widzę że chyba nikt mi nie pomoże, to jakieś nowe paskudztwo ale przywróciłam system do kilku dni wstecz i narazie tego nie ma -zobaczymy na ile pomogło wiem że czasami one się kopiują i nawet po przywróceniu systemu znowu są po pewnym czasie ale zobaczymy, gdyby jednak ktoś spotkał sie z takim problem to chętnie wysłucham rad jak to zawalczyć,
– Dodane 10.06.2009 (Śr) 22:37 –
dobrze usunę to hijack thisem, ale z tym combofix mam mały problem bo adawre nie moge wyłączyć więc chciałam go odinstalować ale nie udało mi się wszystkich komponentów i te co zostały nie chcą sie wcale dać usunąc i blokuja combofia ale zobaczę
– Dodane 10.06.2009 (Śr) 22:55 –
usunęłam te zaznaczonem i zobaczę teraz z tym combofixem
– Dodane 10.06.2009 (Śr) 23:21 –
za nic w świecie nie mogę usunąc adaware i tym samym nie mogę uruchomić combofix bo zniszczy komputer może sprubuje jeszcze z czegoś innego zrobić skan
– Dodane 11.06.2009 (Cz) 0:46 –
wklejam z combofixa
ComboFix 09-06-09.06 - magda wladca 10/06/2009 23:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.1318 [GMT 1:00]
Running from: c:\users\magda wladca\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
D:\desktop.ini
.
((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.
2009-06-10 22:30 . 2009-06-10 22:30 -------- d-----w- c:\users\magda wladca\AppData\Local\temp
2009-06-10 21:33 . 2009-06-10 21:33 -------- d-sh–w- \Config.Msi
2009-06-10 20:27 . 2009-06-10 20:27 -------- d-----w- c:\windows\CheckSur
2009-06-10 20:23 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 20:23 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 20:18 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-10 18:44 . 2009-06-10 18:44 -------- d-----w- C:\rsit
2009-06-10 18:44 . 2009-06-10 18:44 -------- d-----w- \rsit
2009-06-10 18:31 . 2009-06-10 18:31 -------- d-----w- C:_OTL
2009-06-10 18:31 . 2009-06-10 18:31 -------- d-----w- _OTL
2009-06-10 17:51 . 2009-06-10 17:51 -------- d-----w- c:\users\magda wladca\DoctorWeb
2009-06-10 17:22 . 2009-06-10 22:28 -------- d—a-w- \Qoobox
2009-06-10 16:56 . 2009-06-10 16:56 -------- d-----w- c:\program files\Trend Micro
2009-06-10 16:03 . 2009-06-10 16:03 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Uniblue
2009-06-10 15:57 . 2009-06-10 15:58 -------- d-----w- c:\users\magda wladca\spóldzielnia 1
2009-06-02 14:51 . 2009-06-02 14:51 -------- d-----w- c:\program files\Alternative Software Ltd
2009-05-31 13:56 . 2009-05-31 13:56 -------- d-----w- c:\users\magda wladca.dvdcss
2009-05-25 19:07 . 2009-05-25 19:08 -------- d-----w- c:\users\magda wladca\allegro
2009-05-22 11:24 . 2009-05-22 11:24 -------- d-----w- c:\program files\Sega
2009-05-21 16:45 . 2009-05-21 16:45 -------- d-----w- c:\users\magda wladca\AppData\Local\Apps
2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-21 16:07 . 2009-05-21 16:07 -------- d-----w- c:\program files\ESET
2009-05-21 15:46 . 2009-05-21 15:46 -------- d-----w- c:\users\magda wladca\AppData\Local\WindowsUpdate
2009-05-20 19:48 . 2009-03-27 00:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-05-20 19:48 . 2009-05-20 19:48 -------- d-----w- c:\program files\CPUID
2009-05-19 19:50 . 2009-05-19 19:50 -------- d-----w- c:\users\magda wladca\AppData\Local\PC_Drivers_Headquarters
2009-05-19 18:12 . 2009-06-10 22:01 2147016704 --sha-w- \hiberfil.sys
2009-05-19 16:54 . 2009-05-20 18:15 -------- d-----w- c:\users\magda wladca\AppData\Local\eSupport.com
2009-05-17 16:26 . 2009-05-17 16:27 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-05-17 16:24 . 2009-05-17 16:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-05-17 15:23 . 2008-05-16 18:31 768544 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-17 15:23 . 2008-05-16 18:31 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-05-17 15:23 . 2008-05-16 18:31 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2009-05-17 15:22 . 2008-05-16 18:31 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-17 15:21 . 2008-05-16 10:48 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-05-17 15:15 . 2009-05-17 15:15 -------- d-sh–w- C:\found.002
2009-05-17 15:15 . 2009-05-17 15:15 -------- d-sh–w- \found.002
2009-05-17 15:09 . 2009-05-17 15:17 1356 ----a-w- c:\users\magda wladca\AppData\Local\d3d9caps.dat
2009-05-16 17:36 . 2009-05-16 17:36 -------- d-----w- c:\users\magda wladca\AppData\Roaming\ATI
2009-05-16 17:36 . 2009-05-16 17:36 -------- d-----w- c:\users\magda wladca\AppData\Local\ATI
2009-05-16 17:31 . 2009-05-16 17:31 0 ----a-w- c:\windows\ativpsrm.bin
2009-05-16 17:30 . 2009-02-04 05:02 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 17:29 . 2009-05-16 17:29 10134 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{DC5D5D1D-E60F-E748-01BD-4AB0278B5AA0}\ARPPRODUCTICON.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 22:01 . 2009-05-19 18:12 2147016704 --sha-w- \hiberfil.sys
2009-06-10 22:01 . 2009-02-10 03:23 2460819456 --sha-w- \pagefile.sys
2009-06-10 21:49 . 2009-02-11 19:57 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Skype
2009-06-10 21:33 . 2009-02-11 19:47 -------- d-----w- c:\programdata\Lavasoft
2009-06-10 19:35 . 2009-05-10 16:36 -------- d-----w- c:\users\magda wladca\AppData\Roaming\IrfanView
2009-06-10 19:35 . 2009-02-13 14:08 -------- d-----w- c:\programdata\HP Product Assistant
2009-06-02 14:52 . 2009-02-15 19:29 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-05-27 18:59 . 2009-02-11 20:12 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-22 18:30 . 2009-05-22 18:30 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-22 18:23 . 2009-02-11 19:25 78832 ----a-w- c:\users\magda wladca\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-17 16:31 . 2009-05-17 16:31 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-05-17 15:29 . 2009-05-02 21:33 -------- d-----w- c:\programdata\NVIDIA
2009-05-16 11:34 . 2009-05-08 12:36 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-05-16 11:21 . 2009-05-08 12:36 -------- d-----w- c:\programdata\Logishrd
2009-05-14 08:40 . 2009-05-10 12:05 -------- d-----w- c:\programdata\Kodak
2009-05-13 12:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 10:52 . 2009-05-10 12:06 -------- d-----w- c:\program files\Kodak
2009-05-10 16:36 . 2009-05-10 16:36 -------- d-----w- c:\program files\IrfanView
2009-05-10 09:38 . 2009-05-08 12:43 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-05-09 19:06 . 2009-02-16 17:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-09 12:32 . 2009-05-09 12:30 -------- d-----w- c:\program files\Microsoft LifeCam
2009-05-08 19:23 . 2009-05-01 13:24 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Samsung
2009-05-08 12:42 . 2009-05-08 12:42 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Leadertech
2009-05-08 12:36 . 2009-05-08 12:36 -------- d-----w- c:\programdata\Logitech
2009-05-07 17:44 . 2009-05-07 17:44 -------- d-----w- c:\programdata\Zylom
2009-05-07 17:44 . 2009-05-07 17:44 -------- d-----w- c:\program files\Zylom Games
2009-05-07 16:26 . 2009-05-07 16:26 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-05 16:10 . 2009-05-05 16:10 -------- d-----w- c:\users\magda wladca\AppData\Roaming\HP
2009-05-02 19:52 . 2009-05-02 19:50 -------- d–h--w- c:\program files\Temp
2009-05-02 19:51 . 2009-05-02 19:51 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-02 19:51 . 2009-05-02 19:51 -------- d-----w- c:\program files\Realtek
2009-05-02 17:55 . 2009-05-02 17:55 4570 ----a-w- c:\program files\Uninst.isu
2009-05-02 17:55 . 2009-05-02 17:55 202 ----a-w- c:\program files\UNINSTALL.INF
2009-05-02 17:55 . 2009-05-02 17:55 216 ----a-w- c:\program files\TLCRUN.INI
2009-05-01 13:22 . 2009-05-01 13:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-05-01 13:03 . 2009-02-12 14:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-01 12:57 . 2009-05-01 12:57 -------- d-----w- c:\program files\Samsung
2009-04-27 10:18 . 2009-02-13 14:03 141228 ----a-w- c:\windows\hpoins14.dat
2009-04-22 19:02 . 2009-04-22 19:04 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-20 12:41 . 2009-04-19 12:59 -------- d-----w- c:\program files\BearShare Applications
2009-04-19 17:29 . 2009-04-19 12:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-19 13:25 . 2009-04-19 13:25 -------- d-----w- c:\program files\SkanerOnline
2009-04-19 12:16 . 2009-04-19 12:09 -------- d-----w- c:\users\magda wladca\AppData\Roaming\uTorrent
2009-04-16 16:23 . 2009-05-02 19:50 540672 ----a-w- c:\windows\RtlExUpd.dll
2009-04-14 15:32 . 2009-05-02 19:51 1784352 ----a-w- c:\windows\system32\WavesLib.dll
2009-04-14 15:31 . 2009-05-02 19:51 1123872 ----a-w- c:\windows\system32\RtkPgExt.dll
2009-04-14 15:31 . 2009-05-02 19:51 55840 ----a-w- c:\windows\system32\RtkCoInst.dll
2009-04-14 15:31 . 2009-05-02 19:51 326176 ----a-w- c:\windows\system32\RtkApoApi.dll
2009-04-14 15:31 . 2009-05-02 19:51 2529824 ----a-w- c:\windows\system32\RtkAPO.dll
2009-04-14 15:12 . 2009-05-02 19:51 2358560 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2009-04-13 16:36 . 2009-02-15 22:13 -------- d-----w- c:\program files\INTERIAPL
2009-03-27 09:03 . 2009-03-27 09:03 795104 ----a-w- c:\windows\system32\dpinst.exe
2009-03-25 14:06 . 2009-05-02 19:51 142848 ----a-w- c:\windows\system32\AERTACap.dll
2009-03-24 10:10 . 2009-05-07 17:44 114688 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-03-22 19:33 . 2009-03-22 19:33 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-03-22 19:33 . 2009-03-22 19:33 8854 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\Uninstall_GameShadow_F7C1C17E70E3475FBD52EA554391F15D.exe
2009-03-22 19:33 . 2009-03-22 19:33 45056 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2009-03-22 19:33 . 2009-03-22 19:33 45056 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2009-03-22 19:33 . 2009-03-22 19:33 45056 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\ARPPRODUCTICON.exe
2009-03-17 03:38 . 2009-04-16 15:35 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 15:35 24064 ----a-w- c:\windows\system32\amxread.dll
2001-08-22 18:47 . 2009-05-02 17:55 487473 ----a-w- c:\program files\scooby.exe
2001-05-16 11:20 . 2009-05-02 17:55 57344 ----a-w- c:\program files\UNINSTALL.EXE
2000-09-01 14:22 . 2009-05-02 17:55 25196 ----a-w- c:\program files\object.ini
2000-07-11 13:14 . 2009-05-02 17:55 286208 ----a-w- c:\program files\binkw32.dll
1999-05-21 12:29 . 2009-05-02 17:55 21504 ----a-w- c:\program files\TLCRUN.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-03-03 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”
[HKLM~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0x0)
“DisableUnicastResponsesToMulticastBroadcast”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“TCP Query User{CBA96156-DD0B-44F6-9263-6FF073935FEF}d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe”= UDP:d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
“UDP Query User{AA4A59D0-2EC1-49F8-A0F5-8F6F181B0F35}d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe”= TCP:d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
“TCP Query User{FADC1AEF-3C5E-43E4-8FD2-C18580DAE78A}c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe”= UDP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
“UDP Query User{88FCBD92-62F5-4CA0-8796-550ABFD283AC}c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe”= TCP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
“TCP Query User{B99ACCA7-BFF5-4E71-9D45-D6B7EDCACB5A}d:\skype\phone\skype.exe”= UDP:d:\skype\phone\skype.exe:Skype
“UDP Query User{9B7D4783-F98F-4261-9C2E-3AD634F2C368}d:\skype\phone\skype.exe”= TCP:d:\skype\phone\skype.exe:Skype
“TCP Query User{15F4CEE4-3312-422B-818F-1E96305ED73F}d:\skype\phone\skype.exe”= UDP:d:\skype\phone\skype.exe:skype.exe
“UDP Query User{A84EE7DB-865D-4E54-8E17-F760DB7684F2}d:\skype\phone\skype.exe”= TCP:d:\skype\phone\skype.exe:skype.exe
“{16705AED-C95D-44EB-AAA8-E2AE9A6FFB81}”= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
“{64000EC6-E04A-48C6-B442-5A07DD1B27E5}”= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
“{ADC7E007-AFE8-46AC-99EF-5057B547CFCD}”= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
“{93B3F5E3-40D5-4FA6-BCC1-A9F78330E01A}”= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
“{311B26D5-70B4-422E-9355-BB359B514777}”= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
“{88E8BD17-9BA4-4633-B116-96F9BB9BDDEE}”= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
“{24046821-0EF2-41D7-A68A-0F177573BE52}”= UDP:d:\program files\uTorrent.exe:µTorrent (TCP-In)
“{DDAA77D7-7151-4297-AF4A-041A4E4C61DD}”= TCP:d:\program files\uTorrent.exe:µTorrent (UDP-In)
“{CBA8F30C-9768-4822-8BC3-2AAC78A0458A}”= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
“{0CA612B3-CEF5-4A26-8342-027734EA9C31}”= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
“{69F0EC66-FBEB-4F49-BF99-F9259D7FAFFB}”= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
“{C73B2A91-3D19-4D8E-B12C-643CD7051267}”= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
“{4A7A00C8-9E90-45F3-951B-DCFBE4E7D55B}”= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
“{63A67053-AE64-48B4-9743-B61D3D71BB42}”= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
“TCP Query User{56B04AC4-C04F-46F8-A9AC-74AC30CBC56B}c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe”= UDP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
“UDP Query User{6A85B810-CE50-4F74-919A-A51904C58C8C}c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe”= TCP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22/04/2009 20:04 64160]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [06/02/2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [06/02/2009 14:24 92800]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;“c:\program files\Lavasoft\Ad-Aware\AAWService.exe” --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 mks_services;mks_vir;“d:\program files\bin\mks_services.exe” --> d:\program files\bin\mks_services.exe [?]
S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [20/05/2009 20:48 12672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\System32\rundll32.exe” “c:\windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder
2009-06-10 c:\windows\Tasks\User_Feed_Synchronization-{928A14A2-4C5D-4C40-BAF3-9ADE04E8771A}.job
- c:\windows\system32\msfeedssync.exe [2009-04-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.onet.pl/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mks.com.pl
TCP: {5BE7CE20-F3F9-4C5C-8CF8-0F493CA04EA1} = 172.31.140.69 172.30.140.69
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow … ab_nvd.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 23:30
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
c:\users\MAGDAW~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Completion time: 2009-06-10 23:31
ComboFix-quarantined-files.txt 2009-06-10 22:31
Pre-Run: 22,003,646,464 bytes free
Post-Run: 24,728,739,840 bytes free
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
236 — E O F — 2009-06-10 20:43
– Dodane 11.06.2009 (Cz) 11:24 –
wkleiłam loga z combofixa czekam na jakąś opinie dzięki