przez PaynePL 30 Cze 2008, 23:19
Jak się mylę to sorry, ale ja nie jestem takim zaawansowanym użytkownikiem komputera. 
przez Magik 30 Cze 2008, 23:27
przez PaynePL 01 Lip 2008, 11:31
ComboFix 08-06-20.4 - Klucha & RouRo 2008-07-01 11:16:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.691 [GMT 2:00]
Running from: D:\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\ECURIT~1
C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\ECURIT~1\s?chost.exe
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\Program Files\inetget2
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\mrofinu1001186.exe.tmp
C:\WINDOWS\system32\imeaashb.dll
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~1\?racle\
C:\WINDOWS\system32\racle~1\rundll32.exe
C:\WINDOWS\system32\setup.ini
C:\WINDOWS\ufdata2000.log
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.
2008-07-01 00:00 . 2008-07-01 00:00 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\InstallShield
2008-06-30 21:25 . 2008-06-30 21:25 835,584 --a------ C:\WINDOWS\iun6002.exe
2008-06-30 17:32 . 2008-06-30 17:32 <DIR> d-------- C:\Program Files\QuickTime
2008-06-30 17:32 . 2008-06-30 17:32 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-30 17:32 . 2008-06-30 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-30 17:32 . 2008-06-30 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-06-30 15:56 . 2008-06-30 15:56 <DIR> d-------- C:\Program Files\Ashampoo AntiSpyWare 2
2008-06-30 14:56 . 2008-06-30 14:56 26,624 --a------ C:\WINDOWS\system32\xmlsys.dll
2008-06-30 14:46 . 2008-06-30 14:46 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\PlayFirst
2008-06-30 14:22 . 2008-06-30 14:23 271 --a------ C:\WINDOWS\tetuhau3.INI
2008-06-30 10:44 . 2008-06-30 10:44 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-29 19:43 . 2008-06-30 15:24 35 --a------ C:\WINDOWS\WDIRECT.INI
2008-06-29 19:00 . 2008-06-29 19:00 0 --a------ C:\WINDOWS\Mapper.INI
2008-06-29 18:12 . 2008-06-29 18:12 <DIR> d-------- C:\Program Files\mjc
2008-06-29 14:05 . 2008-06-29 14:05 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-29 14:05 . 2008-06-29 14:05 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\DAEMON Tools
2008-06-29 13:12 . 2008-06-29 13:12 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-29 13:12 . 2008-06-29 13:12 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-29 12:18 . 2008-06-29 12:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-29 12:18 . 2008-06-29 12:18 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-29 12:18 . 2008-06-29 12:18 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-29 12:16 . 2008-06-29 12:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 17:55 . 2008-06-28 17:57 <DIR> d-------- C:\WINDOWS\UbiSoft
2008-06-28 11:09 . 2008-06-28 11:09 <DIR> d-------- C:\Program Files\PopCap Games
2008-06-28 11:09 . 2008-06-28 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-06-28 11:09 . 2008-06-28 11:11 10 --a------ C:\WINDOWS\popcinfo.dat
2008-06-28 11:05 . 2008-06-30 15:05 253,696 --a------ C:\WINDOWS\hppunin.exe
2008-06-26 22:27 . 2008-06-26 22:29 <DIR> d-------- C:\Program Files\Absolute Video Converter
2008-06-25 20:24 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-06-25 12:47 . 2008-06-25 12:47 <DIR> d-------- C:\Program Files\Recuva
2008-06-19 22:43 . 2008-06-19 22:43 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-06-19 22:42 . 2008-06-19 22:42 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\WINDOWS
2008-06-19 22:42 . 1997-05-12 17:53 423,936 --a------ C:\WINDOWS\IsUninst.exe
2008-06-19 22:42 . 2008-06-19 22:43 401 --a------ C:\WINDOWS\SIERRA.INI
2008-06-19 22:41 . 2008-06-19 22:41 104,688 --a------ C:\WINDOWS\~GLC0000.TMP
2008-06-19 22:41 . 2008-06-19 22:41 5,607 --a------ C:\WINDOWS\~GLH0000.TMP
2008-06-19 22:21 . 2008-06-19 22:21 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-19 21:56 . 2008-06-20 00:48 115 --a------ C:\WINDOWS\7THLEVEL.INI
2008-06-19 20:15 . 2008-06-30 11:29 <DIR> d-------- C:\Program Files\DOSBox
2008-06-19 20:15 . 2008-06-29 23:17 <DIR> d-------- C:\Program Files\D-Fend
2008-06-19 16:27 . 2008-06-19 16:38 40 --a------ C:\WINDOWS\nfsc_patch.ini
2008-06-18 19:01 . 2008-06-18 19:01 <DIR> d---s---- C:\Documents and Settings\Klucha & RouRo\UserData
2008-06-18 11:14 . 2008-06-18 11:14 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Blender Foundation
2008-06-17 20:43 . 2008-07-01 11:19 61,440 --a------ C:\WINDOWS\system32\msfir80.exe
2008-06-17 20:43 . 2008-07-01 11:19 61,440 --a------ C:\WINDOWS\system32\algssl.exe
2008-06-17 20:43 . 2008-07-01 11:20 61,440 ---hs---- C:\sal.xls.exe
2008-06-17 20:43 . 2008-07-01 11:19 130 ---hs---- C:\AUTORUN.INF
2008-06-17 20:42 . 2008-07-01 09:34 61,440 --a------ C:\WINDOWS\system32\msime80.exe
2008-06-17 12:20 . 2008-06-17 12:20 <DIR> d-------- C:\Program Files\Java
2008-06-17 11:52 . 2008-06-22 17:27 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Hamachi
2008-06-17 11:51 . 2008-06-17 11:52 <DIR> d-------- C:\Program Files\Hamachi
2008-06-17 11:51 . 2008-06-17 11:51 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-17 10:58 . 2008-06-17 17:51 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\skypePM
2008-06-17 10:58 . 2008-06-17 10:58 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-17 10:52 . 2008-06-17 11:12 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\gtk-2.0
2008-06-17 10:44 . 2008-06-17 10:44 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\.thumbnails
2008-06-17 10:43 . 2008-06-17 11:13 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\.gimp-2.2
2008-06-17 10:42 . 2008-06-17 10:42 <DIR> d-------- C:\Program Files\GIMP
2008-06-17 10:42 . 2008-06-17 10:42 <DIR> d-------- C:\Program Files\Common Files\GTK 2.0
2008-06-14 20:14 . 2008-06-14 20:14 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-14 20:14 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-06-14 20:14 . 2006-10-07 17:43 550,400 --a------ C:\WINDOWS\x2.64.exe
2008-06-14 20:14 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2008-06-14 20:14 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-06-14 20:14 . 2005-02-28 13:16 254,976 --a------ C:\WINDOWS\system32\x.264.exe
2008-06-14 20:14 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-06-14 20:14 . 2006-04-05 08:09 114,176 --a------ C:\WINDOWS\MOTA113.exe
2008-06-14 20:14 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-14 20:14 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-06-14 20:14 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-06-13 12:38 . 2008-06-13 12:38 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-06-13 12:38 . 2008-06-13 21:18 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\MegauploadToolbar
2008-06-13 09:05 . 2008-06-14 09:00 <DIR> d-------- C:\Program Files\MobMapUpdater
2008-06-13 08:12 . 2008-06-13 08:12 <DIR> d-------- C:\Program Files\WinISO
2008-06-12 18:35 . 2006-01-02 16:51 2,125,312 --a------ C:\WINDOWS\setup_rangers_2.exe
2008-06-12 16:08 . 2008-06-12 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2008-06-12 16:08 . 2008-07-01 01:01 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-12 16:01 . 2008-06-12 16:01 <DIR> d-------- C:\Program Files\Blender Foundation
2008-06-12 16:01 . 2008-06-12 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Blender Foundation
2008-06-12 15:46 . 2008-06-12 15:46 <DIR> d-------- C:\Program Files\OpenAL
2008-06-12 15:46 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-12 15:46 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-12 15:46 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp88E.tmp
2008-06-12 15:46 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp88D.tmp
2008-06-12 15:46 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-12 15:46 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-12 15:46 . 2008-06-12 15:46 444,952 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-12 15:46 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-12 15:46 . 2008-06-12 15:46 109,080 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-06-12 15:46 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-11 18:54 . 2008-06-11 18:54 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Sony
2008-06-11 18:54 . 2008-06-11 18:54 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Publish Providers
2008-06-11 18:54 . 2008-06-30 13:20 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-11 18:48 . 2008-06-11 18:48 <DIR> d-------- C:\Program Files\Vstplugins
2008-06-11 18:48 . 2008-06-11 18:48 <DIR> d-------- C:\Program Files\Sony
2008-06-11 18:48 . 2008-06-11 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-06-11 18:44 . 2008-06-11 18:44 <DIR> d-------- C:\WINDOWS\system32\pl-PL
2008-06-11 18:43 . 2008-06-11 18:43 <DIR> d-------- C:\Program Files\MSBuild
2008-06-11 18:37 . 2008-06-11 18:44 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-11 18:36 . 2008-06-11 18:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-11 16:46 . 2008-06-11 16:46 <DIR> d-------- C:\Program Files\Sony Setup
2008-06-11 16:08 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-11 15:51 . 2008-06-11 15:52 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-06-11 14:50 . 2008-06-11 14:50 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\GeoVid
2008-06-11 14:47 . 2008-06-11 14:50 <DIR> d-------- C:\Program Files\Video Avatar
2008-06-11 14:47 . 2004-08-04 15:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-06-11 14:47 . 2003-03-19 08:19 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-06-11 14:47 . 2003-03-19 08:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-06-11 14:47 . 2003-03-19 07:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-11 14:47 . 2003-03-19 06:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-06-11 14:47 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-06-10 13:35 . 2008-06-10 13:35 <DIR> d-------- C:\Program Files\Real Alternative
2008-06-10 13:35 . 2008-06-10 13:35 <DIR> d-------- C:\Program Files\Media Player Classic
2008-06-09 23:04 . 2008-06-13 16:23 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\SolSuite
2008-06-09 23:04 . 2008-06-09 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TreeCardGames
2008-06-09 22:42 . 2008-06-09 22:46 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\123 Free Solitaire
2008-06-09 20:36 . 2008-06-27 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania
2008-06-08 22:53 . 2008-06-08 22:54 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-08 20:14 . 2008-06-14 19:52 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Creative
2008-06-08 10:09 . 2008-06-30 20:57 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-08 00:39 . 2008-07-01 09:10 <DIR> d-------- C:\Gry
2008-06-08 00:39 . 2008-06-14 07:27 <DIR> d-------- C:\Filmy
2008-06-08 00:30 . 2008-06-08 08:00 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-08 00:30 . 2008-06-08 00:36 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-08 00:30 . 2008-06-08 08:00 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 18:42 --------- d-----w C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Thunderbird
2008-06-07 18:42 --------- d-----w C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Talkback
2008-06-07 18:35 --------- d-----w C:\Program Files\TVUPlayer
2008-06-07 18:35 --------- d-----w C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\TVU Networks
2008-06-07 18:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks
2008-06-07 18:03 --------- d-----w C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Media Player Classic
2008-06-07 18:00 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-07 16:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-07 16:51 --------- d-----w C:\Program Files\Usługi online
.
------- Sigcheck -------
2004-08-04 00:44 1077760 dc09c613d00baf57ef17b08b5e5eeafe C:\WINDOWS\explorer.exe
2004-08-04 00:44 1044992 6e661c521ac6854969ef18b4182324b7 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 00:44 26624 f426d7988460a27065fa88b5014e1c39 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 00:44 26624 33c4a15544df2105d2ded9126f4dd2d0 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1892F58-1116-4DEC-92AA-577872EC3D3D}]
2008-06-30 14:56 26624 --a------ C:\WINDOWS\system32\xmlsys.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 26624]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"AlcoholAutomount"="C:\Program Files\Alcohol 120\axcmd.exe" [2007-12-22 09:23 221568]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 151552]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 22:13 531912]
"mjc"="C:\Program Files\mjc\mjc.exe" [2008-06-29 18:12 156672]
"Ramo"="C:\WINDOWS\system32\RACLE~1\rundll32.exe" [ ]
"Waac"="C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\?ecurity\s?chost.exe" [ ]
"MsServer"="msfir80.exe" [2008-07-01 11:19 61440 C:\WINDOWS\system32\msfir80.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1638400 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2926592 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 10:48 16220672 C:\WINDOWS\RTHDCPL.exe]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 09:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 11:08 442368]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 364544]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IMJPMIG8.2"="msime80.exe" [2008-07-01 09:34 61440 C:\WINDOWS\system32\msime80.exe]
"AntiSpyWare2Guard"="C:\Program Files\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2008-03-13 15:36 2316632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 491520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 26624]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\TmNationsForever\\TmForever.exe"=
"D:\\UEFA EURO 2008\\EURO08.exe"=
"D:\\Hellgate\\Launcher.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Documents and Settings\\Klucha & RouRo\\Pulpit\\RockNESX\\RockNESX.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\NFS Carbon\\NFSC.exe"=
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-03-13 15:36]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 12:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-07-05 13:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e674e06-4100-11dd-b52f-9f30832af39d}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5327ec27-361b-11dd-b51c-ab90cc90c12f}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a47b379d-45d3-11dd-b535-bc1fff811b8c}]
\Shell\AutoRun\command - K:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2cbc2ee-3c7e-11dd-b521-8bb921db52cf}]
\Shell\Auto\command - L:\sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 11:19:58
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsServer = msfir80.exe???x
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\algssl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2008-07-01 11:21:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 09:21:40
Pre-Run: 9,338,564,608 bajtów wolnych
Post-Run: 9,346,117,632 bajt˘w wolnych
279
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:31, on 2008-07-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\WINDOWS\system32\algssl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\mjc\mjc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Freedom\Freedom.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\WINDOWS\system32\xmlsys.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [Ramo] "C:\WINDOWS\system32\RACLE~1\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Waac] "C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\?ecurity\s?chost.exe"
O4 - HKCU\..\Run: [MsServer] msfir80.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2FDEE9E-7661-4D46-9D9D-5505F74AA0C5}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6680 bytes
przez Magik 01 Lip 2008, 11:54
i dalej jest
C:\WINDOWS\system32\algssl.exe
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKCU\..\Run: [Ramo] "C:\WINDOWS\system32\RACLE~1\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Waac] "C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\?ecurity\s?chost.exe"
Unknown
O4 - HKCU\..\Run: [MsServer] msfir80.exe
przez PaynePL 01 Lip 2008, 12:20
przez Magik 01 Lip 2008, 12:26
PaynePL napisał(a):O co chodzi z tym kodem w ramce??
podpunkt 4 usuwaniePaynePL napisał(a):Czy mam wybrać tryb awaryjny czy tryb awaryjny z obsługą wiersza poleceń??
przez PaynePL 01 Lip 2008, 13:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:48, on 2008-07-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\mjc\mjc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Freedom\Freedom.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\17PHolmes1001186.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\WINDOWS\system32\xmlsys.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2FDEE9E-7661-4D46-9D9D-5505F74AA0C5}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6580 bytes
ComboFix 08-06-20.4 - Klucha & RouRo 2008-07-01 13:33:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.616 [GMT 2:00]
Running from: D:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\mrofinu1001186.exe.tmp
C:\WINDOWS\ufdata2000.log
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.
2008-07-01 12:47 . 2008-07-01 12:47 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Grisoft
2008-07-01 12:47 . 2008-07-01 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2008-07-01 12:47 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-01 12:44 . 2008-07-01 12:46 12,413,440 --a------ C:\avgas-setup-7.5.1.43.exe
2008-07-01 12:38 . 2008-07-01 12:38 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-01 12:06 . 2008-07-01 12:06 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-01 12:00 . 2008-07-01 12:41 <DIR> d-------- C:\SDFix
2008-07-01 11:53 . 2008-07-01 11:53 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Jasc
2008-07-01 11:52 . 2008-07-01 11:53 <DIR> d-------- C:\Program Files\Animation Shop 3
2008-07-01 11:28 . 2008-07-01 11:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-01 00:00 . 2008-07-01 00:00 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\InstallShield
2008-06-30 21:25 . 2008-06-30 21:25 835,584 --a------ C:\WINDOWS\iun6002.exe
2008-06-30 17:32 . 2008-06-30 17:32 <DIR> d-------- C:\Program Files\QuickTime
2008-06-30 17:32 . 2008-06-30 17:32 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-30 17:32 . 2008-06-30 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-30 17:32 . 2008-06-30 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-06-30 14:56 . 2008-06-30 14:56 26,624 --a------ C:\WINDOWS\system32\xmlsys.dll
2008-06-30 14:46 . 2008-06-30 14:46 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\PlayFirst
2008-06-30 14:22 . 2008-06-30 14:23 271 --a------ C:\WINDOWS\tetuhau3.INI
2008-06-30 10:44 . 2008-07-01 13:27 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-29 19:43 . 2008-06-30 15:24 35 --a------ C:\WINDOWS\WDIRECT.INI
2008-06-29 19:00 . 2008-06-29 19:00 0 --a------ C:\WINDOWS\Mapper.INI
2008-06-29 18:12 . 2008-06-29 18:12 <DIR> d-------- C:\Program Files\mjc
2008-06-29 14:05 . 2008-06-29 14:05 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-29 14:05 . 2008-06-29 14:05 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\DAEMON Tools
2008-06-29 13:12 . 2008-06-29 13:12 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-29 13:12 . 2008-06-29 13:12 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-29 12:18 . 2008-06-29 12:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-29 12:18 . 2008-06-29 12:18 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-29 12:18 . 2008-06-29 12:18 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-29 12:16 . 2008-06-29 12:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 17:55 . 2008-06-28 17:57 <DIR> d-------- C:\WINDOWS\UbiSoft
2008-06-28 11:09 . 2008-06-28 11:09 <DIR> d-------- C:\Program Files\PopCap Games
2008-06-28 11:09 . 2008-06-28 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-06-28 11:09 . 2008-06-28 11:11 10 --a------ C:\WINDOWS\popcinfo.dat
2008-06-28 11:05 . 2008-06-30 15:05 253,696 --a------ C:\WINDOWS\hppunin.exe
2008-06-26 22:27 . 2008-06-26 22:29 <DIR> d-------- C:\Program Files\Absolute Video Converter
2008-06-25 20:24 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-06-25 12:47 . 2008-06-25 12:47 <DIR> d-------- C:\Program Files\Recuva
2008-06-19 22:43 . 2008-06-19 22:43 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-06-19 22:42 . 2008-06-19 22:42 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\WINDOWS
2008-06-19 22:42 . 1997-05-12 17:53 423,936 --a------ C:\WINDOWS\IsUninst.exe
2008-06-19 22:42 . 2008-06-19 22:43 401 --a------ C:\WINDOWS\SIERRA.INI
2008-06-19 22:41 . 2008-06-19 22:41 104,688 --a------ C:\WINDOWS\~GLC0000.TMP
2008-06-19 22:41 . 2008-06-19 22:41 5,607 --a------ C:\WINDOWS\~GLH0000.TMP
2008-06-19 22:21 . 2008-06-19 22:21 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-19 21:56 . 2008-06-20 00:48 115 --a------ C:\WINDOWS\7THLEVEL.INI
2008-06-19 20:15 . 2008-06-30 11:29 <DIR> d-------- C:\Program Files\DOSBox
2008-06-19 20:15 . 2008-06-29 23:17 <DIR> d-------- C:\Program Files\D-Fend
2008-06-19 16:27 . 2008-06-19 16:38 40 --a------ C:\WINDOWS\nfsc_patch.ini
2008-06-18 19:01 . 2008-06-18 19:01 <DIR> d---s---- C:\Documents and Settings\Klucha & RouRo\UserData
2008-06-18 11:14 . 2008-06-18 11:14 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Blender Foundation
2008-06-17 12:20 . 2008-06-17 12:20 <DIR> d-------- C:\Program Files\Java
2008-06-17 11:52 . 2008-06-22 17:27 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Hamachi
2008-06-17 11:51 . 2008-06-17 11:52 <DIR> d-------- C:\Program Files\Hamachi
2008-06-17 11:51 . 2008-06-17 11:51 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-17 10:58 . 2008-06-17 17:51 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\skypePM
2008-06-17 10:58 . 2008-06-17 10:58 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-17 10:52 . 2008-06-17 11:12 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\gtk-2.0
2008-06-17 10:44 . 2008-06-17 10:44 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\.thumbnails
2008-06-17 10:43 . 2008-06-17 11:13 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\.gimp-2.2
2008-06-17 10:42 . 2008-06-17 10:42 <DIR> d-------- C:\Program Files\GIMP
2008-06-17 10:42 . 2008-06-17 10:42 <DIR> d-------- C:\Program Files\Common Files\GTK 2.0
2008-06-14 20:14 . 2008-06-14 20:14 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-14 20:14 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-06-14 20:14 . 2006-10-07 17:43 550,400 --a------ C:\WINDOWS\x2.64.exe
2008-06-14 20:14 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2008-06-14 20:14 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-06-14 20:14 . 2005-02-28 13:16 254,976 --a------ C:\WINDOWS\system32\x.264.exe
2008-06-14 20:14 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-06-14 20:14 . 2006-04-05 08:09 114,176 --a------ C:\WINDOWS\MOTA113.exe
2008-06-14 20:14 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-14 20:14 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-06-14 20:14 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-06-13 12:38 . 2008-06-13 12:38 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-06-13 12:38 . 2008-06-13 21:18 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\MegauploadToolbar
2008-06-13 09:05 . 2008-06-14 09:00 <DIR> d-------- C:\Program Files\MobMapUpdater
2008-06-13 08:12 . 2008-06-13 08:12 <DIR> d-------- C:\Program Files\WinISO
2008-06-12 18:35 . 2006-01-02 16:51 2,125,312 --a------ C:\WINDOWS\setup_rangers_2.exe
2008-06-12 16:08 . 2008-06-12 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2008-06-12 16:08 . 2008-07-01 01:01 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-12 16:01 . 2008-06-12 16:01 <DIR> d-------- C:\Program Files\Blender Foundation
2008-06-12 16:01 . 2008-06-12 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Blender Foundation
2008-06-12 15:46 . 2008-06-12 15:46 <DIR> d-------- C:\Program Files\OpenAL
2008-06-12 15:46 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-12 15:46 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-12 15:46 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp88E.tmp
2008-06-12 15:46 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp88D.tmp
2008-06-12 15:46 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-12 15:46 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-12 15:46 . 2008-06-12 15:46 444,952 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-12 15:46 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-12 15:46 . 2008-06-12 15:46 109,080 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-06-12 15:46 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-11 18:54 . 2008-06-11 18:54 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Sony
2008-06-11 18:54 . 2008-06-11 18:54 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Publish Providers
2008-06-11 18:54 . 2008-06-30 13:20 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-11 18:48 . 2008-06-11 18:48 <DIR> d-------- C:\Program Files\Vstplugins
2008-06-11 18:48 . 2008-06-11 18:48 <DIR> d-------- C:\Program Files\Sony
2008-06-11 18:48 . 2008-06-11 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-06-11 18:44 . 2008-06-11 18:44 <DIR> d-------- C:\WINDOWS\system32\pl-PL
2008-06-11 18:43 . 2008-06-11 18:43 <DIR> d-------- C:\Program Files\MSBuild
2008-06-11 18:37 . 2008-06-11 18:44 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-11 18:36 . 2008-06-11 18:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-11 16:46 . 2008-06-11 16:46 <DIR> d-------- C:\Program Files\Sony Setup
2008-06-11 16:08 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-11 15:51 . 2008-06-11 15:52 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-06-11 14:50 . 2008-06-11 14:50 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\GeoVid
2008-06-11 14:47 . 2008-06-11 14:50 <DIR> d-------- C:\Program Files\Video Avatar
2008-06-11 14:47 . 2004-08-04 15:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-06-11 14:47 . 2003-03-19 08:19 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-06-11 14:47 . 2003-03-19 08:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-06-11 14:47 . 2003-03-19 07:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-11 14:47 . 2003-03-19 06:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-06-11 14:47 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-06-10 13:35 . 2008-06-10 13:35 <DIR> d-------- C:\Program Files\Real Alternative
2008-06-10 13:35 . 2008-06-10 13:35 <DIR> d-------- C:\Program Files\Media Player Classic
2008-06-09 23:04 . 2008-06-13 16:23 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\SolSuite
2008-06-09 23:04 . 2008-06-09 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TreeCardGames
2008-06-09 22:42 . 2008-06-09 22:46 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\123 Free Solitaire
2008-06-09 20:36 . 2008-06-27 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania
2008-06-08 22:53 . 2008-06-08 22:54 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-08 20:14 . 2008-06-14 19:52 <DIR> d-------- C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Creative
2008-06-08 10:09 . 2008-06-30 20:57 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-08 00:39 . 2008-07-01 09:10 <DIR> d-------- C:\Gry
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 18:42 --------- d-----w C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Thunderbird
2008-06-07 18:42 --------- d-----w C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Talkback
2008-06-07 18:35 --------- d-----w C:\Program Files\TVUPlayer
2008-06-07 18:35 --------- d-----w C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\TVU Networks
2008-06-07 18:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks
2008-06-07 18:03 --------- d-----w C:\Documents and Settings\Klucha & RouRo\Dane aplikacji\Media Player Classic
2008-06-07 18:00 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-07 16:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-07 16:51 --------- d-----w C:\Program Files\Usługi online
.
------- Sigcheck -------
2004-08-04 00:44 1077760 dc09c613d00baf57ef17b08b5e5eeafe C:\WINDOWS\explorer.exe
2004-08-04 00:44 1044992 6e661c521ac6854969ef18b4182324b7 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 00:44 26624 f426d7988460a27065fa88b5014e1c39 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 00:44 26624 33c4a15544df2105d2ded9126f4dd2d0 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-01_11.20.58.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 09:19:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 10:42:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 06:00:00 101,792 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 134,560 ----a-w C:\WINDOWS\fdsv.exe
- 2000-08-31 06:00:00 91,676 ----a-w C:\WINDOWS\grep.exe
+ 2000-08-31 06:00:00 189,980 ----a-w C:\WINDOWS\grep.exe
+ 2008-07-01 09:53:12 94,208 ----a-r C:\WINDOWS\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
+ 2008-07-01 09:53:12 10,134 ----a-r C:\WINDOWS\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\ARPPRODUCTICON.exe
- 2000-08-31 06:00:00 110,080 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 06:00:00 143,360 ----a-w C:\WINDOWS\sed.exe
- 2006-06-27 08:53:58 409,600 ----a-w C:\WINDOWS\stmtrace.exe
+ 2006-06-27 08:53:58 442,368 ----a-w C:\WINDOWS\stmtrace.exe
- 2000-08-31 06:00:00 206,336 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 173,568 ----a-w C:\WINDOWS\swreg.exe
- 2000-08-31 06:00:00 148,992 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 181,760 ----a-w C:\WINDOWS\swsc.exe
- 2008-07-01 09:19:42 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-01 10:42:55 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-01 09:19:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-07-01 10:42:55 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-07-01 09:19:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-01 10:42:55 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-03 22:44:28 272,896 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe
+ 2004-08-03 22:44:28 305,664 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe
- 2007-04-30 15:11:28 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-14 21:29:22 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-14 21:12:30 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX.dll
- 2007-04-30 14:30:38 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-14 21:29:58 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-14 21:10:06 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32X.dll
- 2007-04-30 15:11:22 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-14 21:28:48 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
- 2007-04-30 15:11:24 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-14 21:28:56 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
- 2007-04-30 15:11:30 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-03-14 21:21:52 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
- 2007-04-30 14:33:00 286,720 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-14 21:31:28 155,648 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 09:38:08 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX.dll
- 2007-04-30 14:33:00 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-03-14 21:31:28 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
- 2004-08-03 22:44:26 23,552 ----a-w C:\WINDOWS\system32\mstinit.exe
+ 2004-08-03 22:44:26 56,320 ----a-w C:\WINDOWS\system32\mstinit.exe
- 2000-08-31 06:00:00 79,360 ----a-w C:\WINDOWS\zip.exe
+ 2000-08-31 06:00:00 112,640 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1892F58-1116-4DEC-92AA-577872EC3D3D}]
2008-06-30 14:56 26624 --a------ C:\WINDOWS\system32\xmlsys.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 26624]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"AlcoholAutomount"="C:\Program Files\Alcohol 120\axcmd.exe" [2007-12-22 09:23 221568]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 151552]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 22:13 531912]
"mjc"="C:\Program Files\mjc\mjc.exe" [2008-06-29 18:12 156672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1638400 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2926592 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 10:48 16220672 C:\WINDOWS\RTHDCPL.exe]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 09:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 11:08 442368]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 364544]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 491520]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 26624]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\TmNationsForever\\TmForever.exe"=
"D:\\UEFA EURO 2008\\EURO08.exe"=
"D:\\Hellgate\\Launcher.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Documents and Settings\\Klucha & RouRo\\Pulpit\\RockNESX\\RockNESX.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\NFS Carbon\\NFSC.exe"=
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 12:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-07-05 13:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e674e06-4100-11dd-b52f-9f30832af39d}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5327ec27-361b-11dd-b51c-ab90cc90c12f}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2cbc2ee-3c7e-11dd-b521-8bb921db52cf}]
\Shell\Auto\command - L:\sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 13:35:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-01 13:35:58
ComboFix-quarantined-files.txt 2008-07-01 11:35:52
ComboFix2.txt 2008-07-01 09:21:53
Pre-Run: 9,058,177,024 bajtów wolnych
Post-Run: 9,046,970,368 bajtów wolnych
294
przez Magik 01 Lip 2008, 14:11
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e674e06-4100-11dd-b52f-9f30832af39d}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5327ec27-361b-11dd-b51c-ab90cc90c12f}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2cbc2ee-3c7e-11dd-b521-8bb921db52cf}]
\Shell\Auto\command - L:\sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 7 gości