chyba jest git nie zamykam jak by się znowu wtrynił(privace protection) bo raz go usunąłem a jak się znów wtrynił to założyłem temat. wrzucam loga jak ktoś chce z tego tego programu combo fix jak ktoś powie jak wrzucić z gmera i otl to mogę wrzucić bo nie znam się na tych programach.
ComboFix 11-12-06.02 - max 2011-12-07 17:49:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1622 [GMT 1:00]
Uruchomiony z: c:\documents and settings\max\Pulpit\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\BE1A.tmp
c:\documents and settings\All Users\Dane aplikacji\privacy.exe
c:\documents and settings\All Users\Dane aplikacji\QuestScan
c:\documents and settings\All Users\Menu Start\Programy\ShopperReports
c:\documents and settings\All Users\Menu Start\Programy\ShopperReports\About Us.lnk
c:\documents and settings\All Users\Menu Start\Programy\ShopperReports\Customer Support.lnk
c:\documents and settings\All Users\Menu Start\Programy\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\documents and settings\All Users\Pulpit\Privacy Protection.lnk
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\images\dailyhotdeals.png
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\images\divider.png
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\images\feeditem.png
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\images\games.png
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\images\savemp3.png
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\images\savemp3_disabled.png
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\images\screensaver.png
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\images\shopping.png
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\images\watermark.png
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\images\weatherbug.png
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\pref.xml
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\tbconfig.xml
c:\documents and settings\max\Dane aplikacji\Mp3Tube Toolbar\tbconfig.xml.bak
c:\documents and settings\max\Dane aplikacji\PriceGong
c:\documents and settings\max\Dane aplikacji\PriceGong\Data\mru.xml
c:\documents and settings\max\Dane aplikacji\ShopperReports3
c:\documents and settings\max\Dane aplikacji\ShopperReports3\Firefox\cs\Config.xml
c:\documents and settings\max\Dane aplikacji\ShopperReports3\Firefox\cs\db\Aliases.dbs
c:\documents and settings\max\Dane aplikacji\ShopperReports3\Firefox\cs\db\Sites.dbs
c:\documents and settings\max\Dane aplikacji\ShopperReports3\Firefox\cs\dwld\WhiteList.xip
c:\documents and settings\max\Dane aplikacji\ShopperReports3\Firefox\cs\report\aggr_storage.xml
c:\documents and settings\max\Dane aplikacji\ShopperReports3\Firefox\cs\report\send_storage.xml
c:\documents and settings\max\Dane aplikacji\ShopperReports3\Firefox\cs\res1\WhiteList.dbs
c:\documents and settings\max\Dane aplikacji\ShopperReports3\IE\cs\Config.xml
c:\documents and settings\max\Dane aplikacji\ShopperReports3\IE\cs\db\Aliases.dbs
c:\documents and settings\max\Dane aplikacji\ShopperReports3\IE\cs\db\Sites.dbs
c:\documents and settings\max\Dane aplikacji\ShopperReports3\IE\cs\dwld\WhiteList.xip
c:\documents and settings\max\Dane aplikacji\ShopperReports3\IE\cs\report\aggr_storage.xml
c:\documents and settings\max\Dane aplikacji\ShopperReports3\IE\cs\report\send_storage.xml
c:\documents and settings\max\Dane aplikacji\ShopperReports3\IE\cs\res1\WhiteList.dbs
c:\documents and settings\max\Dane aplikacji\Uninstal.exe
c:\documents and settings\max\Ustawienia lokalne\Dane aplikacji\f9e8d2ef\U
c:\documents and settings\max\Ustawienia lokalne\Dane aplikacji\f9e8d2ef\U\80000000.@
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome.manifest
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\constants.js
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideo.js
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.js
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.xul
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\events.js
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.js
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.xul
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\tbcore.js
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\toolbar.xul
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weather.js
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherLoc.js
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherLoc.xul
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow-grey.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_partner.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_small.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\bg.jpg
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow_big.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\btn_close.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\dailyhotdeals.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\divider.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\facebook.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\games.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\icon-RSS.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\news.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\plainbutton.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3_disabled.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup-musicicon.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\saveyoutubevideos.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\screensaver.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\search.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbar-grey-250.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbox.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\separator_line.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\shopping.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\Thumbs.db
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\watermark.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\youtube.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\feeditem.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\logo.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\news_refresh.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupSearchMp3.css
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupWindow.css
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\SaveMp3_bg_hover.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\SaveMp3_bg_normal.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\savetomp3PopUp.css
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\Thumbs.db
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\toolbar.css
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_rain.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_snow.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_storm.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_tstorm.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\cloudy.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\flurries.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\hazy.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mist.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_cloudy.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_sunny.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\rain.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sleet.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\snow.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\storm.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sunny.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\Thumbs.db
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\thunderstorm.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\weatherbug.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\windy.png
c:\program files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\install.rdf
c:\program files\Mp3Tube Toolbar
c:\program files\Mp3Tube Toolbar\ffmpeg.exe
c:\program files\Mp3Tube Toolbar\mp3tubetb.dll
c:\program files\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe
c:\program files\Mp3Tube Toolbar\ShowMsg.exe
c:\program files\Mp3Tube Toolbar\uninstall.exe
c:\program files\QuestScan
c:\program files\QuestScan\uninstall.exe
c:\program files\RewardsArcade
c:\program files\RewardsArcade\appAPIinternalWrapper.js
c:\program files\RewardsArcade\fb.js
c:\program files\RewardsArcade\jquery.js
c:\program files\RewardsArcade\json.js
c:\program files\RewardsArcade\RewardsArcade.dll
c:\program files\RewardsArcade\RewardsArcade.exe
c:\program files\RewardsArcade\Uninstall.exe
c:\program files\RewardsArcade\UserConfirmation.exe
c:\program files\ShopperReports3
c:\program files\ShopperReports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files\ShopperReports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js
c:\program files\ShopperReports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul
c:\program files\ShopperReports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll
c:\program files\ShopperReports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt
c:\program files\ShopperReports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files\ShopperReports3\bin\3.2.11.0\link.ico
c:\program files\ShopperReports3\bin\3.2.11.0\ShopperReportsUninstaller.exe
c:\windows\$NtUninstallKB54520$
c:\windows\$NtUninstallKB54520$\1577323965
c:\windows\$NtUninstallKB54520$\4192785135\@
c:\windows\$NtUninstallKB54520$\4192785135\L\eitcbgps
c:\windows\$NtUninstallKB54520$\4192785135\loader.tlb
c:\windows\$NtUninstallKB54520$\4192785135\U\@00000001
c:\windows\$NtUninstallKB54520$\4192785135\U\@000000c0
c:\windows\$NtUninstallKB54520$\4192785135\U\@000000cb
c:\windows\$NtUninstallKB54520$\4192785135\U\@000000cf
c:\windows\$NtUninstallKB54520$\4192785135\U\@80000000
c:\windows\$NtUninstallKB54520$\4192785135\U\@800000c0
c:\windows\$NtUninstallKB54520$\4192785135\U\@800000cb
c:\windows\$NtUninstallKB54520$\4192785135\U\@800000cf
c:\windows\CSC\d6
c:\windows\IsUn0415.exe
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\system32\
c:\windows\system32\c_05614.nl_
c:\windows\system32\c_05614.nls
.
Zainfekowana kopia c:\windows\system32\drivers\mrxsmb.sys zosta³a znaleziona. Problem naprawiono
Plik odzyskano z - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Us³ugi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_QUESTSCAN_SERVICE
-------\Service_f9e8d2ef
-------\Legacy_Mp3Tube_Toolbar_Service
-------\Service_Mp3Tube Toolbar Service
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-11-07 do 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-07 15:13 . 2011-12-07 15:13 -------- d-----w- c:\documents and settings\Administrator
2011-12-04 16:12 . 2011-12-04 16:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-04 16:06 . 2011-12-04 16:07 474 ----a-w- C:\user.js
2011-12-04 16:06 . 2011-12-04 16:06 -------- d-----w- c:\program files\BabylonToolbar
2011-12-04 16:06 . 2011-12-04 16:06 -------- d-----w- c:\documents and settings\max\Ustawienia lokalne\Dane aplikacji\Google
2011-12-04 16:06 . 2011-12-04 16:06 -------- d-----w- c:\documents and settings\max\Ustawienia lokalne\Dane aplikacji\RewardsArcade
2011-12-04 16:06 . 2011-12-04 16:06 -------- d-----w- c:\documents and settings\max\Ustawienia lokalne\Dane aplikacji\Babylon
2011-12-04 16:06 . 2011-12-04 16:06 -------- d-----w- c:\documents and settings\max\Dane aplikacji\Babylon
2011-12-04 16:06 . 2011-12-04 16:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Babylon
2011-12-04 16:06 . 2011-12-04 16:06 -------- d-----w- c:\program files\FoxTabFLVPlayer
2011-12-03 20:44 . 2011-12-03 20:44 -------- d-----w- c:\documents and settings\max\Dane aplikacji\AVG2012
2011-12-03 20:43 . 2011-12-03 20:43 -------- d-----w- c:\documents and settings\max\Dane aplikacji\AVG Secure Search
2011-12-03 20:43 . 2011-12-03 20:43 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-12-03 20:43 . 2011-12-03 20:43 -------- d-----w- c:\program files\AVG Secure Search
2011-12-03 20:43 . 2011-12-03 20:43 -------- d--h--w- c:\documents and settings\All Users\Dane aplikacji\Common Files
2011-12-03 20:42 . 2011-12-03 20:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVG2012
2011-12-03 20:42 . 2011-12-03 20:47 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-03 20:42 . 2011-12-03 20:42 -------- d-----w- c:\program files\AVG
2011-12-03 20:41 . 2011-12-03 20:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MFAData
2011-12-03 17:59 . 2011-12-03 17:59 -------- d-----w- c:\program files\ESET
2011-12-03 17:37 . 2011-12-03 17:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-03 11:22 . 2011-12-03 11:22 -------- d-----w- c:\program files\Winamp Detect
2011-12-03 11:22 . 2005-01-28 12:44 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2011-12-03 11:22 . 2005-01-28 12:44 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2011-12-03 11:00 . 2011-12-07 16:52 -------- d-sh--w- c:\documents and settings\max\Ustawienia lokalne\Dane aplikacji\f9e8d2ef
2011-11-26 16:52 . 2011-11-27 13:34 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-11-26 16:37 . 2011-11-26 16:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Buena Vista Games
2011-11-22 15:48 . 2011-11-22 15:48 -------- d-----w- c:\program files\Gimnazjum - Chemia Nowej Ery 2
2011-11-13 11:29 . 2011-11-13 11:30 -------- d-----w- c:\program files\Gimnazjum klasa 3 - Puls zycia
2011-11-08 19:59 . 2011-11-08 19:59 -------- d-----w- c:\documents and settings\max\Dane aplikacji\blueconnect
2011-11-08 19:57 . 2008-04-13 23:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-08 19:57 . 2008-04-13 23:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2011-07-29 19:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 05:23 . 2011-10-07 05:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-10-04 05:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2008-04-14 20:50 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2011-09-26 09:41 614400 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-26 19:28 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-26 19:29 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-13 05:30 . 2011-09-13 05:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-10-02 18:59 . 2011-07-31 10:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
" {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} " = " c:\program files\MyAshampoo\prxtbMyA2.dll " [2011-05-09 176936]
" {EEE6C35D-6118-11DC-9C72-001320C79847} " = " c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll " [2011-08-24 130864]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-03 20:43 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-05-09 09:49 176936 ----a-w- c:\program files\MyAshampoo\prxtbMyA2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 16:21 1299248 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
" {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} " = " c:\program files\MyAshampoo\prxtbMyA2.dll " [2011-05-09 176936]
" {EEE6C35B-6118-11DC-9C72-001320C79847} " = " c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll " [2011-08-24 1299248]
" {95B7759C-8C7F-4BF1-B163-73684A933233} " = " c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll " [2011-12-03 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
" {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} " = " c:\program files\MyAshampoo\prxtbMyA2.dll " [2011-05-09 176936]
" {EEE6C35B-6118-11DC-9C72-001320C79847} " = " c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll " [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" EA Core " = " c:\program files\Electronic Arts\EADM\Core.exe " [2008-07-21 2752512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" RTHDCPL " = " RTHDCPL.EXE " [2011-05-12 20053608]
" nwiz " = " nwiz.exe " [2009-06-10 1657376]
" NvMediaCenter " = " c:\windows\system32\NvMcTray.dll " [2009-06-10 86016]
" NvCplDaemon " = " c:\windows\system32\NvCpl.dll " [2009-06-10 13758464]
" SunJavaUpdateSched " = " c:\program files\Common Files\Java\Java Update\jusched.exe " [2011-04-08 254696]
" LogMeIn Hamachi Ui " = " c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe " [2011-08-15 1955208]
" Adobe ARM " = " c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe " [2011-06-06 937920]
" SweetIM " = " c:\program files\SweetIM\Messenger\SweetIM.exe " [2011-08-01 114992]
" AVG_TRAY " = " c:\program files\AVG\AVG2012\avgtray.exe " [2011-10-24 2415456]
" vProt " = " c:\program files\AVG Secure Search\vprot.exe " [2011-12-03 218464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2008-04-14 15360]
.
c:\documents and settings\max\Menu Start\Programy\Autostart\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2011-7-29 593920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\Network Diagnostic\\xpnetdiag.exe " =
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\Gadu-Gadu 10\\gg.exe " =
" d:\\elite\\EliteMT2\\metin2.bin " =
" d:\\CS\\normal\\Counter-Strike 1.6\\hl.exe " =
" c:\\BitComet\\BitComet.exe " =
" d:\\Condition Zero\\hl.exe " =
" c:\\Program Files\\Electronic Arts\\EADM\\Core.exe " =
" d:\\Dune 2000\\Dune 2000\\DUNE2000.DAT " =
" d:\\Condition Zero\\hlds.exe " =
" c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe " =
" c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe " =
" c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe " =
" c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe " =
" c:\\Program Files\\Mozilla Firefox\\firefox.exe " =
" c:\\WINDOWS\\system32\\javaw.exe " =
" c:\\Program Files\\SweetIM\\Messenger\\SweetIM.exe " =
" c:\\Program Files\\Winamp\\winamp.exe " =
" c:\\Documents and Settings\\max\\Ustawienia lokalne\\Dane aplikacji\\Babylon\\Setup\\Setup.exe " =
" c:\\Documents and Settings\\max\\Ustawienia lokalne\\Dane aplikacji\\Babylon\\Setup\\MyBabylonTB.exe " =
" c:\\Program Files\\Java\\jre6\\bin\\java.exe " =
" c:\\Program Files\\Mozilla Firefox\\plugin-container.exe " =
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
" 19642:TCP " = 19642:TCP:BitComet 19642 TCP
" 19642:UDP " = 19642:UDP:BitComet 19642 UDP
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-09-13 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-08-07 436792]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-07 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-07-11 295248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-04 16720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; " c:\program files\LogMeIn Hamachi\hamachi-2.exe " -s -- & gt; c:\program files\LogMeIn Hamachi\hamachi-2.exe [?]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-12-03 246624]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-07-30 1691480]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys -- & gt; c:\windows\system32\drivers\ewfiltertdidriver.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys -- & gt; c:\windows\system32\DRIVERS\ewusbdev.sys [?]
.
.
------- Skan uzupe³niaj¹cy -------
.
uStart Page = hxxp://search.babylon.com/?AF=100478 & babsrc=HP_ss & mntrId=7455e200000000000000001d7d73c2d2
mStart Page = hxxp://home.sweetim.com/?st=1 & barid={BB0A9968-C822-417D-AAD2-F04A7DE98DE3}
IE: & P & obierz & za pomoc¹ BitComet - c:\bitcomet\BitComet.exe/AddLink.htm
IE: Pobierz wszystko za pomoc¹ BitComet - c:\bitcomet\BitComet.exe/AddAllLink.htm
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.100.252
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\max\Dane aplikacji\Mozilla\Firefox\Profiles\o7r6zr75.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2 & q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 7455e200000000000000001d7d73c2d2
FF - user.js: extensions.BabylonToolbar_i.hardId - 7455e200000000000000001d7d73c2d2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15312
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - USUNIÊTO PUSTE WPISY - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Privacy Protection - c:\documents and settings\All Users\Dane aplikacji\privacy.exe
AddRemove-Condition_Zero_3 - c:\windows\iun6002.exe
AddRemove-Gimnazjum - Chemia Nowej Ery 2 - c:\windows\IsUn0415.exe
AddRemove-Gimnazjum klasa 3 - Puls ¿ycia - c:\windows\IsUn0415.exe
AddRemove-IspAssistant-Mp3Tube - c:\program files\Mp3Tube Toolbar\uninstall.exe
AddRemove-Minecraft 1.2.0_02 - c:\documents and settings\max\Dane aplikacji\Uninstal.exe
AddRemove-Mp3Tube Toolbar - c:\program files\Mp3Tube Toolbar\uninstall.exe
AddRemove-QuestScan - c:\program files\QuestScan\uninstall.exe
AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 17:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
.
c:\windows\4023576825:102182160.exe 816 bytes executable
.
skanowanie pomylnie ukoñczone
ukryte pliki: 1
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-1935655697-1417001333-1003\Software\SecuROM\License information*]
" datasecu " =hex:c6,f7,36,fd,8c,e6,a1,ee,bf,fe,66,81,61,74,ec,2f,73,07,82,e2,7f,
cd,08,00,56,7a,91,a0,04,77,d9,6f,d9,1c,18,cd,5a,44,f4,90,78,f6,17,50,b2,9d,\
" rkeysecu " =hex:56,85,80,ad,bd,f5,81,f2,53,45,9d,bb,de,34,64,ea
.
------------------------ Pozosta³e uruchomione procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Czas ukoñczenia: 2011-12-07 17:56:42 - komputer zosta³ uruchomiony ponownie
ComboFix-quarantined-files.txt 2011-12-07 16:56
.
Przed: 82 002 935 808 bajtów wolnych
Po: 82 136 305 664 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= " Microsoft Windows Recovery Console " /cmdcons
UnsupportedDebug= " do not select this " /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= " Microsoft Windows XP Professional " /noexecute=optin /fastdetect
.
- - End Of File - - 6F42BE19F565164ED6A82A195E6229CF