Posty: 5 • Strona 1 z 1
- DeeJay FMF
- Posty: 2318
- Dołączył(a): 2006-08-25, 20:50
- Lokalizacja: Rio de Janeiro
- Podziekowal: 59
- Otrzymal podziekowan: 39
Napisane: 2009-05-17, 16:23 Upload: 0.00 MB
Od pewnego czasu mam problem z pamiecia RAM w kompie, tzn tak mi sie wydaje ze to o to chodzi. Mianowicie gdy mam uruchomione kilka zwyklych uzytkowych programow a do tego najczesciej utorrenta to komp sie zawiesza, za chwilke jest bluescreen "rozpoczynanie zrzucania pamieci fizycznej" czy cos takiego :/ Jak sobie z tym poradzic? Mam starego laptopa, HP Compaq nx9010, 512 RAM, 2,4ghz procesor
- Administrator
- Posty: 12100
- Dołączył(a): 2005-03-19, 23:52
- Lokalizacja: SZCZECIN // FMF-TEAM
- Podziekowal: 4275
- Otrzymal podziekowan: 1082
Napisane: 2009-05-17, 16:24 Upload: 0.00 MB
na pewno jest tam napiasne ktory plik zbeboczyl. napisz nam ktory
- DeeJay FMF
- Posty: 2318
- Dołączył(a): 2006-08-25, 20:50
- Lokalizacja: Rio de Janeiro
- Podziekowal: 59
- Otrzymal podziekowan: 39
- Administrator
- Posty: 12100
- Dołączył(a): 2005-03-19, 23:52
- Lokalizacja: SZCZECIN // FMF-TEAM
- Podziekowal: 4275
- Otrzymal podziekowan: 1082
Napisane: 2009-05-17, 16:44 Upload: 0.00 MB
wygooglaj sobie combofix koniecznie, zassaj go i wlacz
- DeeJay FMF
- Posty: 2318
- Dołączył(a): 2006-08-25, 20:50
- Lokalizacja: Rio de Janeiro
- Podziekowal: 59
- Otrzymal podziekowan: 39
Napisane: 2009-05-17, 17:44 Upload: 0.00 MB
to chyba bedzie ci chodzilo o ten plik...
ComboFix 09-05-16.05 - k14 2009-05-17 17:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.447.267 [GMT 2:00]
Uruchomiony z: c:\documents and settings\k14.K14-B4647741E57\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090516-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Usunieto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc1.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc10.JPG
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc11.JPG
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc12.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc13.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc14.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc15.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc16.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc17.lnk
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc18.doc
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc19.mp3
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc2.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc20.jar
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc21.txt
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc22.rar
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc24.wmv
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc25.rar
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc26.WMV
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc27.exe
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc29.avi
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc3.3gp
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc4.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc5.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc6.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc7.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc8.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc9.dat
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\INFO2
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\InstNT.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\data1.cab
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\data1.hdr
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\data2.cab
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\HPQDS.ini
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\ikernel.ex_
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\InstNT.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\layout.bin
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\ReadMe.txt
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\Setup.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\Setup.ini
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\setup.inx
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\setup.iss
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynCntxt.rtf
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynISDLL.dll
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynMood.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTP.chm
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTP.cnt
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTP.hlp
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTPCOM.dll
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTPCpl.dll
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTPEnh.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTPEnh.ini
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTPLpr.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynUnst.ini
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynZMetr.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Tutorial.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\INFO2
.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-17 do 2009-05-17 )))))))))))))))))))))))))))))))
.
2009-05-10 21:03 . 2009-05-10 21:03 -------- d-----w c:\program files\Common Files\DivX Shared
2009-05-10 21:03 . 2009-05-10 21:04 -------- d-----w c:\program files\DivX
2009-05-10 20:49 . 2009-05-10 20:49 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Real
2009-05-10 20:49 . 2009-05-10 20:50 -------- d-----w c:\program files\Real Alternative
2009-05-08 12:05 . 2008-04-13 22:24 22016 ----a-w c:\windows\system32\drivers\MSIRCOMM.sys
2009-05-06 12:22 . 2009-05-06 12:23 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\MxBoost
2009-05-05 14:22 . 2009-05-05 14:28 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Google
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\UC.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\RAR.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\PKZIP.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\PKUNZIP.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\NOCLOSE.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\LHA.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\ARJ.PIF
2009-05-05 13:34 . 2009-05-05 13:35 -------- d-----w C:\totalcmd
2009-05-04 21:22 . 2009-05-05 13:33 -------- d-----w c:\program files\AviSynth 2.5
2009-05-04 21:22 . 2006-07-28 23:22 51712 ----a-w c:\windows\system32\coodest.dll
2009-05-04 21:09 . 2009-05-04 21:09 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\WinAVI
2009-04-25 21:21 . 2009-04-25 21:21 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Apple Computer
2009-04-22 16:10 . 2009-05-05 16:12 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\SendSpace Wizard
2009-04-22 15:55 . 2009-04-22 15:55 -------- d-----w c:\program files\Image Grabber II
2009-04-22 15:44 . 2009-04-22 15:45 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\Media Player Classic
2009-04-22 15:42 . 2009-04-22 15:42 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-22 15:42 . 2009-05-16 19:23 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\skypePM
2009-04-22 15:39 . 2009-05-16 20:11 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\Skype
2009-04-22 15:36 . 2009-04-22 15:37 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Skype
2009-04-20 18:48 . 2009-04-20 18:48 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\WordToPDF
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 18:43 . 2008-12-09 10:03 -------- d-----w c:\program files\Tlen.pl
2009-05-09 15:03 . 2001-10-26 18:15 50946 ----a-w c:\windows\system32\perfc015.dat
2009-05-09 15:03 . 2001-10-26 18:15 359072 ----a-w c:\windows\system32\perfh015.dat
2009-04-25 06:42 . 2008-09-17 21:38 -------- d-----w c:\program files\Java
2009-04-22 15:37 . 2008-07-08 19:53 -------- d-----r c:\program files\Skype
2009-04-22 15:37 . 2008-07-08 19:53 -------- d-----w c:\program files\Common Files\Skype
2009-04-20 04:28 . 2009-04-11 18:23 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-11 18:38 . 2009-04-11 18:36 32205 ----a-w c:\windows\unins000.dat
2009-04-11 18:36 . 2009-04-11 18:36 697353 ----a-w c:\windows\unins000.exe
2009-04-11 10:41 . 2009-02-23 21:40 68456 ----a-w c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-07 19:59 . 2009-04-07 19:59 -------- d-----w c:\program files\SopCast
2009-03-20 16:09 . 2008-07-08 19:31 -------- d-----w c:\program files\Fotosik Manager
2009-03-19 17:48 . 2008-07-07 20:49 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-09 03:19 . 2009-02-25 11:11 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-25 18:15 . 2009-02-25 18:15 20747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-25 11:56 . 2009-02-25 11:56 98304 ----a-w c:\windows\system32\qttask.exe
2009-02-23 21:37 . 2009-02-23 21:37 0 -c--a-w c:\windows\nsreg.dat
2009-02-23 21:18 . 2009-02-23 21:18 21856 -c--a-w c:\windows\system32\emptyregdb.dat
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-11 17:52 . 2008-07-11 17:52 61440 ----a-w c:\program files\mozilla firefox\components\gemgecko.dll
.
------- Sigcheck -------
[-] 2008-05-02 08:48 361344 8E036EEC565910417EA020CE0962AA24 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyslne, prawidlowe wpisy nie sa pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2009-01-17 5853672]
"Google Update"="c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-05-05 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 335872]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2009-02-25 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-11-08 4608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-03-01 124928]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-25 20560]
R3 ALiIRDA;Sterownik urzadzenia podczerwieni ALi;c:\windows\system32\drivers\alifir.sys [2009-02-24 26624]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2008-07-07 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2008-07-07 244608]
.
Zawartosc folderu 'Zaplanowane zadania'
2009-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2146763411-1426433555-1003.job
- c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-05-05 14:22]
.
.
------- Skan uzupelniajacy -------
.
uStart Page = hxxp://nasza-klasa.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\Mozilla\Firefox\Profiles\8twhqn39.default\
FF - prefs.js: browser.startup.homepage - hxxp://pajacyk.pl/
FF - component: c:\program files\Mozilla Firefox\components\gemgecko.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSNOOKER.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 17:33
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesow ...
skanowanie ukrytych wpisow autostartu ...
skanowanie ukrytych plikow ...
skanowanie pomyslnie ukonczone
ukryte pliki: 0
**************************************************************************
.
Czas ukonczenia: 2009-05-17 17:35
ComboFix-quarantined-files.txt 2009-05-17 15:35
Przed: 1 879 810 048 bajtow wolnych
Po: 2 240 380 928 bajtow wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
205
ComboFix 09-05-16.05 - k14 2009-05-17 17:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.447.267 [GMT 2:00]
Uruchomiony z: c:\documents and settings\k14.K14-B4647741E57\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090516-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Usunieto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc1.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc10.JPG
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc11.JPG
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc12.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc13.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc14.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc15.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc16.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc17.lnk
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc18.doc
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc19.mp3
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc2.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc20.jar
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc21.txt
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc22.rar
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc24.wmv
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc25.rar
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc26.WMV
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc27.exe
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc29.avi
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc3.3gp
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc4.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc5.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc6.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc7.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc8.jpg
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dc9.dat
c:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\INFO2
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\InstNT.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\data1.cab
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\data1.hdr
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\data2.cab
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\HPQDS.ini
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\ikernel.ex_
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\InstNT.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\layout.bin
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\ReadMe.txt
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\Setup.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\Setup.ini
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\setup.inx
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Media\setup.iss
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynCntxt.rtf
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynISDLL.dll
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynMood.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTP.chm
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTP.cnt
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTP.hlp
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTPCOM.dll
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTPCpl.dll
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTPEnh.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTPEnh.ini
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynTPLpr.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynUnst.ini
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\SynZMetr.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\Dd1\SynTP\Tutorial.exe
d:\recycler\S-1-5-21-73586283-1708537768-1060284298-1004\INFO2
.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-17 do 2009-05-17 )))))))))))))))))))))))))))))))
.
2009-05-10 21:03 . 2009-05-10 21:03 -------- d-----w c:\program files\Common Files\DivX Shared
2009-05-10 21:03 . 2009-05-10 21:04 -------- d-----w c:\program files\DivX
2009-05-10 20:49 . 2009-05-10 20:49 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Real
2009-05-10 20:49 . 2009-05-10 20:50 -------- d-----w c:\program files\Real Alternative
2009-05-08 12:05 . 2008-04-13 22:24 22016 ----a-w c:\windows\system32\drivers\MSIRCOMM.sys
2009-05-06 12:22 . 2009-05-06 12:23 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\MxBoost
2009-05-05 14:22 . 2009-05-05 14:28 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Google
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\UC.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\RAR.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\PKZIP.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\PKUNZIP.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\NOCLOSE.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\LHA.PIF
2009-05-05 13:34 . 2008-08-08 05:04 545 ----a-w c:\windows\ARJ.PIF
2009-05-05 13:34 . 2009-05-05 13:35 -------- d-----w C:\totalcmd
2009-05-04 21:22 . 2009-05-05 13:33 -------- d-----w c:\program files\AviSynth 2.5
2009-05-04 21:22 . 2006-07-28 23:22 51712 ----a-w c:\windows\system32\coodest.dll
2009-05-04 21:09 . 2009-05-04 21:09 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\WinAVI
2009-04-25 21:21 . 2009-04-25 21:21 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Apple Computer
2009-04-22 16:10 . 2009-05-05 16:12 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\SendSpace Wizard
2009-04-22 15:55 . 2009-04-22 15:55 -------- d-----w c:\program files\Image Grabber II
2009-04-22 15:44 . 2009-04-22 15:45 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\Media Player Classic
2009-04-22 15:42 . 2009-04-22 15:42 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-22 15:42 . 2009-05-16 19:23 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\skypePM
2009-04-22 15:39 . 2009-05-16 20:11 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\Skype
2009-04-22 15:36 . 2009-04-22 15:37 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Skype
2009-04-20 18:48 . 2009-04-20 18:48 -------- d-----w c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\WordToPDF
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 18:43 . 2008-12-09 10:03 -------- d-----w c:\program files\Tlen.pl
2009-05-09 15:03 . 2001-10-26 18:15 50946 ----a-w c:\windows\system32\perfc015.dat
2009-05-09 15:03 . 2001-10-26 18:15 359072 ----a-w c:\windows\system32\perfh015.dat
2009-04-25 06:42 . 2008-09-17 21:38 -------- d-----w c:\program files\Java
2009-04-22 15:37 . 2008-07-08 19:53 -------- d-----r c:\program files\Skype
2009-04-22 15:37 . 2008-07-08 19:53 -------- d-----w c:\program files\Common Files\Skype
2009-04-20 04:28 . 2009-04-11 18:23 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-11 18:38 . 2009-04-11 18:36 32205 ----a-w c:\windows\unins000.dat
2009-04-11 18:36 . 2009-04-11 18:36 697353 ----a-w c:\windows\unins000.exe
2009-04-11 10:41 . 2009-02-23 21:40 68456 ----a-w c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-07 19:59 . 2009-04-07 19:59 -------- d-----w c:\program files\SopCast
2009-03-20 16:09 . 2008-07-08 19:31 -------- d-----w c:\program files\Fotosik Manager
2009-03-19 17:48 . 2008-07-07 20:49 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-09 03:19 . 2009-02-25 11:11 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-25 18:15 . 2009-02-25 18:15 20747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-25 11:56 . 2009-02-25 11:56 98304 ----a-w c:\windows\system32\qttask.exe
2009-02-23 21:37 . 2009-02-23 21:37 0 -c--a-w c:\windows\nsreg.dat
2009-02-23 21:18 . 2009-02-23 21:18 21856 -c--a-w c:\windows\system32\emptyregdb.dat
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-11 17:52 . 2008-07-11 17:52 61440 ----a-w c:\program files\mozilla firefox\components\gemgecko.dll
.
------- Sigcheck -------
[-] 2008-05-02 08:48 361344 8E036EEC565910417EA020CE0962AA24 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyslne, prawidlowe wpisy nie sa pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2009-01-17 5853672]
"Google Update"="c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-05-05 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 335872]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2009-02-25 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-11-08 4608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-03-01 124928]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-25 20560]
R3 ALiIRDA;Sterownik urzadzenia podczerwieni ALi;c:\windows\system32\drivers\alifir.sys [2009-02-24 26624]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2008-07-07 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2008-07-07 244608]
.
Zawartosc folderu 'Zaplanowane zadania'
2009-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2146763411-1426433555-1003.job
- c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-05-05 14:22]
.
.
------- Skan uzupelniajacy -------
.
uStart Page = hxxp://nasza-klasa.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\k14.K14-B4647741E57\Dane aplikacji\Mozilla\Firefox\Profiles\8twhqn39.default\
FF - prefs.js: browser.startup.homepage - hxxp://pajacyk.pl/
FF - component: c:\program files\Mozilla Firefox\components\gemgecko.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\k14.K14-B4647741E57\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSNOOKER.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 17:33
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesow ...
skanowanie ukrytych wpisow autostartu ...
skanowanie ukrytych plikow ...
skanowanie pomyslnie ukonczone
ukryte pliki: 0
**************************************************************************
.
Czas ukonczenia: 2009-05-17 17:35
ComboFix-quarantined-files.txt 2009-05-17 15:35
Przed: 1 879 810 048 bajtow wolnych
Po: 2 240 380 928 bajtow wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
205
Posty: 5 • Strona 1 z 1
Strona główna forum | Góra
SEO MOD © 2007 StarTrekGuide
Powered by phpBB © 2010
Theme created by Artur Doruch
Theme created by Artur Doruch
