Witam, otóż podłączając PenDrive po pewnym czasie zauważyłem że nie działa mi Menadżer zadań. Poszukałem więc troche po internecie lecz większość tematów nie pomogła, ponieważ podczas włączania opcji “uruchom” pojawia się taki błąd “Edycja rejestru została wyłączona przez administratora sieci”
Mój system to Windows XP
Tutaj mam loga:
ComboFix 10-07-08.02 - Adam Jastrzępski 2010-07-09 23:56:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3327.3019 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Adam Jastrzępski\Moje dokumenty\Pobieranie\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\P2PCore.dll
c:\program files\FlashGet Network\FlashGet 3\P2SCore.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_clock.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_disk.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\Gray\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\windows\Ic.Inf
c:\windows\system32\bpkr.exe
c:\windows\system32\inst.dat
c:\windows\system32\pk.bin
c:\windows\system32\rinst.exe
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
c:\windows\system32\sknc.dll
c:\windows\update.exe
Zainfekowana kopia c:\windows\system32\ws2_32.dll została znaleziona. Problem naprawiono
Plik odzyskano z - c:\windows\system32\dllcache\ws2_32.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
((((((((((((((((((((((((( Pliki utworzone od 2010-06-09 do 2010-07-09 )))))))))))))))))))))))))))))))
.
2010-07-09 21:16 . 2010-07-09 21:16 -------- d-----w- c:\program files\Lavasoft
2010-07-09 21:09 . 2010-07-09 21:09 -------- d-----w- c:\program files\Unlocker
2010-07-09 20:58 . 2010-07-09 20:58 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-07-08 14:56 . 2010-07-08 14:56 -------- d-----w- c:\program files\Counter-Strikefafa
2010-07-08 12:00 . 2010-07-08 12:00 -------- d-----w- c:\program files\Electronic Arts
2010-07-08 12:00 . 2005-06-24 14:24 438272 ----a-r- c:\windows\system32\vp6vfw.dll
2010-07-06 10:26 . 2010-07-07 12:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2010-07-05 12:20 . 2010-07-05 12:20 -------- d-----w- c:\program files\Metin2
2010-06-28 07:19 . 2010-06-28 07:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PMB Files
2010-06-28 07:19 . 2010-06-28 07:19 -------- d-----w- c:\program files\Pando Networks
2010-06-28 07:19 . 2010-06-28 07:19 -------- d-----w- c:\program files\GamersFirst
2010-06-28 06:36 . 2010-06-28 06:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-06-24 09:02 . 2010-07-08 14:21 70 ----a-w- c:\program files\Common Files\userInit.dll
2010-06-23 13:57 . 2010-06-23 13:57 27958 ----a-w- c:\program files\Common Files\logonInit.dll
2010-06-23 13:55 . 2010-06-23 13:57 -------- d-----w- c:\program files\ElfBot NG
2010-06-23 13:49 . 2010-07-07 15:36 -------- d-----w- c:\program files\Tibia81
2010-06-23 09:38 . 2010-06-25 17:53 -------- d-----w- c:\program files\Tibia854
2010-06-22 20:04 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-22 20:04 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-22 20:04 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-22 20:04 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-22 20:04 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-22 20:04 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-22 20:04 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-22 20:04 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-22 20:04 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-22 20:04 . 2010-06-22 20:04 -------- d-----w- c:\program files\Alwil Software
2010-06-22 20:04 . 2010-06-22 20:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software
2010-06-22 16:53 . 2010-06-23 09:07 -------- d-----w- c:\program files\Tibia98
2010-06-22 11:33 . 2010-06-22 11:33 -------- d-----w- c:\windows\IP LIST
2010-06-20 18:09 . 2010-06-20 18:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Backup
2010-06-20 13:46 . 2008-04-13 22:17 25856 -c–a-w- c:\windows\system32\dllcache\usbprint.sys
2010-06-20 13:46 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-06-19 18:53 . 2010-06-19 18:53 -------- d-----w- c:\program files\PowerMenu
2010-06-19 18:43 . 2010-06-19 18:43 -------- d-----w- c:\windows\Language
2010-06-19 18:43 . 2010-07-08 22:33 324 ----a-w- c:\windows\Last.dat
2010-06-19 18:43 . 2010-07-07 15:13 416 ----a-w- c:\windows\memlist.dat
2010-06-19 18:43 . 2010-06-19 18:43 9 ----a-w- c:\windows\Language.dat
2010-06-19 18:43 . 2009-12-21 14:15 108217 ----a-w- c:\windows\os4.exe
2010-06-19 18:43 . 2009-12-20 08:24 4 ----a-w- c:\windows\test.dat
2010-06-19 18:43 . 2009-02-26 10:46 176128 ----a-w- c:\windows\libcurl.dll
2010-06-19 18:43 . 2009-02-26 10:45 59904 ----a-w- c:\windows\zlib1.dll
2010-06-19 18:39 . 2010-07-08 11:36 -------- d-----w- c:\program files\Tibia
2010-06-17 20:13 . 2008-04-13 22:15 26112 -c–a-w- c:\windows\system32\dllcache\usbser.sys
2010-06-17 20:13 . 2008-04-13 22:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-06-15 16:28 . 2010-07-09 22:01 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
2010-06-15 16:28 . 2010-07-07 21:32 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-10 15:18 . 2010-06-29 20:40 -------- d-----w- C:\Downloads
2010-06-10 13:37 . 2010-06-10 13:37 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-10 13:36 . 2010-06-10 13:36 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-10 13:36 . 2010-06-10 13:36 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-10 13:36 . 2010-06-10 13:36 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-06-10 13:36 . 2010-06-10 13:36 -------- d-----w- c:\windows\system32\LogFiles
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 21:51 . 2009-08-08 18:54 -------- d-----w- c:\program files\Kalendarz XP
2010-07-08 12:00 . 2009-08-08 16:39 -------- d–h--w- c:\program files\InstallShield Installation Information
2010-07-07 21:32 . 2010-05-31 19:30 -------- d-----w- c:\program files\iPlus
2010-06-28 06:30 . 2010-06-28 06:30 2382039 ----a-w- c:\program files\ElfBot NG.rar
2010-06-25 07:07 . 2008-04-15 12:00 83880 ----a-w- c:\windows\system32\perfc015.dat
2010-06-25 07:07 . 2008-04-15 12:00 490628 ----a-w- c:\windows\system32\perfh015.dat
2010-06-21 12:35 . 2010-06-21 12:32 -------- d-----w- c:\program files\FrameShow
2010-06-17 20:13 . 2010-06-17 20:13 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-06-17 20:13 . 2010-06-17 20:13 0 —ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-15 18:36 . 2010-06-15 18:36 -------- d-----w- c:\program files\MSBuild
2010-06-15 18:36 . 2010-06-15 18:36 -------- d-----w- c:\program files\Reference Assemblies
2010-06-10 15:06 . 2009-08-28 16:58 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-10 13:47 . 2009-08-10 08:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-07 15:09 . 2010-06-07 15:09 -------- d-----w- c:\program files\CCleaner
2010-06-04 08:06 . 2010-06-04 08:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2010-06-04 08:00 . 2010-06-03 20:15 -------- d-----w- c:\program files\Ubisoft
2010-06-04 07:58 . 2010-06-04 07:58 -------- d-----w- c:\program files\Alcohol Soft
2010-06-04 07:57 . 2009-08-18 14:06 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-04 07:50 . 2010-06-04 07:50 -------- d-----w- c:\program files\Alcohol
2010-06-03 20:36 . 2010-06-03 20:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Solidshield
2010-06-02 21:46 . 2010-06-02 21:46 -------- d-----w- c:\program files\MSXML 4.0
2010-06-02 20:57 . 2010-06-02 20:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-06-02 20:47 . 2010-06-02 20:47 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-02 20:43 . 2010-06-02 20:43 -------- d-----w- c:\program files\Common Files\Java
2010-06-02 20:43 . 2010-06-02 20:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-02 20:43 . 2010-06-02 20:43 -------- d-----w- c:\program files\Java
2010-05-31 20:07 . 2010-05-31 20:07 0 ----a-w- c:\windows\nsreg.dat
2010-05-31 20:04 . 2010-05-31 20:04 -------- d-----w- c:\program files\ALLPlayer
2010-05-31 20:04 . 2010-05-31 20:04 -------- d-----w- c:\program files\NAPI-PROJEKT
2010-05-28 15:50 . 2010-05-28 15:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA
2010-05-06 10:35 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 14:05 . 2010-05-04 14:05 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10_userdata\ggbho.2.dll
2010-05-04 14:05 . 2010-05-04 14:05 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10_userdata\npgg.2.dll
2010-05-02 08:09 . 2008-04-15 12:00 1851520 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:34 . 2008-04-15 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-05-06 10:11 . 2010-05-31 20:13 777 ----a-w- c:\program files\trial_setup.ini
2004-05-06 10:11 . 2010-05-31 20:13 114176 ----a-w- c:\program files\trial_setup.exe
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-07-18 451872]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-01 153136]
“ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2010-03-23 1432064]
“Pando Media Booster”=“c:\program files\Pando Networks\Media Booster\PMB.exe” [2010-06-28 2937528]
“Gadu-Gadu 10”=“c:\program files\Gadu-Gadu 10\gg.exe” [2010-05-04 11981408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RTHDCPL”=“RTHDCPL.EXE” [2008-03-31 16857600]
“Gainward”=“c:\program files\VDOTool\TBPanel.exe” [2006-09-13 2154496]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-08-11 7630848]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2006-08-11 86016]
“QuickTime Task”=“c:\windows\system32\qttask.exe” [2009-08-08 98304]
“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe” [2003-12-08 32768]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-02-18 248040]
“UnlockerAssistant”=“c:\program files\Unlocker\UnlockerAssistant.exe” [2010-07-04 17408]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]
c:\documents and settings\Adam Jastrz©pski\Menu Start\Programy\Autostart\
ocs.exe [2000-8-7 12288]
raw32.dll [2009-12-10 37888]
update.exe [2010-6-19 484446]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-8-8 614400]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
“FirewallDisableNotify”=dword:00000001
“FirewallOverride”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“UacDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe”=
“d:\Gry\Need for Speed Most Wanted\speed.exe”=
“c:\Program Files\City Interactive\The Heat of War\System\Iwo.exe”=
“c:\Program Files\Gadu-Gadu 10\gg.exe”=
“d:\FinaLongju2\Server1Ch1.exe”=
“d:\FinaLongju2\Server2Ch1.exe”=
“c:\Program Files\Ubisoft\James Cameron’s AVATAR - THE GAME\bin\Avatar.exe”=
“c:\Program Files\Ubisoft\James Cameron’s AVATAR - THE GAME\bin\AvatarLauncher.exe”=
“c:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx9.exe”=
“c:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx10.exe”=
“c:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Launcher.exe”=
“d:\NovaMT2\NovaMt2\NovaMT2.exe”=
“d:\cs\cstrike.exe”=
“d:\cs\hl.exe”=
“d:\Program Files\Ubisoft\Brothers in Arms Road to Hill 30\System\bia.exe”=
“d:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe”=
“d:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe”=
“d:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe”=
“c:\WINDOWS\system32\PnkBstrA.exe”=
“c:\WINDOWS\system32\PnkBstrB.exe”=
“d:\Metin2\metin2.bin”=
“d:\FinaLongju2\DreamLongju lucher.exe”=
“d:\SuckMT2\pack\game.exe”=
“d:\ÍřÂçÓÎĎ·\´´ĘŔÁúľÔ\???2010.5.29.exe”=
“c:\Documents and Settings\Adam Jastrzępski\Pulpit\Metin2\Metin2Mod.bin”=
“c:\Documents and Settings\Adam Jastrzępski\Pulpit\Nowy folder (2)\ElfBot NG 8.54\navserv.exe”=
“c:\Documents and Settings\Adam Jastrzępski\Pulpit\ÍřÂçÓÎĎ·\´´ĘŔÁúľÔ\Metin2Mod.bin”=
“c:\Documents and Settings\Adam Jastrzępski\Pulpit\ÍřÂçÓÎĎ·\´´ĘŔÁúľÔ\???2010.5.29.exe”=
“c:\Program Files\Pando Networks\Media Booster\PMB.exe”=
“c:\Documents and Settings\Adam Jastrzępski\Pulpit\Metin2\zzyok spol by DrAluFelg.exe”=
“d:\Metin2United\Metin2client.bin”=
“d:\Metin2lol\Yitian2.exe”=
“d:\Metin2lol\MijagiMt2 spol by DrAlufelg.exe”=
“d:\Metin2lol\metin2client.bin”=
“d:\Metin2lol\Metin2Mod.bin”=
“d:\Metin2lol\xFkYT2 by Schittset.exe”=
“d:\Metin2lol\0_universe_mt2_spol_by_sejg.exe”=
“d:\Metin2lol\IsusaMT2_dawmar37_4_MPCFORUM.exe”=
“d:\Metin2lol\cRimeMT2 spol by GheddoStylE.exe”=
“d:\Metin2lol\0_lryt2_spol_by_lost.exe”=
“d:\Metin2lol\cRimeMT2 spol by mikepolak.exe”=
“d:\Metin2United\mc.exe”=
“d:\Metin2lol\YaliMt2 spol by Kraczuss.exe”=
“d:\Metin2lol\blacknight by becatech.exe”=
“d:\Metin2lol\MCmetinPRO.exe”=
“d:\Metin2lol\MoonMt2_by_dawmar37.exe”=
“d:\Metin2lol\0_soulmt2_bywrobelptak1.exe”=
“d:\Metin2lol\LpYT2.exe”=
“d:\Metin2lol\0_spolszczenie_zzyt2_by_macius156.exe”=
“c:\Documents and Settings\Adam Jastrzępski\Pulpit\Nowy folder (2)\Evo by Bartex012\By Bartex012.exe”=
“c:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe”=
“c:\Documents and Settings\Adam Jastrzępski\Pulpit\Nowy folder (2)\Multi IP Changer.exe”=
“c:\Program Files\Mozilla Firefox\firefox.exe”=
“c:\WINDOWS\RTHDCPL.EXE”=
“c:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe”=
“c:\Documents and Settings\Adam Jastrzępski\Pulpit\csss\cstrike.exe”=
“c:\WINDOWS\system32\qttask.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“59057:TCP”= 59057:TCP:Pando Media Booster
“59057:UDP”= 59057:UDP:Pando Media Booster
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-06-22 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-06-22 19024]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-08-08 1176192]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 PavProc;Panda Process Protection Driver;??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 wh78;wh78;??\c:\documents and settings\Adam Jastrzępski\Pulpit\WallHack - sXe-I 7.8 all fixes\wh78.sys --> c:\documents and settings\Adam Jastrzępski\Pulpit\WallHack - sXe-I 7.8 all fixes\wh78.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-18 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 525600 -c–a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.flashget.com/
IE: Download all by FlashGet3 - c:\documents and settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetUrl.htm
IE: ???3?? - c:\documents and settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetUrl.htm
IE: ???3??? - c:\documents and settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetAllUrl.htm
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
Notify-LogonInit - logonInit.dll
AddRemove-FlashGet 3.5 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe
**************************************************************************
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki:
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-436374069-413027322-1417001333-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@=“c:\Documents and Settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetUrl.htm”
“contexts”=dword:00000022
[HKEY_USERS\S-1-5-21-436374069-413027322-1417001333-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@=“c:\Documents and Settings\Adam Jastrzępski\Dane aplikacji\FlashGetBHO\GetAllUrl.htm”
“contexts”=dword:000000f3
[HKEY_USERS\S-1-5-21-436374069-413027322-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{1F7BCB2F-8675-C5E4-E82E-F9C660CDEA7F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
“oaophkikcdfamaccnnocflebiilihh”=hex:61,69,65,65,63,65,6b,6d,63,6c,6e,68,67,6f,
66,70,62,63,67,68,68,68,70,61,61,69,6a,6c,61,69,61,6e,61,6c,6f,70,6d,63,68,\
“iahppjlkgajcahohho”=hex:6a,61,6c,65,64,62,65,63,65,66,6d,6c,6d,66,67,6a,64,64,
62,6c,00,00
“hanpbnijepmckeod”=hex:6a,61,6c,65,64,62,65,63,65,66,6d,6c,6d,66,67,6a,64,64,
62,6c,00,00
[HKEY_USERS\S-1-5-21-436374069-413027322-1417001333-1004\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
“??”=hex:62,ff,64,74,be,95,46,38,31,5c,87,7d,87,b7,5b,1c,e5,cb,ca,12,40,a5,cc,
82,e5,e3,a2,e8,3c,ea,d9,87,25,03,cd,69,9e,cc,9c,6b,7a,cc,68,be,10,ab,78,4e,\
“??”=hex:08,4b,cb,64,7f,e7,34,a9,67,49,05,9b,a8,87,83,b8
[HKEY_USERS\S-1-5-21-436374069-413027322-1417001333-1004\Software\SecuROM\License information*]
“datasecu”=hex:94,7f,4e,bf,57,13,38,cc,c4,f8,d3,c8,71,51,3c,57,88,63,29,87,14,
89,29,32,63,c6,76,4c,62,23,1c,2e,f9,19,20,29,c0,f0,76,cc,ae,84,a3,9d,27,76,\
“rkeysecu”=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘explorer.exe’(3956)
-
-
-
-
-
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Kalendarz XP\Kalendarz.exe
c:\documents and settings\Adam Jastrzępski\Menu Start\Programy\Autostart\ocs.exe
c:\documents and settings\Adam Jastrzępski\Menu Start\Programy\Autostart\update.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2010-07-10 00:04:12 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-07-09 22:04
Przed: 28 391 903 232 bajtów wolnych
Po: 28 222 767 104 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect
-
- End Of File - - CDC5F3B807FE98B2EB6C0DD9AEB9FD03