Gruntowny skan NOD32 nic nie pokazuje-żadnych wirusów,natomiast podczas tworzenia loga z ComboFixa wyskoczyło czerwone okienko o usunieciu badź usunietym wirusie..Niwstety za szybko mignął komunikat i nie zdazyłem zobaczyc o co chodziło..
Daję screen z menadżera i logi do sprawdzenia:
Hijaczek
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:46, on 2008-12-01
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\RtHDVCpl.exe
D:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Users\BZIKU\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\Taskmgr.exe
C:\Programy\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\BZIKU\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\BZIKU\AppData\Local\Temp\xxx41.exe
O4 - HKCU\..\Run: [Cognac] C:\Users\BZIKU\AppData\Local\Temp\~tmpb.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - D:\Programy\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 4064 bytes
Silent Runners opcja "NO"
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"Uniblue RegistryBooster 2009" = "c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [file not found]
"MSFox" = "C:\Users\BZIKU\AppData\Local\Temp\xxx41.exe" [null data]
"Cognac" = "C:\Users\BZIKU\AppData\Local\Temp\~tmpb.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"PCSuiteTrayApplication" = "D:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"Adobe Reader Speed Launcher" = ""D:\Programy\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"Windows Mobile-based device management" = "C:\Windows\WindowsMobile\wmdSync.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "D:\Programy\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension"
-> {HKLM...CLSID} = "EPM-PO Shell Extensions"
\InProcServer32\(Default) = "epm-po.dll" [file not found]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\Web\Wallpaper\img24.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\BZIKU\AppData\Roaming\Opera\Opera\profile\skin\018_Wildbird.bmp"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
NMMPlayCDAudioOnArrival\
"Provider" = "Nokia Music Manager"
"InvokeProgID" = "NokiaMusicManager"
"InvokeVerb" = "NMMPlayCD"
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "D:\Programy\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD "%L"" ["Nokia"]
NMMRipCDAudioOnArrival\
"Provider" = "Nokia Music Manager"
"InvokeProgID" = "NokiaMusicManager"
"InvokeVerb" = "NMMRipCD"
HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "D:\Programy\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD "%L"" ["Nokia"]
VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "D:\Programy\VLC\vlc.exe cdda:%1" ["VideoLAN Team"]
VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "D:\Programy\VLC\vlc.exe dvd:%1" ["VideoLAN Team"]
Startup items in "BZIKU" & "All Users" startup folders:
-------------------------------------------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Empowering Technology Launcher" -> shortcut to: "D:\Programy\Acer\Empowering Technology\eAPLauncher.exe 9999" ["Acer Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 26
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}
ePower Service, WMIService, "D:\Programy\Acer\Empowering Technology\ePower\ePowerSvc.exe" ["acer"]
Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]
Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
Usługa Protokół SSTP, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}
Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
XAudioService, XAudioService, "C:\Windows\system32\DRIVERS\xaudio.exe" ["Conexant Systems, Inc."]
Łączność urządzeń z systemem Windows Mobile, RapiMgr, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\rapimgr.dll" [MS]}
Łączność z urządzeniem z systemem Windows Mobile 2003, WcesComm, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\wcescomm.dll" [MS]}
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
ThinPrint Print Port Monitor for VMWare\Driver = "TPVMMon.dll" [file not found]
---------- (launch time: 2008-12-01 22:03:56)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 56 seconds.
---------- (total run time: 122 seconds)
ComboFix
- Kod: Zaznacz wszystko
ComboFix 08-12-01.01 - BZIKU 2008-12-01 22:09:10.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1045.18.870 [GMT 1:00]
Uruchomiony z: c:\users\BZIKU\Desktop\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\System32\Desktop_.ini
.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-01 do 2008-12-01 )))))))))))))))))))))))))))))))
.
2008-11-29 20:11 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-29 20:04 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-29 20:04 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-29 20:04 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-29 20:04 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-20 20:35 . 2008-11-20 20:35 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-11-20 14:18 . 2008-11-20 14:18 <DIR> d-------- c:\users\BZIKU\AppData\Roaming\Uniblue
2008-11-19 19:19 . 2008-11-19 19:20 <DIR> d-------- c:\program files\Aspell
2008-11-17 10:50 . 2008-11-17 10:51 1,905 --a------ c:\windows\diagwrn.xml
2008-11-17 10:50 . 2008-11-17 10:51 1,905 --a------ c:\windows\diagerr.xml
2008-11-17 10:23 . 2008-11-20 14:22 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-17 08:54 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-17 08:54 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-17 08:54 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-17 08:54 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-17 08:54 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-17 08:54 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-17 08:54 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-17 08:54 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-17 08:54 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-12 08:19 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 08:19 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 08:19 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-04 12:57 . 2008-11-04 12:57 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-03 18:56 . 2008-11-04 08:21 <DIR> d-------- C:\Downloads
2008-11-02 14:21 . 2008-11-02 14:21 <DIR> d-------- c:\program files\Common Files\EZB Systems
2008-11-01 00:18 . 2008-11-01 00:18 <DIR> d-------- c:\users\BZIKU\AppData\Roaming\vlc
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 20:12 13,025 ----a-w c:\users\BZIKU\AppData\Roaming\nvModes.dat
2008-11-26 21:47 159,830 ----a-w c:\windows\Marsu-Fix Uninstaller.exe
2008-10-30 09:46 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-21 20:58 --------- d-----w c:\users\BZIKU\AppData\Roaming\Nokia Multimedia Player
2008-10-21 18:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-19 18:58 --------- d-----w c:\program files\Common Files\Adobe
2008-10-16 07:49 --------- d-----w c:\program files\Windows Mail
2008-10-13 11:06 --------- d-----w c:\users\BZIKU\AppData\Roaming\Nokia
2008-10-13 11:06 --------- d-----w c:\programdata\PC Suite
2008-10-13 11:05 --------- d-----w c:\users\BZIKU\AppData\Roaming\PC Suite
2008-10-13 10:53 --------- d-----w c:\program files\DIFX
2008-10-13 10:52 --------- d-----w c:\program files\Common Files\PCSuite
2008-10-13 10:52 --------- d-----w c:\program files\Common Files\Nokia
2008-10-13 10:51 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-13 10:50 --------- d-----w c:\programdata\Installations
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-14 18:14 737,280 ----a-w c:\windows\iun6002.exe
2008-09-14 17:49 319,984 ----a-w c:\windows\DIFxAPI.dll
2008-04-16 19:04 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-19 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-19 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-19 81920]
"PCSuiteTrayApplication"="d:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Reader Speed Launcher"="d:\programy\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-30 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="d:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - d:\programy\Acer\Empowering Technology\eAPLauncher.exe [2008-10-21 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E090B1CD-8614-42AF-BC60-3C05DD2DF352}"= UDP:990:LocalSubnet:LocalSubnet|IF={F3F47904-DDA7-4C96-99F8-E91FD11A76E3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{8D522426-6713-4C72-87D2-AD2A5FB20EA3}"= UDP:990:LocalSubnet:LocalSubnet|IF={F3F47904-DDA7-4C96-99F8-E91FD11A76E3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{85DC0715-56AB-48CB-B07B-0EA95E467B7D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9AE3E8E1-D418-4204-8D6E-2C15166E3EF0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2008-04-16 11696]
S3 vmx_svga;vmx_svga;c:\windows\system32\DRIVERS\vmx_svga.sys [2008-04-16 62768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Zawartość folderu 'Zaplanowane zadania'
2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{A986B42C-06E1-41C9-816E-E43B005340E9}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\users\BZIKU\AppData\Roaming\Mozilla\Firefox\Profiles\ri4zsq13.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://abradio.pl/
FF -: plugin - d:\programy\Reader 9.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 22:11:01
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów ...
[0] 0x00000305
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-12-01 22:12:22
ComboFix-quarantined-files.txt 2008-12-01 21:12:20
Przed: 11 334 524 928 bajtów wolnych
Po: 11,442,049,024 bajtów wolnych
132 --- E O F --- 2008-11-30 15:01:53
to jest wpis od Visty 
