009-08-11 19:04	--------	d-----w-	c:\program files\Lavalys

2009-08-11 18:57 . 2009-08-11 18:57	--------	d-----w-	c:\program files\Ashampoo

2009-08-11 18:00 . 2009-08-11 17:59	--------	d-----w-	c:\program files\Corel

2009-08-11 17:57 . 2009-08-11 17:57	--------	d-----w-	c:\documents and settings\AA\Dane aplikacji\Gadu-Gadu

2009-08-11 17:44 . 2009-08-11 16:13	--------	d-----w-	c:\program files\Common Files\Adobe

2009-08-11 17:42 . 2009-08-11 17:42	--------	d-----w-	c:\program files\ALLPlayer

2009-08-11 17:28 . 2009-08-11 17:27	--------	d-----w-	c:\program files\Winamp

2009-08-11 16:59 . 2009-08-11 16:59	0	----a-w-	c:\windows\nsreg.dat

2009-08-11 16:50 . 2009-08-11 16:50	--------	d-----w-	c:\program files\SAGEM

2009-08-11 16:17 . 2009-08-11 16:17	--------	d-----w-	c:\program files\ASUS

2009-08-11 16:17 . 2009-08-11 16:17	12288	----a-w-	c:\windows\system32\drivers\EIO64_xp.sys

2009-08-11 16:05 . 2009-08-11 16:05	--------	d-----w-	c:\program files\Intel

2009-08-11 16:02 . 2009-08-11 16:02	--------	d-----w-	c:\program files\Realtek

2009-08-11 15:58 . 2009-08-11 15:58	--------	d-----w-	c:\documents and settings\AA\Dane aplikacji\ATI

2009-08-11 15:58 . 2009-08-11 15:58	0	----a-w-	c:\windows\ativpsrm.bin

2009-08-11 15:54 . 2009-08-11 15:54	9158	----a-r-	c:\documents and settings\AA\Dane aplikacji\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe

2009-08-11 15:54 . 2009-08-11 15:54	--------	d-----w-	c:\program files\Common Files\ATI Technologies

2009-08-11 15:45 . 2009-08-11 15:45	--------	d-----w-	c:\program files\microsoft frontpage

2009-08-11 15:44 . 2009-08-11 15:44	--------	d-----w-	c:\program files\Usługi online

2009-08-11 15:42 . 2009-08-11 15:42	21856	----a-w-	c:\windows\system32\emptyregdb.dat

2009-08-05 09:08 . 2004-08-03 22:44	205312	----a-w-	c:\windows\system32\mswebdvd.dll

2009-07-29 04:54 . 2004-08-03 22:44	119808	----a-w-	c:\windows\system32\t2embed.dll

2009-07-29 04:54 . 2001-10-26 17:29	82432	----a-w-	c:\windows\system32\fontsub.dll

2009-07-17 18:57 . 2004-08-03 22:43	58880	----a-w-	c:\windows\system32\atl.dll

2009-07-13 00:18 . 2004-08-03 22:44	233472	----a-w-	c:\windows\system32\wmpdxm.dll

.


((((((((((((((((((((((((((((( SnapShot_2009-09-26_18.05.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2001-08-17 21:30 . 2009-09-26 18:19	92520 c:\windows\system32\perfc009.dat

+ 2001-08-17 21:30 . 2009-09-26 18:19	482228 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"bluebirds"="c:\documents and settings\AA\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-06-26 380928]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Remove AtiHotKey"="c:\program files\AtiHotKey\AtiHotKey.exe" [2005-08-01 19968]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]


c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=


R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-05-14 94360]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-08-11 93696]

R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-08-11 38400]

S3 SUMMAUSB;Summa Cutter USB port 1 v6.2;c:\windows\system32\drivers\XPSP2USB.sys [2007-06-21 19968]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\AA\Dane aplikacji\Mozilla\Firefox\Profiles\8ohb7y9m.default\

FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.PL

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-26 20:23

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(900)

c:\windows\system32\Ati2evxx.dll


- - - - - - - > 'explorer.exe'(4028)

c:\program files\SubEdit-Player\codec\MatroskaSplitter\mmfinfo.dll

c:\program files\SubEdit-Player\codec\MatroskaSplitter\mkunicode.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL

.

Czas ukończenia: 2009-09-26 20:24

ComboFix-quarantined-files.txt 2009-09-26 18:24

ComboFix2.txt 2009-09-26 18:06

ComboFix3.txt 2009-08-25 12:52

ComboFix4.txt 2009-08-25 09:03


Przed: 92 284 166 144 bajtów wolnych

Po: 92 235 145 216 bajtów wolnych


261	--- E O F ---	2009-09-18 08:26

(deFco247) #2

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link.

Log czysty.

Start -> Uruchom... -> Combofix /u

Czy są konkretnie jakieś problemy, że wklejasz od razu log z Combofixa?


(Asterisk) #3

Proszę zastosować się do tego Tematu i edytować własnego posta

w celu zmiany jego tytułu na konkretny oraz opisania problemu .

W przeciwnym razie topic wyląduje w Śmietniku.


(Bartehz) #4

Mój problem dotyczy dokładniej tego tematu: skasowaniu-plikow-pendrive-jest-nadal-pelny-t355597.html

"Start -> Uruchom... -> Combofix /u"

Można wiedzieć co to jest? Gdy tak robię, to system pokazuje komunikat, że Combofix został odinstalowany. Ten komunikat kasuje Combofixa. Ściągam, robię log, jest okej. Wpisuję to, co każesz i usuwa mi Combofixa. Co oznaczają te 3 kropki? Coś tam miałem później wpisać czy to pełna nazwa: "Uruchom..."?


(deFco247) #5

Taka jest pełna nazwa tej funkcji w Menu Start. :slight_smile:

To dobrze, że usuwa Combofixa - go i tak na dysku się nie trzyma.


(Bartehz) #6

Heh, boże, jaki ja głupi :stuck_out_tongue: Przecież wiadomo, że /u to usunięcie :smiley: Sam robię format w taki sposób. eh :stuck_out_tongue:

Dzięki za pomoc. Jeżeli log czysty, to może wiesz dlaczego mam coś takiego z pendrivem?


(deFco247) #7

Ja też bym polecił wyzerowanie.