Cześć
A-squared wykrył w moim komputerze 5 trojanów.Chciałbym mieć 100% pewność ,że ich już nie ma.Dlatego proszę o pomoc.
"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "D:\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {HKLM...CLSID} = "PropPage Class"
\InProcServer32\(Default) = "C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll" ["Symantec Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Default executables:
--------------------
<> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
MSPlayCDAudioOnArrival\
"Provider" = "ALLPlayer"
"InvokeProgID" = "AllPlayerFile"
"InvokeVerb" = "play"
HKCU\Software\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\ALLPlayer\ALLPlayer.exe" "%1"" ["ALLPlayer"]
Startup items in "FOTO" & "All Users" startup folders:
------------------------------------------------------
C:\Documents and Settings\FOTO\Menu Start\Programy\Autostart
"ERUNT AutoBackup" -> shortcut to: "C:\Program Files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow" [null data]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Ralink Wireless Utility" -> shortcut to: "C:\Program Files\RALINK\Common\RaUI.exe -s" ["Ralink Technology, Corp."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "D:\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "D:\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
a-squared Free Service, a2free, ""C:\Program Files\a-squared Free\a2service.exe"" ["Emsi Software GmbH"]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
GhostStartService, GhostStartService, "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe" ["Symantec Corporation"]
O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"]
---------- (launch time: 2009-03-07 11:27:34)
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 34 seconds.
---------- (total run time: 97 seconds)
ComboFix 09-03-04.01 - FOTO 2009-03-07 11:40:14.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.255.119 [GMT 1:00]
Uruchomiony z: c:\documents and settings\FOTO\Pulpit\logi\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090306-0] *On-access scanning disabled* (Updated)
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-07 do 2009-03-07 )))))))))))))))))))))))))))))))
.
Nie utworzono żadnych nowych plików w tym okresie
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 21:45 --------- d-----w c:\program files\Team17
2009-02-03 19:16 --------- d-----w c:\program files\OO Software
2009-02-02 12:23 81,984 ----a-w c:\windows\system32\bdod.bin
2009-02-02 11:57 --------- d-----w c:\program files\Raxco
2009-02-02 10:37 --------- d-----w c:\program files\BitDefender
2009-02-02 09:57 --------- d-----w c:\program files\ALLPlayer
2009-02-01 09:40 --------- d-----w c:\program files\VS Revo Group
2009-01-31 20:42 --------- d-----w c:\program files\ERUNT
2009-01-31 11:59 --------- d-----w c:\program files\Odkurzacz
2008-12-23 21:25 249,592 ----a-w c:\windows\system32\cssdll32.dll
.
------- Sigcheck -------
2004-08-04 00:44 14336 ba98327e90022dbd6ee76490e0622e2e c:\windows\system32\svchost.exe
2004-08-04 00:44 14336 ba98327e90022dbd6ee76490e0622e2e c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 19:21 14336 8607d35d92528e2df386f19a960d23ce c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\svchost.exe
2001-10-26 17:30 12800 b3c95bfeef6781a82a1c429f466a3a11 c:\windows\$NtServicePackUninstall$\svchost.exe
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 c:\windows\system32\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 c:\windows\system32\dllcache\user32.dll
2004-08-04 00:44 578560 0c81764f50f32d376e6e4b9e9f4b01a0 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 19:20 580096 a435c5c069afd901751ac323ad238793 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\user32.dll
2005-03-02 20:21 578560 6a93565be9b8422eb7538c66ac732d76 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51 579584 11abdecc02efc1d2b6a6a0fa46c26594 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2002-09-20 17:04 561664 3a4892a57cfe05d61e4bbc3ec3e24a63 c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-04 00:44 82944 ab82237486b727dd7dab36a76f38a3a2 c:\windows\system32\ws2_32.dll
2004-08-04 00:44 82944 ab82237486b727dd7dab36a76f38a3a2 c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 19:20 82432 c0aa2ab856680c44739b41e01f5bd4e9 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ws2_32.dll
2001-10-26 17:29 75264 9b7d1c56cc12d806314b853bf52ecb4c c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-06-23 18:42 826368 15c09e8a74a0988fb2f24eff9d68d886 c:\windows\system32\wininet.dll
2008-06-23 18:42 826368 15c09e8a74a0988fb2f24eff9d68d886 c:\windows\system32\dllcache\wininet.dll
2004-08-04 00:44 658944 d37dafb534ac8343d59a1b501abe852c c:\windows\ServicePackFiles\i386\wininet.dll
2008-04-14 19:20 668672 0457f0afd6ee10445d8cf721fb5fa4eb c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\wininet.dll
2008-06-23 18:42 826368 15c09e8a74a0988fb2f24eff9d68d886 c:\windows\SoftwareDistribution\Download\a446573125167845eb48bcbe6a194592\SP2GDR\wininet.dll
2008-06-23 17:41 827904 e02939ebf940d5eb274903f58154dc56 c:\windows\SoftwareDistribution\Download\a446573125167845eb48bcbe6a194592\SP2QFE\wininet.dll
2008-02-16 11:32 668672 193f94d811881d00867aeb1d6780f44f c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 08:58 669184 e937ccfe8348f56c46c14c8a7e26f71b c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 08:44 668672 4f1ea30f3e4fb419e1637d9eb082662f c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 08:41 669184 a3c7b35454f87a0635c73e8cb5a36d1f c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 18:16 669696 bc26f2968396842367b02730435dd588 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 17:13 668672 28fa0fd33916ebebc3e0dc1410f48651 c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 16:57 669184 9ea369835e233f077c0d832676a29d40 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-06-23 17:41 827904 e02939ebf940d5eb274903f58154dc56 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-06-23 17:41 662016 32dc67b19496a88850c892cadf8366e3 c:\windows\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
2002-09-20 17:05 601600 4965c02574610e9b2d1e18d63d11a772 c:\windows\$NtServicePackUninstall$\wininet.dll
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\drivers\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2002-08-29 00:58 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:44 504832 0344407089b08548d4feba62bb0f32d0 c:\windows\system32\winlogon.exe
2004-08-04 00:44 504832 0344407089b08548d4feba62bb0f32d0 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 19:21 510464 51fd2e13d723857b9ca239ae77150f48 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\winlogon.exe
2002-09-20 17:05 519168 8b6e6bb5d451f8bbc0621203b687d993 c:\windows\$NtServicePackUninstall$\winlogon.exe
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ndis.sys
2002-08-29 01:09 167552 3b350e5a2a5e951453f3993275a4523a c:\windows\$NtServicePackUninstall$\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ip6fw.sys
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d c:\windows\system32\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d c:\windows\system32\dllcache\ntkrnlpa.exe
2004-08-04 00:38 2058112 44d1bc1b05e0c7c82e81687b79c653c7 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 18:29 2067200 4bba965664faa56b187c27f4cad7e7c5 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ntkrnlpa.exe
2005-03-02 20:14 2058240 35d11fdc381536ab95e3005489131f44 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09 2060672 2f4a36b1b03d64fb176cb0f3eb597118 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2002-09-20 17:18 1949184 79d262478c985e736deb38ce2224fc75 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c c:\windows\system32\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c c:\windows\system32\dllcache\ntoskrnl.exe
2004-08-04 00:39 2182272 dcf53422b7edded3b7431fbae4a7ee3f c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 18:30 2190336 8ca14ecf04594eabbe93c9ff2e3cbfb1 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ntoskrnl.exe
2005-03-02 20:14 2180864 dba3e4215279c8012b37d2135b531258 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:09 2183424 c450518ef9acc02a2d799698021e31a8 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2002-09-20 16:12 2043520 ae94ae0da6ed874ce08912fc63f8c6c2 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 c:\windows\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 c:\windows\system32\dllcache\explorer.exe
2004-08-04 00:44 1033728 379098a96e6c165b659de7e4328010ea c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-14 19:21 1035264 c791ed9eac5e76d9525e157b1d7a599a c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-09-20 17:05 1005568 f4af85d918e83d71341fce2aa5318181 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:44 108544 3da8d964d2cc12ef8e8c342471a37917 c:\windows\system32\services.exe
2004-08-04 00:44 108544 3da8d964d2cc12ef8e8c342471a37917 c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 19:21 109056 3e3ae424e27c4cefe4cab368c7b570ea c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\services.exe
2001-10-26 17:30 101888 bf4cbefdce42a699389791647cb95ca2 c:\windows\$NtServicePackUninstall$\services.exe
2004-08-04 00:44 13312 f485fefc8cc4fd29243d800be5d275d1 c:\windows\system32\lsass.exe
2004-08-04 00:44 13312 f485fefc8cc4fd29243d800be5d275d1 c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 19:21 13312 88296f7943f30a1ee3af735440b92268 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\lsass.exe
2002-09-20 17:05 11776 fa2c871f57352339f0a1802bb9aea6e7 c:\windows\$NtServicePackUninstall$\lsass.exe
2004-08-04 00:44 15360 cbfa30492d70ce3938d8a7783d0c0436 c:\windows\system32\ctfmon.exe
2004-08-04 00:44 15360 cbfa30492d70ce3938d8a7783d0c0436 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 19:21 15360 1bd41eda5b869afc99895c39a8de36e1 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ctfmon.exe
2002-09-20 17:05 13312 0c4c012b0a8960f48a666c240a7baa3d c:\windows\$NtServicePackUninstall$\ctfmon.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\system32\spoolsv.exe
2004-08-04 00:44 57856 bebe8a85954ff460374fd5a0cd21e19b c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 19:21 57856 dd69ec597ab942c39b950d9c3ce1375d c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\spoolsv.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2001-10-26 17:30 51200 414af353e9eeed8637d90370fd0c3b68 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 00:44 25088 bd768099b4c44aa631728cb74eb54396 c:\windows\system32\userinit.exe
2004-08-04 00:44 25088 bd768099b4c44aa631728cb74eb54396 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 19:21 26624 2a5b37d520508be6570a3ea79695f5b5 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\userinit.exe
2002-09-20 17:05 22528 323d3ffcbf99c59b2d20b4c5a7ece347 c:\windows\$NtServicePackUninstall$\userinit.exe
2004-08-04 00:44 296448 2c28157229925280916b3041ccc5fe4b c:\windows\system32\termsrv.dll
2004-08-04 00:44 296448 2c28157229925280916b3041ccc5fe4b c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 19:20 296448 52e0505408edd4ab5ccc7f83b67b4299 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\termsrv.dll
2002-09-20 19:04 201216 c4ee140f5edcf2fc20099b56ddbe5445 c:\windows\$NtServicePackUninstall$\termsrv.dll
2007-04-16 17:54 1013248 c0aafee37ee787d9609d9fe00fa427f8 c:\windows\system32\kernel32.dll
2007-04-16 17:54 1013248 c0aafee37ee787d9609d9fe00fa427f8 c:\windows\system32\dllcache\kernel32.dll
2004-08-04 00:44 1012224 578bb2f44597cb53451ded99013573f3 c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-14 19:20 1018368 fce4ecc34a36edacf03dbe8de5e28910 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\kernel32.dll
2007-04-16 18:11 1014784 d8acc0b8c46fc756e3f64c14eaf9ce8f c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2002-09-20 17:04 958976 8d452c28d7cad9b5bbdb3c41730305e9 c:\windows\$NtServicePackUninstall$\kernel32.dll
2004-08-04 00:44 17408 b20bb2a65349ef132fa7f2eb51a29e5c c:\windows\system32\powrprof.dll
2004-08-04 00:44 17408 b20bb2a65349ef132fa7f2eb51a29e5c c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-14 19:20 17408 414c17a2958aedac700bbaafbf999f94 c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\powrprof.dll
2001-10-26 17:29 14848 cf06ff4307712677dd2ea86921ccd52f c:\windows\$NtServicePackUninstall$\powrprof.dll
2004-08-04 00:44 110080 bdb679c04273b19bf46bd0d591fdeec3 c:\windows\system32\imm32.dll
2004-08-04 00:44 110080 bdb679c04273b19bf46bd0d591fdeec3 c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-14 19:20 110080 2e9a03268e609917b83921ee16fd9cfb c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\imm32.dll
2002-09-20 17:03 103936 b85f29a061f7d554c8f8092ade4ec107 c:\windows\$NtServicePackUninstall$\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-05-13 614400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
--a------ 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-14 15:21 94208 c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2008-08-16 16:01 264704 c:\program files\Odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2008-09-04 06:01 2524416 c:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-02 114768]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [2002-08-14 5632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-02 20560]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\FOTO\Dane aplikacji\Mozilla\Firefox\Profiles\yd2qf5jn.default\
FF - prefs.js: browser.startup.homepage - hxxP://www.google.pl
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 11:41:52
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="567063CF5C22B1C1EC471A66AF75F90C53223588122376042B512A291EF0019A1BE536BBFD556F9DCD35DD2B897D036A42E343D7476621406E07CCAAB080E316AD5114B9CAE6728301CFB1F810282E41A23C4C7DA817352E635A7DCE7139246CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808CDED2A82EF190F4A9F2EAC73E3E4C3B74D824F834888C6B907F0C060671FD874B99286824271B75EF273627C99DD6DD613FC085DC053EDD346F89EA64C510299DC1B964D08820688E7A7D1C7BDE072F22C16113953703C8C5C5B3F9DAAFE7FE03530020B62817C62D0731E895AF3E2FE5F982D740C5770CF28A4246734B15C4F543CA4C8CAA611AA92459FD64B2141128A13514BCE82392D9723FE0EF073920F5EF08C798CAF2FC2A94E63AAC17484E79BD6A6624F713B5931EAB47E3AD4156A8EC07EF1475CB231A282AAE2C200985E95798BC298A50D2C0BD1610740E8C9D330E5F1EB6EF1EF9EA01CE842A55A5B788F5611D488A6BDA0517454DE05488761265B9204CBB82B5A5817C7EE981D9F5EB50CFB6BD0FD4A57C6318D9B5E0E9C49E461BFBB787D9E5617B523739D652ED947FAC737F5BB28153D2BC5BB79D94BEA747B0CF96511F727387D0BBE85D4C0D816CAA0CFD3F13F401FC9E69ED24E45467572410655C65B07AF36C3227D1285700CE567B21637EA6566B78E88BE9436009553580EE2795C5583EC47D500C52256A1F8333D4026FB3425E490A263583ADF9CEC03A4F60406924EF341F15D9C2B6467F5CCB326DCB601FD8472F8BB496355E25423BC52C75764BDE012763B4A2C1C8194B1BDF37ED1C2AB8CEFFB9598356FD56050B1092AC095130BCEC49204A49E254E92E5A5B2FA96F73876009581A9E3F52FD7410392A8142611BFA4300287339F61D69B0F23CF3C4408A8BDB0BDAC8BD89F378BFB6DE870E054E0BEB3043CC4CECF1733537DE79605BE5DD1B28C21E22AD5A295822DD0E2C17864A393499D63A6DF2163ED7648AEC2621F3B3AB35A0BA3BA02CA7C4421435BE6ACC3971A7A3FAE9B74C82BC36EAF19BFAC5F39F723C99779F0F69FAD1190D1CD53765CBE153101D1C9602F9FC9E9B764778678A636866D823F4CF7E4C96C621EA4F5D3842533CE93890FED483FD0E32528DD118F474E9B0AEE5FE669E89C590CA1E0C0BCD666D938CF1D3103A47CF5181774F10778D3B109B82A9F41808B99127EB83EBE478A79586F34971348A85A1853BF5E626569CE3A080A28F51846196C24E437638A091A52EE6513C5E9B690C5A0186D7E198A291F7C405E12A8FEE29CAEAFED87A76AB9CA0523E7683D28AC82743808BB95510B7BE87271A79F8C14686EC6F58E9960"
.
Czas ukończenia: 2009-03-07 11:43:16
ComboFix-quarantined-files.txt 2009-03-07 10:43:14
Przed: 8 253 710 336 bajtów wolnych
Po: 8,243,314,688 bajtów wolnych
202 --- E O F --- 2008-09-21 10:55:21