ComboFix 08-04-18.3 - Admin 2008-04-19 17:41:34.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.72 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cceeeec_z.dll
C:\WINDOWS\Temporary Internet Files\firmware.inf
C:\WINDOWS\Temporary Internet Files\ip3picfile.temp
C:\WINDOWS\Temporary Internet Files\ip3Wmapic.temp
.
((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.
2008-04-19 17:23 . 2008-04-19 17:23 23 --a------ C:\WINDOWS\SYSTEM32\aefead8_z.ocx
2008-04-19 16:57 . 2008-04-19 16:58 <DIR> d-------- C:\Netgear
2008-04-13 21:14 . 2008-04-13 21:14 766 --a------ C:\WINDOWS\SYSTEM32\blrs.ico
2008-04-13 00:19 . 2008-04-16 20:10 <DIR> d-------- C:\Sciagnietendk
2008-04-12 23:58 . 2008-04-12 23:59 <DIR> d-------- C:\security
2008-04-12 19:41 . 2008-04-12 19:41 <DIR> d-------- C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 19:41 . 2008-04-12 19:41 <DIR> d-------- C:\Documents and Settings\GoťŠ
2008-04-12 15:30 . 2008-04-12 15:30 <DIR> d-------- C:\Documents and Settings\Admin\DoctorWeb
2008-04-12 15:07 . 2008-04-19 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-04-12 13:09 . 2008-04-12 13:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-12 13:09 . 2008-04-12 19:47 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-12 13:08 . 2008-04-19 17:43 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-12 13:08 . 2008-04-12 13:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-12 13:08 . 2005-12-29 22:09 36,101 --a------ C:\Documents and Settings\Administrator\hpzscr000.log
2008-04-12 13:08 . 2005-12-29 22:05 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
2008-04-12 13:08 . 2008-04-19 17:41 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 16:35 . 2005-08-10 12:43 41,984 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\dlkfet5b.sys
2008-04-02 17:09 . 2008-04-02 17:09 <DIR> d-------- C:\Free YouTube to Mp3 Converter
2008-04-02 16:56 . 2008-04-02 16:56 <DIR> d-------- C:\Temp
2008-04-02 16:55 . 2008-04-02 17:09 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2008-03-29 22:29 . 2007-10-07 17:08 2,728 --a------ C:\WINDOWS\SYSTEM32\mini_spectrum2.swf
2008-03-29 22:26 . 2008-04-17 11:46 <DIR> d-------- C:\iriver plus 3
2008-03-22 17:44 . 2008-03-22 17:46 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\SecondLife
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 15:38 --------- d-----w C:\Program Files\AutoConnect
2008-04-19 14:06 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2008-04-18 19:53 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-04-12 21:27 --------- d-----w C:\Program Files\podatki.pl
2008-04-12 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-12 21:22 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Lavasoft
2008-04-12 21:19 --------- d-----w C:\Program Files\Winamp
2008-02-28 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 19:17 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\fretsonfire
2008-02-23 09:32 --------- d-----w C:\Program Files\GoldWave
2008-02-20 09:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 09:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 09:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-02-19 11:16 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu
2005-12-17 17:42 266 --sha-w C:\Program Files\desktop.ini
2005-12-17 17:42 11,232 ---ha-w C:\Program Files\folder.htt
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2006-03-17 07:08 8480768 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programs^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programs\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\EdHTMLv5.0\EdHTML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-06-10 16:20 1397760 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 15:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-09 21:32 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]
C:\Program Files\Spik\Spik.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zasobnik systemowy]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LoadQM"=loadqm.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"SoundMan"=SOUNDMAN.EXE
"autoclk"=autoclk.exe
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Age Of Empires 2 & The Conquerors\\age2_x1.exe"=
"C:\\Gadu-Gadu 6.1\\gg.exe"=
"C:\\Documents and Settings\\Admin\\Pulpit\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-09 14:17]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 19:07]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 21:00:00 C:\WINDOWS\Tasks\Uruchomienie aplikacji dostrajania.job"
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 17:43:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
Completion time: 2008-04-19 17:45:25
ComboFix-quarantined-files.txt 2008-04-19 15:45:21
Pre-Run: 24,712,621,056 bajtów wolnych
Post-Run: 24,711,757,824 bajtów wolnych
210
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:01, on 2008-04-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Admin\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wiadomosci.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{293EF9E3-F5F1-4101-9252-6D8F3B0F3BBE}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{293EF9E3-F5F1-4101-9252-6D8F3B0F3BBE}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - (no file)
O23 - Service: Eset Service (ekrn) - ESET - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 4420 bytes
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - (no file)
O23 - Service: Eset Service (ekrn) - ESET - (no file)
File::
C:\WINDOWS\SYSTEM32\aefead8_z.ocx
Dzi@dek napisał(a):Usuń te wpisy w HJ:
Dzi@dek napisał(a):Przeciągnij i upuść plik CFScript.txt
Dzi@dek napisał(a):zresetuje sie komputer.
Dzi@dek napisał(a):eśli pojawi się pytanie "1 or 2"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:53, on 2008-04-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Admin\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wiadomosci.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{293EF9E3-F5F1-4101-9252-6D8F3B0F3BBE}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{293EF9E3-F5F1-4101-9252-6D8F3B0F3BBE}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - (no file)
O23 - Service: Eset Service (ekrn) - ESET - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 4421 bytes
ComboFix 08-04-18.3 - Admin 2008-04-19 19:00:47.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.89 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\SYSTEM32\aefead8_z.ocx
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\SYSTEM32\aefead8_z.ocx
.
((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.
2008-04-19 16:57 . 2008-04-19 16:58 <DIR> d-------- C:\Netgear
2008-04-13 21:14 . 2008-04-13 21:14 766 --a------ C:\WINDOWS\SYSTEM32\blrs.ico
2008-04-13 00:19 . 2008-04-16 20:10 <DIR> d-------- C:\Sciagnietendk
2008-04-12 23:58 . 2008-04-12 23:59 <DIR> d-------- C:\security
2008-04-12 19:41 . 2008-04-12 19:41 <DIR> d-------- C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 19:41 . 2008-04-12 19:41 <DIR> d-------- C:\Documents and Settings\GoťŠ
2008-04-12 15:30 . 2008-04-12 15:30 <DIR> d-------- C:\Documents and Settings\Admin\DoctorWeb
2008-04-12 15:07 . 2008-04-19 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-04-12 13:09 . 2008-04-12 13:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-12 13:09 . 2008-04-12 19:47 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-12 13:08 . 2008-04-19 19:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-12 13:08 . 2008-04-12 13:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-12 13:08 . 2005-12-29 22:09 36,101 --a------ C:\Documents and Settings\Administrator\hpzscr000.log
2008-04-12 13:08 . 2005-12-29 22:05 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
2008-04-12 13:08 . 2008-04-19 17:41 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 16:35 . 2005-08-10 12:43 41,984 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\dlkfet5b.sys
2008-04-02 17:09 . 2008-04-02 17:09 <DIR> d-------- C:\Free YouTube to Mp3 Converter
2008-04-02 16:56 . 2008-04-02 16:56 <DIR> d-------- C:\Temp
2008-04-02 16:55 . 2008-04-02 17:09 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2008-03-29 22:29 . 2007-10-07 17:08 2,728 --a------ C:\WINDOWS\SYSTEM32\mini_spectrum2.swf
2008-03-29 22:26 . 2008-04-17 11:46 <DIR> d-------- C:\iriver plus 3
2008-03-22 17:44 . 2008-03-22 17:46 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\SecondLife
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 15:49 --------- d-----w C:\Program Files\AutoConnect
2008-04-19 14:06 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2008-04-18 19:53 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-04-12 21:27 --------- d-----w C:\Program Files\podatki.pl
2008-04-12 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-12 21:22 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Lavasoft
2008-04-12 21:19 --------- d-----w C:\Program Files\Winamp
2008-02-28 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 19:17 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\fretsonfire
2008-02-23 09:32 --------- d-----w C:\Program Files\GoldWave
2008-02-20 09:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 09:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 09:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-02-19 11:16 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu
2005-12-17 17:42 266 --sha-w C:\Program Files\desktop.ini
2005-12-17 17:42 11,232 ---ha-w C:\Program Files\folder.htt
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-19_17.44.59,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:38:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-19 15:48:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-19 15:49:02 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_59c.dat
- 2008-04-19 15:39:52 3,735,552 ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-19 15:51:51 3,735,552 ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2006-03-17 07:08 8480768 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programs^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programs\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\EdHTMLv5.0\EdHTML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-06-10 16:20 1397760 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 15:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-09 21:32 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]
C:\Program Files\Spik\Spik.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zasobnik systemowy]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LoadQM"=loadqm.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"SoundMan"=SOUNDMAN.EXE
"autoclk"=autoclk.exe
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Age Of Empires 2 & The Conquerors\\age2_x1.exe"=
"C:\\Gadu-Gadu 6.1\\gg.exe"=
"C:\\Documents and Settings\\Admin\\Pulpit\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-09 14:17]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 19:07]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 21:00:00 C:\WINDOWS\Tasks\Uruchomienie aplikacji dostrajania.job"
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 19:03:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
Completion time: 2008-04-19 19:05:21
ComboFix-quarantined-files.txt 2008-04-19 17:05:11
Pre-Run: 24,691,356,672 bajtów wolnych
Post-Run: 24,679,779,840 bajtów wolnych
216
File::
C:\WINDOWS\system32\drivers\epfwtdir.sys
C:\WINDOWS\system32\drivers\easdrv.sys
C:\WINDOWS\system32\drivers\eamon.sys
Driver::
EHttpSrv
ekrn
wojtas napisał(a):nowy log
ComboFix 08-04-18.3 - Admin 2008-04-22 17:27:06.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.73 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\system32\drivers\eamon.sys
C:\WINDOWS\system32\drivers\easdrv.sys
C:\WINDOWS\system32\drivers\epfwtdir.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\eamon.sys
C:\WINDOWS\system32\drivers\easdrv.sys
C:\WINDOWS\system32\drivers\epfwtdir.sys
C:\WINDOWS\Temporary Internet Files\firmware.inf
C:\WINDOWS\Temporary Internet Files\ip3Wmapic.temp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EKRN
-------\Service_EHttpSrv
-------\Service_ekrn
-------\Legacy_eamon
-------\Legacy_easdrv
-------\Legacy_epfwtdir
-------\eamon
-------\easdrv
-------\epfwtdir
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.
2008-04-19 21:41 . 2008-04-19 21:52 <DIR> d-------- C:\Grand Theft Auto Vice City
2008-04-19 20:57 . 2008-04-19 20:57 <DIR> d-------- C:\Program Files\ESET
2008-04-19 16:57 . 2008-04-19 16:58 <DIR> d-------- C:\Netgear
2008-04-13 21:14 . 2008-04-13 21:14 766 --a------ C:\WINDOWS\SYSTEM32\blrs.ico
2008-04-13 00:19 . 2008-04-21 11:27 <DIR> d-------- C:\Sciagnietendk
2008-04-12 23:58 . 2008-04-12 23:59 <DIR> d-------- C:\security
2008-04-12 19:41 . 2008-04-12 19:41 <DIR> d-------- C:\Documents and Settings\Gość
2008-04-12 19:41 . <DIR> C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 19:41 . <DIR> C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 15:30 . 2008-04-12 15:30 <DIR> d-------- C:\Documents and Settings\Admin\DoctorWeb
2008-04-12 13:09 . 2008-04-12 13:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-12 13:09 . 2008-04-12 19:47 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-12 13:08 . 2008-04-22 17:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-12 13:08 . 2008-04-12 13:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-12 13:08 . 2005-12-29 22:09 36,101 --a------ C:\Documents and Settings\Administrator\hpzscr000.log
2008-04-12 13:08 . 2005-12-29 22:05 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
2008-04-12 13:08 . 2008-04-19 17:41 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 16:35 . 2005-08-10 12:43 41,984 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\dlkfet5b.sys
2008-04-02 17:09 . 2008-04-02 17:09 <DIR> d-------- C:\Free YouTube to Mp3 Converter
2008-04-02 16:56 . 2008-04-02 16:56 <DIR> d-------- C:\Temp
2008-04-02 16:55 . 2008-04-02 17:09 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2008-03-29 22:29 . 2007-10-07 17:08 2,728 --a------ C:\WINDOWS\SYSTEM32\mini_spectrum2.swf
2008-03-29 22:26 . 2008-04-20 20:42 <DIR> d-------- C:\iriver plus 3
2008-03-22 17:44 . 2008-03-22 17:46 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\SecondLife
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 15:32 --------- d-----w C:\Program Files\AutoConnect
2008-04-21 20:24 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-04-19 19:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 14:06 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2008-04-12 21:27 --------- d-----w C:\Program Files\podatki.pl
2008-04-12 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-12 21:22 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Lavasoft
2008-04-12 21:19 --------- d-----w C:\Program Files\Winamp
2008-02-27 19:17 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\fretsonfire
2008-02-23 09:32 --------- d-----w C:\Program Files\GoldWave
2005-12-17 17:42 266 --sha-w C:\Program Files\desktop.ini
2005-12-17 17:42 11,232 ---ha-w C:\Program Files\folder.htt
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-19_17.44.59,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:38:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 15:31:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-04-19 14:08:00 10,134 ----a-r C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\callmsi.exe
+ 2008-04-19 18:57:55 10,134 ----a-r C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\callmsi.exe
- 2008-04-19 14:08:00 136,448 ----a-r C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
+ 2008-04-19 18:57:56 136,448 ----a-r C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
+ 2008-04-22 15:31:50 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5c8.dat
- 2008-04-19 15:39:52 3,735,552 ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-22 15:32:20 3,735,552 ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2006-03-17 07:08 8480768 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programs^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programs\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\EdHTMLv5.0\EdHTML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-06-10 16:20 1397760 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
C:\Program Files\Konnekt\konnekt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 15:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-09 21:32 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]
C:\Program Files\Spik\Spik.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zasobnik systemowy]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LoadQM"=loadqm.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"SoundMan"=SOUNDMAN.EXE
"autoclk"=autoclk.exe
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Age Of Empires 2 & The Conquerors\\age2_x1.exe"=
"C:\\Gadu-Gadu 6.1\\gg.exe"=
"C:\\Documents and Settings\\Admin\\Pulpit\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-09 14:17]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 19:07]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 21:00:00 C:\WINDOWS\Tasks\Uruchomienie aplikacji dostrajania.job"
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 17:32:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\PAStiSvc.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-22 17:34:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 15:34:34
Pre-Run: 23,029,556,224 bajtów wolnych
Post-Run: 23,031,497,728 bajt˘w wolnych
246
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
Folder::
C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}
ComboFix 08-04-18.3 - Admin 2008-04-23 23:17:12.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.62 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}
C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\callmsi.exe
C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-19 21:41 . 2008-04-19 21:52 <DIR> d-------- C:\Grand Theft Auto Vice City
2008-04-19 20:57 . 2008-04-19 20:57 <DIR> d-------- C:\Program Files\ESET
2008-04-19 16:57 . 2008-04-19 16:58 <DIR> d-------- C:\Netgear
2008-04-13 21:14 . 2008-04-13 21:14 766 --a------ C:\WINDOWS\SYSTEM32\blrs.ico
2008-04-13 00:19 . 2008-04-21 11:27 <DIR> d-------- C:\Sciagnietendk
2008-04-12 23:58 . 2008-04-12 23:59 <DIR> d-------- C:\security
2008-04-12 19:41 . 2008-04-22 17:34 <DIR> d-------- C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 19:41 . 2008-04-12 19:41 <DIR> d-------- C:\Documents and Settings\GoťŠ
2008-04-12 15:30 . 2008-04-12 15:30 <DIR> d-------- C:\Documents and Settings\Admin\DoctorWeb
2008-04-12 13:09 . 2008-04-12 13:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-12 13:09 . 2008-04-12 19:47 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-12 13:08 . 2008-04-23 23:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-12 13:08 . 2008-04-12 13:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-12 13:08 . 2005-12-29 22:09 36,101 --a------ C:\Documents and Settings\Administrator\hpzscr000.log
2008-04-12 13:08 . 2005-12-29 22:05 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
2008-04-12 13:08 . 2008-04-19 17:41 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 16:35 . 2005-08-10 12:43 41,984 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\dlkfet5b.sys
2008-04-02 17:09 . 2008-04-02 17:09 <DIR> d-------- C:\Free YouTube to Mp3 Converter
2008-04-02 16:56 . 2008-04-02 16:56 <DIR> d-------- C:\Temp
2008-04-02 16:55 . 2008-04-02 17:09 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2008-03-29 22:29 . 2007-10-07 17:08 2,728 --a------ C:\WINDOWS\SYSTEM32\mini_spectrum2.swf
2008-03-29 22:26 . 2008-04-20 20:42 <DIR> d-------- C:\iriver plus 3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 17:50 --------- d-----w C:\Program Files\AutoConnect
2008-04-21 20:24 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-04-19 19:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 14:06 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2008-04-12 21:27 --------- d-----w C:\Program Files\podatki.pl
2008-04-12 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-12 21:22 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Lavasoft
2008-04-12 21:19 --------- d-----w C:\Program Files\Winamp
2008-03-22 15:46 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\SecondLife
2008-02-27 19:17 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\fretsonfire
2008-02-23 09:32 --------- d-----w C:\Program Files\GoldWave
2005-12-17 17:42 266 --sha-w C:\Program Files\desktop.ini
2005-12-17 17:42 11,232 ---ha-w C:\Program Files\folder.htt
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-19_17.44.59,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:38:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 17:50:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-04-22 17:50:11 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5a0.dat
- 2008-04-19 15:39:52 3,735,552 ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-23 21:01:42 3,735,552 ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2006-03-17 07:08 8480768 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programs^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programs\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\EdHTMLv5.0\EdHTML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-06-10 16:20 1397760 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
C:\Program Files\Konnekt\konnekt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 15:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-09 21:32 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]
C:\Program Files\Spik\Spik.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zasobnik systemowy]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LoadQM"=loadqm.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"SoundMan"=SOUNDMAN.EXE
"autoclk"=autoclk.exe
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Age Of Empires 2 & The Conquerors\\age2_x1.exe"=
"C:\\Gadu-Gadu 6.1\\gg.exe"=
"C:\\Documents and Settings\\Admin\\Pulpit\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-09 14:17]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 19:07]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 21:00:00 C:\WINDOWS\Tasks\Uruchomienie aplikacji dostrajania.job"
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 23:19:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
Completion time: 2008-04-23 23:21:28
ComboFix-quarantined-files.txt 2008-04-23 21:21:23
ComboFix2.txt 2008-04-22 15:34:42
Pre-Run: 22,947,852,800 bajtów wolnych
Post-Run: 22,961,337,344 bajtów wolnych
215
http://p-nand-q.com/e/pserv.html
http://www.snapfiles.com/get/systemproperties.html
kahoona napisał(a):Windows / Installer
kahoona napisał(a):czyszczenie rejestru
kahoona napisał(a):Po drodze - sprawdziłbym skanerem online system - i usunął Redlof.A i inne (prawdopodobnie Very Happy ).
kahoona napisał(a):odinstaluj Dr.Web
2008-04-12 15:30 . 2008-04-12 15:30 <DIR> d-------- C:\Documents and Settings\Admin\DoctorWeb
C:\Program Files\folder.htt
Files::
C:\Program Files\folder.htt
Folders::
C:\Documents and Settings\Admin\DoctorWeb
kahoona napisał(a):Folder windows/Installer masz - włącz widok ukrytych plików i folderów.
ime
InCD
INF
Internet Logs
okocza napisał(a):nowy log
ComboFix 08-04-18.3 - Admin 2008-04-28 21:04:38.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.77 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Temporary Internet Files\firmware.inf
C:\WINDOWS\Temporary Internet Files\ip3picfile.temp
C:\WINDOWS\Temporary Internet Files\ip3Wmapic.temp
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.
2008-04-28 17:02 . 2008-04-28 17:02 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\System Properties
2008-04-19 21:41 . 2008-04-19 21:52 <DIR> d-------- C:\Grand Theft Auto Vice City
2008-04-19 16:57 . 2008-04-19 16:58 <DIR> d-------- C:\Netgear
2008-04-13 21:14 . 2008-04-13 21:14 766 --a------ C:\WINDOWS\SYSTEM32\blrs.ico
2008-04-13 00:19 . 2008-04-27 22:03 <DIR> d-------- C:\Sciagnietendk
2008-04-12 23:58 . 2008-04-12 23:59 <DIR> d-------- C:\security
2008-04-12 19:41 . 2008-04-22 17:34 <DIR> d-------- C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-04-12 19:41 . 2008-04-12 19:41 <DIR> d-------- C:\Documents and Settings\GoťŠ
2008-04-12 13:09 . 2008-04-12 13:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-12 13:09 . 2008-04-12 19:47 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-12 13:08 . 2008-04-28 21:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-12 13:08 . 2005-12-29 21:57 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-12 13:08 . 2008-04-12 13:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-12 13:08 . 2005-12-29 22:09 36,101 --a------ C:\Documents and Settings\Administrator\hpzscr000.log
2008-04-12 13:08 . 2005-12-29 22:05 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
2008-04-12 13:08 . 2008-04-27 16:40 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-11 16:35 . 2005-08-10 12:43 41,984 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\dlkfet5b.sys
2008-04-02 17:09 . 2008-04-02 17:09 <DIR> d-------- C:\Free YouTube to Mp3 Converter
2008-04-02 16:56 . 2008-04-02 16:56 <DIR> d-------- C:\Temp
2008-04-02 16:55 . 2008-04-02 17:09 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2008-03-29 22:29 . 2007-10-07 17:08 2,728 --a------ C:\WINDOWS\SYSTEM32\mini_spectrum2.swf
2008-03-29 22:26 . 2008-04-27 22:11 <DIR> d-------- C:\iriver plus 3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 18:29 --------- d-----w C:\Program Files\AutoConnect
2008-04-28 14:40 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2008-04-21 20:24 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-04-19 19:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 21:27 --------- d-----w C:\Program Files\podatki.pl
2008-04-12 21:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-12 21:22 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Lavasoft
2008-04-12 21:19 --------- d-----w C:\Program Files\Winamp
2008-03-22 15:46 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\SecondLife
2005-12-17 17:42 266 --sha-w C:\Program Files\desktop.ini
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-19_17.44.59,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 15:38:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-28 18:29:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-04-19 14:08:00 10,134 ----a-r C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\callmsi.exe
+ 2008-04-25 18:06:16 10,134 ----a-r C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\callmsi.exe
- 2008-04-19 14:08:00 136,448 ----a-r C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
+ 2008-04-25 18:06:16 136,448 ----a-r C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
+ 2007-04-19 18:05:54 937,984 ----a-w C:\WINDOWS\SYSTEM32\simaika.dll
+ 2007-03-04 18:55:36 53,248 ----a-w C:\WINDOWS\SYSTEM32\w32msg.dll
+ 2008-04-28 18:29:05 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_59c.dat
- 2008-04-19 15:39:52 3,735,552 ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-28 19:04:53 3,735,552 ----a-w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2006-03-17 07:08 8480768 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 01:14 310784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programs^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programs\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
C:\EdHTMLv5.0\EdHTML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-06-10 16:20 1397760 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
C:\Program Files\Konnekt\konnekt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 15:43 7630848 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-01-31 15:20 180224 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-09 21:32 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-11-11 15:07 90112 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]
C:\Program Files\Spik\Spik.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zasobnik systemowy]
--a------ 2001-10-26 19:30 3072 C:\WINDOWS\SYSTEM32\systray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"LoadQM"=loadqm.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"SoundMan"=SOUNDMAN.EXE
"autoclk"=autoclk.exe
"StillImageMonitor"=C:\WINDOWS\SYSTEM32\STIMON.EXE
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Age Of Empires 2 & The Conquerors\\age2_x1.exe"=
"C:\\Gadu-Gadu 6.1\\gg.exe"=
"C:\\Documents and Settings\\Admin\\Pulpit\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-09 14:17]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 19:07]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 21:00:00 C:\WINDOWS\Tasks\Uruchomienie aplikacji dostrajania.job"
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 21:07:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
Completion time: 2008-04-28 21:09:18
ComboFix-quarantined-files.txt 2008-04-28 19:09:15
ComboFix2.txt 2008-04-23 21:21:29
ComboFix3.txt 2008-04-22 15:34:42
Pre-Run: 22,485,519,872 bajtów wolnych
Post-Run: 22,487,121,920 bajtów wolnych
234
C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
+ 2008-04-25 18:06:16 136,448 ----a-r C:\WINDOWS\Installer\{17026F9A-0826-4F3B-AF90-BA59C8B12435}\egui.exe
Użytkownicy przeglądający to forum: tinade oraz 20 gości