I recognize, just i have no idea what are those 13351564 and 14524684
I recognize, just i have no idea what are those 13351564 and 14524684
Do you mean these?
c:\docume~1\ALLUSE~1\DANEAP~1\13351564\13351564
c:\docume~1\ALLUSE~1\DANEAP~1\14524684\14524684
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
yes these
So have you then created these folders?
c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\docume~1\ALLUSE~1\DANEAP~1\14524684
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
no, I didn't create them
I see.
Please click this link-->Jotti
Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
c:\windows\system32\sfcfiles.dll
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
No Viruses found it's clear
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code:Folder:: c:\docume~1\ALLUSE~1\DANEAP~1\13351564 c:\docume~1\ALLUSE~1\DANEAP~1\14524684- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
ComboFix 09-08-10.01 - RedCloud 2009-08-10 21:44.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.597 [GMT 2:00]
Uruchomiony z: c:\documents and settings\RedCloud\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\RedCloud\Pulpit\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
?
c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\docume~1\ALLUSE~1\DANEAP~1\14524684
.
((((((((((((((((((((((((( Pliki utworzone od 2009-07-10 do 2009-08-10 )))))))))))))))))))))))))))))))
.
2009-08-09 12:18 . 2009-08-09 12:18 -------- d-----w- c:\program files\ERUNT
2009-08-09 10:05 . 2009-08-09 10:05 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-08-09 09:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-09 09:53 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-09 09:53 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-09 09:53 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\program files\Avira
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira
2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\id Software
2009-08-07 14:35 . 2009-08-07 14:35 -------- d-----w- c:\program files\CyberLink
2009-08-07 10:27 . 2009-08-07 10:32 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Nero
2009-08-07 10:09 . 2009-08-07 10:09 -------- d-----w- c:\program files\Windows Sidebar
2009-08-07 09:56 . 2009-08-07 10:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2009-08-07 09:56 . 2009-08-07 10:20 -------- d-----w- c:\program files\Common Files\Nero
2009-08-05 09:54 . 2009-08-05 09:54 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
2009-08-05 09:35 . 2009-08-05 09:35 -------- d-----w- c:\program files\MSXML 6.0
2009-08-04 12:43 . 2006-07-21 23:40 143360 ------r- c:\windows\system32\RtlCPAPI.dll
2009-08-04 12:42 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-08-04 12:32 . 2009-08-04 12:32 -------- d-----w- c:\program files\Java
2009-08-04 12:10 . 2009-08-04 12:32 152576 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-08-01 17:04 . 2009-08-01 17:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3B4E
2009-07-29 17:40 . 2009-07-29 17:40 -------- d-----w- c:\program files\Argente Software
2009-07-27 07:03 . 2009-07-27 07:03 22328 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\PnkBstrK.sys
2009-07-27 07:03 . 2009-07-27 07:03 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-27 07:03 . 2009-07-27 07:03 -------- d-----w- c:\windows\system32\LogFiles
2009-07-25 07:02 . 2009-07-25 07:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-24 15:37 . 2009-07-24 15:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2009-07-24 15:13 . 2004-01-28 14:42 1531904 ----a-w- c:\windows\adiras.exe
2009-07-24 15:13 . 2003-06-24 11:55 127497 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
2009-07-24 15:13 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\adadix32.dll
2009-07-24 15:13 . 2001-07-27 11:25 127456 ----a-w- c:\windows\system32\ipdetect.exe
2009-07-24 15:13 . 2002-11-15 12:33 126976 ----a-w- c:\windows\system32\coclassfast.dll
2009-07-24 15:13 . 2003-07-17 14:48 46167 ----a-w- c:\windows\system32\drivers\adildr.sys
2009-07-24 15:13 . 2001-05-24 14:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
2009-07-24 15:13 . 2001-02-08 09:05 46892 ----a-w- c:\windows\system32\adadix16.dll
2009-07-24 12:58 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 12:58 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 11:19 . 2009-07-24 11:19 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\DivX
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Malwarebytes
2009-07-24 11:06 . 2009-07-27 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-07-24 10:26 . 2009-07-24 10:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-24 09:43 . 2009-07-24 09:43 199 ----a-w- c:\windows\prxid93ps.dat
2009-07-24 09:43 . 2009-07-24 12:45 0 ----a-w- c:\windows\system32\drivers\58ee5dc9.sys
2009-07-18 20:40 . 2009-07-18 20:42 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Ventrilo
2009-07-18 20:39 . 2009-07-18 20:39 -------- d-----w- c:\program files\Ventrilo
2009-07-17 21:14 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Temp
2009-07-16 18:09 . 2009-07-16 18:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-13 10:12 . 2009-08-03 16:19 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Tibia
2009-07-13 10:09 . 2009-08-03 16:21 -------- d-----w- c:\program files\Tibia
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 17:25 . 2009-06-17 22:02 -------- d-----w- c:\program files\TibiaCam TV Lite
2009-08-07 14:49 . 2008-09-11 16:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 14:36 . 2008-09-11 16:40 -------- d-----w- c:\program files\CyberLink DVD Solution
2009-08-04 19:35 . 2009-04-24 14:42 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-08-04 12:42 . 2008-09-11 16:33 -------- d-----w- c:\program files\Realtek
2009-08-04 12:32 . 2008-10-22 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 15:14 . 2009-07-24 15:13 23 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2009-07-24 10:32 . 2001-10-26 16:15 87056 ----a-w- c:\windows\system32\perfc015.dat
2009-07-24 10:32 . 2001-10-26 16:15 498526 ----a-w- c:\windows\system32\perfh015.dat
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Ahead
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-18 20:39 . 2009-01-29 13:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-11 15:00 . 2008-09-11 18:29 -------- d-----w- c:\program files\Asprate
2009-07-08 14:56 . 2009-07-08 14:53 -------- d-----w- c:\program files\Online TV Player 3
2009-07-06 13:17 . 2009-05-30 12:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-07-05 22:12 . 2009-07-05 22:12 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-01 22:58 . 2009-07-01 22:58 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-01 22:38 . 2009-01-29 13:34 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-21 06:46 . 2009-05-20 15:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-06-19 01:03 . 2008-11-06 07:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-06-17 22:03 . 2009-06-15 09:18 -------- d-----w- c:\program files\Sword of the New World
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Tibia2
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Windows Live
2009-06-17 21:59 . 2008-10-17 21:11 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Skype
2009-06-17 21:45 . 2008-10-17 21:14 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\skypePM
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 04:03 . 2009-05-20 15:17 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2008-09-17 21:55 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2008-09-17 21:55 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2008-09-17 21:55 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2006-08-11 13:42 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2006-08-11 13:42 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-04 22:17 . 2009-06-04 22:17 66560 ----a-w- c:\windows\system32\drivers\epuqfvnlqenvnnos.sys
2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2004-10-01 13:00 . 2008-09-11 16:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2008-05-08 18:02 1571840 9F02C1CF7C3100E4AEA7DD8B6A86A01B c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-09_14.25.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 10:58 . 2009-08-10 10:58 16384 c:\windows\Temp\Perflib_Perfdata_260.dat
- 2008-09-11 17:20 . 2009-03-11 06:38 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-10 11:01 . 2009-08-10 11:01 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-10 10:55 . 2009-08-10 10:55 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-08-09 19:46 . 2009-08-09 19:46 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-09 14:22 . 2009-08-09 14:22 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-09 19:45 . 2009-08-09 19:45 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2009-08-09 19:46 . 2009-08-09 19:46 241664 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-09 19:46 . 2009-08-09 19:46 233472 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-09 14:22 . 2009-08-09 14:22 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-09 19:45 . 2009-08-09 19:45 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-08-09 19:45 . 2009-08-09 19:46 7221248 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-04-20 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-01 16049664]
c:\documents and settings\RedCloud\Menu Start\Programy\Autostart\
Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2008-10-15 2168152]
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2008-10-15 464240]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-7-24 962661]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^RedCloud^Menu Start^Programy^Autostart^Ad-aware Updater.exe]
backup=c:\windows\pss\Ad-aware Updater.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\CallOfDuty\\CoDWaWmp.exe"=
"d:\\CallOfDuty\\CoDWaW.exe"=
"c:\\Program Files\\Tibia\\Tibia.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"19921:TCP"= 19921:TCP:*:Disabled:SolidNetworkManager
"19921:UDP"= 19921:UDP:*:Disabled:SolidNetworkManager
"24013:TCP"= 24013:TCP:*:Disabled:SolidNetworkManager
"24013:UDP"= 24013:UDP:*:Disabled:SolidNetworkManager
"8085:TCP"= 8085:TCP:sfx
"53:UDP"= 53:UDP:Promo
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-09 108289]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-09-11 34944]
R3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S2 gupdate1c98fc14bc8e74c;Usługa Google Update (gupdate1c98fc14bc8e74c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
S3 sterownik;sterownik;\??\c:\documents and settings\RedCloud\sterownik.sys --> c:\documents and settings\RedCloud\sterownik.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'
2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 23:01]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 23:01]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1229272821-1177238915-1003Core.job
- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-20 06:05]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1229272821-1177238915-1003UA.job
- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-20 06:05]
2009-08-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 20:18]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {AE728A47-FAAC-4FC9-8C70-C05DBB07F867} = 213.241.79.37 83.238.255.76
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 21:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,75,b1,52,ab,e7,98,b4,0e,ba,bb,4f,2f,37,56,db,6b,57,1b,8f,b2,fc,51,
92,ad,c3,8d,53,d4,a4,e2,08,fe,6d,18,99,e6,9f,a6,ee,ba,6d,28,72,b0,65,df,46,\
"??"=hex:9a,2e,68,87,b6,af,a5,d0,15,24,ce,fd,db,33,c2,fe
[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,a7,f2,9a,e3,68,91,94,b5,90,76,03,93,7b,f9,d6,91,16,c2,61,8b,
2b,83,34,ca,e0,35,3e,4f,23,0b,51,86,09,7a,9d,62,f5,47,3e,a7,14,2f,7c,60,20,\
"rkeysecu"=hex:22,d4,1e,54,e3,4e,b8,ac,ab,c8,12,7e,ce,d5,c6,13
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=""
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.417.0"
"UniqueId"="0016B36649D70533"
"ScannerBuild"=dword:0000121d
"ScannerVersionId"=dword:00000f6c
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000003
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3A00143BA9CB85FA63743093AFAB9E4B47DC901763CB31D2AE894DD879390DBEACF454F2E5D6C70645D82762C227752FA0971AB14CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB345290AF1E024A3D4A5DF10381E293FDA230DC3D7BB5B79F51A6B997FCBAB10F7A12D3F78EC845AFEE1496A98B7E64A156142531BD8C6E9A2CD231A43EFDB04A8BFBB4A2A9A145CFCDD56A48A87DB745F47926443F4980CEE99F6DF6740A4A498677EE1C46AE8D78F415BD8A6C467454DAE8E588703E9B5B54CCC89F0E3A117BC31ED116EC7132876A6374669CA555BD5A0FFCCFF3213EDE2B4331F32C4DE7D18DAF41085B521FE0A57A8691B44C69F6373D19B2210A3CFD9E8AA88CA1640943A30FB22C821C906913360207E24E12F5AA67FB8E05783EE2D4D146C7F7877F47B8C2B37F89FD998D9114050809A4873761277A025D4C3EB9E7E834C46C9F2EDDF2F562C4C80C9E3AF53B4514BDAA54BA7EB97D729EC98E3267C830EAEC7C48866EF771024EBD59E309F18AF54C22578394FE0308701DD002D3898DE2A0CFD8C83ABAA9025A6D59808524AFB5332F4319ADFC1CADAD52FD612469B098DEAFB9AD585565D2E35B7F0A9BE127A5A3D89D8747DC6E94E5DA610DC1C9163EB4171C42C084934515AB0000EE5F75D6868C425ED169B130DC8B1B468AB14A4862640797DEA4B8F0C8E3E66419743120741B60313396B4B90B9E1E5050CA70705C5952C4903A6A2F13F011BE251C869D3CB8FA9742F5582D9A3133F35AE13E33CA9C29E329EA559DB821309813F6B72F61FCE72E4E4392C96CC4757FE169FE530BB80E90700337213229C9815749187619E4511318596B13923E55C2147810532D9C556E21EFE5DC2E9FB70B59FA0F5BCE51B8E9D2BA0054556716911547E3FEF699A6A2694646BB0E7FA94D7596998821056DDB298B0495AFEE50C5F83501E2DDE781566D3CD4ECE7299E62FBCDC7EDE1AA9814B714B9A9D1E3EDBBCAC181CE129FB336C32C2062045FEC68B0F2BDBD184DB34290C2FBA41FBC3053881694597140E375F695CCD0604A40034B7F35707D5D0F983727375EAED3AA71A3F87A5A122D0A4A069911332EF314D7F88EF74002AFCBD0A4F66E724DE4C57F825B0B703BAB736C650337C8544DBC12586068AC477C61A5460BB4C0F8923CE97F4D307BE965411BFAB92091EAA95DE07DD7F978A4DF9AD57E5FB46EE5629DA0688468214EEA6617A2CCBE5640BE70F5F1FCB5AAA35B1727A017ABE3FBBB4E997EDBC5CB4EAC2D26AAEF1A9FD5A8C487AFFCB68F035148DE76F3EA4C566E06CB78D0ED268282321355794EBAE067FAD12927ADB4B48B754B3CE05718C32BD03580051DA335"
.
Czas ukończenia: 2009-08-10 21:52
ComboFix-quarantined-files.txt 2009-08-10 19:52
ComboFix2.txt 2009-08-09 19:53
ComboFix3.txt 2009-08-09 14:31
ComboFix4.txt 2008-10-15 17:29
Przed: 14*685*093*888 bajtów wolnych
Po: 14*656*057*344 bajtów wolnych
286 --- E O F --- 2009-06-21 07:45
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
- Check the box next to "YES, I accept the Terms of Use."
- Click "Start"
- Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
Once installed, the scanner will be initialized.- Click "Start". Make sure that the options:
- Remove found threats is UNCHECKED
- Scan unwanted applications is CHECKED
- Click "Scan"
- Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
- Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste the contents of log.txt in your next reply.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Posting Permissions
