Witam,
Nie mogę wejść na strony darmowych antywirusow.
Tu log z ComboFixa
ComboFix 10-12-14.07 - Tomek 2010-12-15 17:53:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.512.122 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Tomek\Moje dokumenty\Pobieranie\ComboFix.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2010-11-15 do 2010-12-15 )))))))))))))))))))))))))))))))
.
2010-12-14 14:47 . 2010-12-14 15:03 -------- d-----w- c:\program files\Torrent Master
2010-12-11 14:41 . 2010-12-11 14:41 -------- d-----w- c:\documents and settings\NetworkService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\Apple
2010-12-09 22:14 . 2010-12-09 22:14 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-12-05 10:43 . 2010-02-15 18:00 94208 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-12-05 10:43 . 2010-02-15 18:00 140864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-12-05 10:43 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-05 10:43 . 2010-12-05 10:43 -------- d-----w- c:\program files\Real Alternative
2010-12-05 10:41 . 2010-12-05 10:41 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Apple Computer
2010-12-05 10:38 . 2010-12-05 10:38 -------- d-----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Apple
2010-12-05 10:37 . 2010-12-05 10:37 -------- d-----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Apple Computer
2010-12-05 09:38 . 2010-12-05 09:38 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\BabylonToolbar
2010-12-05 09:37 . 2010-12-05 09:37 -------- d-----w- c:\program files\Babylon
2010-12-05 09:36 . 2010-12-05 09:36 -------- d-----w- c:\program files\FoxTabFlvPlayer
2010-12-04 22:52 . 2010-12-04 22:52 -------- d-----w- c:\program files\7-Zip
2010-12-04 22:48 . 2010-12-04 22:48 -------- d-----w- c:\program files\Common Files\Hypnotizer
2010-12-04 22:48 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2010-12-02 16:54 . 2010-12-02 16:54 -------- d-----w- c:\program files\Xvid
2010-12-02 16:54 . 2009-06-07 15:25 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-02 16:54 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-02 16:54 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-02 16:51 . 2010-12-02 16:54 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\BESTplayer
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 98304]
"Gainward"="c:\program files\Vtune\TBPanel.exe" [2007-04-23 2158592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6691:TCP"= 6691:TCP:ebvhqztk
S2 edecjcp;Manager Security;c:\windows\system32\svchost.exe -k netsvcs [2006-03-02 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
edecjcp
.
Zawartość folderu 'Zaplanowane zadania'
2010-12-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.babylon.com/home?AF=15627
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\j4iyh0ph.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=15627
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=15627&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: oSokker: osokker@bluezero - %profile%\extensions\osokker@bluezero
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 17:58
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\edecjcp]
"ServiceDll"="c:\windows\system32\mskeqe.dll"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Czas ukończenia: 2010-12-15 18:00:18
ComboFix-quarantined-files.txt 2010-12-15 17:00
Przed: 6 251 253 760 bajtów wolnych
Po: 7 067 181 056 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 52AC517607E78B6AD198A2F4244127F0