- Kod: Zaznacz wszystko
ComboFix 09-01-21.04 - User 2009-01-30 16:58:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2046.1494 [GMT 1:00]
Uruchomiony z: c:\documents and settings\User\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-28 do 2009-01-30 )))))))))))))))))))))))))))))))
.
2009-01-27 17:20 . 2009-01-27 17:20 864 --a------ c:\windows\wininit.ini
2009-01-27 17:08 . 2009-01-27 17:08 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-27 17:08 . 2009-01-27 17:20 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-01-25 18:28 . 2009-01-25 18:28 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\GanymedeNet
2009-01-25 18:28 . 2009-01-25 18:28 4 --a------ c:\windows\system32\proc-503976190.bin
2009-01-23 19:55 . 2009-01-23 19:57 38 --a------ c:\windows\avisplitter.INI
2009-01-23 15:43 . 2009-01-23 15:43 <DIR> d-------- c:\program files\PITy
2009-01-21 17:47 . 2009-01-21 19:24 <DIR> d-------- c:\program files\Cheat Engine
2009-01-18 03:01 . 2009-01-18 03:02 <DIR> d-------- c:\program files\uTorrent
2009-01-18 03:01 . 2009-01-23 19:35 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\uTorrent
2009-01-18 01:03 . 2009-01-18 01:04 <DIR> d-------- c:\program files\NAPI-PROJEKT
2009-01-15 16:41 . 2009-01-15 16:42 <DIR> d-------- c:\program files\mIRC
2009-01-15 16:41 . 2009-01-15 19:22 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\mIRC
2009-01-12 22:14 . 2007-10-30 10:11 729,088 -ra------ c:\windows\system32\hpowiax7.dll
2009-01-12 22:14 . 2007-10-30 10:11 581,632 -ra------ c:\windows\system32\hpotscl6.dll
2009-01-12 22:14 . 2007-10-30 10:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2009-01-12 22:14 . 2007-10-30 10:25 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-01-12 22:14 . 2007-10-30 10:11 303,104 -ra------ c:\windows\system32\hpovst15.dll
2009-01-12 22:12 . 2009-01-12 22:12 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-01-12 22:11 . 2009-01-12 22:11 <DIR> d-------- c:\program files\Common Files\HP
2009-01-12 22:07 . 2009-01-12 22:15 169,207 --a------ c:\windows\hpoins27.dat
2009-01-12 22:07 . 2008-01-18 16:56 932 --------- c:\windows\hpomdl27.dat
2009-01-12 15:29 . 2009-01-12 15:29 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\teamspeak2
2009-01-07 21:08 . 2009-01-15 21:02 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\DivX
2009-01-07 18:44 . 2009-01-07 18:44 <DIR> d-------- c:\program files\DivX
2009-01-07 18:44 . 2008-11-06 17:37 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-01-07 18:44 . 2008-11-06 17:37 118,520 --------- c:\windows\system32\pxinsi64.exe
2008-12-31 11:59 . 2008-12-31 12:12 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu
2008-12-16 17:36 . 2008-12-27 12:00 124 --a------ c:\windows\cdplayer.ini
2008-12-16 17:32 . 2008-12-16 17:32 <DIR> d-------- c:\program files\Real
2008-12-16 17:32 . 2008-12-16 17:32 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-16 17:32 . 2008-12-16 17:32 <DIR> d-------- c:\program files\Common Files\Real
2008-12-16 17:19 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2008-12-16 17:19 . 2006-04-02 13:47 630,784 --a------ c:\windows\system32\vp7vfw.dll
2008-12-16 17:19 . 2007-06-09 05:14 564,224 --a------ c:\windows\system32\x264vfw.dll
2008-12-16 17:19 . 2004-12-10 09:03 438,272 --a------ c:\windows\system32\vp6vfw.dll
2008-12-16 17:19 . 1997-04-07 18:19 391,680 --a------ c:\windows\system32\I263_32.drv
2008-12-16 17:19 . 2001-02-25 02:19 287,744 --a------ c:\windows\system32\divxa32.acm
2008-12-16 17:19 . 2006-10-18 19:05 232,448 --a------ c:\windows\system32\mp3fhg.acm
2008-12-16 17:19 . 1998-11-18 14:33 144,384 --a------ c:\windows\system32\Iacenc.dll
2008-12-16 17:19 . 2004-05-18 19:16 39,936 --a------ c:\windows\system32\huffyuv.dll
2008-12-16 17:17 . 2009-01-23 15:37 69 --a------ c:\windows\NeroDigital.ini
2008-12-16 17:16 . 2008-12-16 17:16 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\Media Player Classic
2008-12-15 15:21 . 2009-01-10 16:53 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-12-15 15:21 . 2008-12-15 23:02 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-12-15 15:20 . 2008-12-15 15:20 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-15 15:20 . 2008-12-15 15:20 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\Leadertech
2008-12-15 15:20 . 2009-01-10 16:53 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2008-12-14 22:22 . 2008-12-14 22:22 <DIR> d-------- C:\My Downloads
2008-12-14 11:26 . 2008-12-14 11:28 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-14 11:25 . 2008-12-14 11:25 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\DAEMON Tools
2008-12-14 11:25 . 2008-12-14 11:25 716,272 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-11 22:36 . 2006-05-19 13:32 77,772 -ra------ c:\windows\system32\drivers\ROCKUSB.sys
2008-12-11 16:39 . 2008-12-11 16:39 <DIR> d-------- c:\program files\Consumer Update Firmware
2008-12-11 16:15 . 2008-12-11 16:15 <DIR> d-------- c:\program files\Intel Desktop Board
2008-12-11 15:38 . 2008-12-11 15:38 <DIR> d-------- c:\program files\AVIConverter
2008-12-11 01:33 . 2008-12-11 01:33 200,704 --a------ c:\windows\system32\dtu100.dll
2008-12-11 01:33 . 2008-12-11 01:33 86,016 --a------ c:\windows\system32\dpl100.dll
2008-12-09 21:43 . 2008-12-09 21:43 <DIR> d-------- c:\program files\AMD
2008-12-09 21:43 . 2007-06-29 14:47 34,304 --a------ c:\windows\system32\drivers\AmdLLD.sys
2008-12-09 03:28 . 2008-12-09 03:28 593,920 --a------ c:\windows\system32\dpuGUI11.dll
2008-12-09 03:28 . 2008-12-09 03:28 344,064 --a------ c:\windows\system32\dpus11.dll
2008-12-09 03:28 . 2008-12-09 03:28 294,912 --a------ c:\windows\system32\dpu11.dll
2008-12-09 03:28 . 2008-12-09 03:28 57,344 --a------ c:\windows\system32\dpv11.dll
2008-12-07 13:00 . 2008-12-07 13:00 <DIR> d-------- c:\program files\A4Tech
2008-12-06 20:50 . 2008-12-06 20:51 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\Ventrilo
2008-12-06 20:48 . 2008-12-06 20:48 <DIR> d-------- c:\program files\VentriloMIX
2008-12-05 23:40 . 2008-07-18 15:23 732,888 -ra------ c:\windows\system32\drivers\cfosspeed.sys
2008-12-05 23:39 . 2009-01-30 16:58 <DIR> d-------- c:\program files\cFosSpeed
2008-12-05 23:39 . 2008-07-18 15:23 290,008 --a------ c:\windows\system32\cfosspeed.dll
2008-12-05 23:18 . 2008-12-05 23:18 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-05 22:17 . 2008-12-05 22:17 <DIR> d-------- c:\program files\FileSubmit
2008-12-05 16:20 . 2008-12-05 16:20 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\MfcEmbed
2008-12-05 16:07 . 2008-12-05 16:07 <DIR> d-------- c:\windows\system32\oobe
2008-12-05 16:05 . 2008-12-05 16:05 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-05 16:00 . 2006-12-29 16:02 67,866 --------- c:\windows\system32\drivers\netwlan5.img
2008-12-05 15:59 . 2006-12-29 16:21 64,352 --------- c:\windows\system32\drivers\ativmc20.cod
2008-12-05 15:59 . 2008-06-16 16:28 19,569 --a------ c:\windows\[u]0[/u]01667_.tmp
2008-12-03 22:39 . 2009-01-27 16:05 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\OpenOfficeT72
2008-12-03 16:11 . 2008-12-03 16:11 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\Ahead
2008-12-03 15:29 . 2008-12-03 15:29 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\LightScribe
2008-12-01 22:11 . 2008-12-01 22:11 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-01 21:38 . 2007-04-02 07:37 546,304 --------- c:\windows\system32\dllcache\hhctrl.ocx
2008-12-01 21:38 . 2008-06-14 19:01 273,024 --a------ c:\windows\system32\drivers\bthport.sys
2008-12-01 21:38 . 2008-06-14 19:01 273,024 --------- c:\windows\system32\dllcache\bthport.sys
2008-12-01 21:34 . 2008-09-04 17:46 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-12-01 21:30 . 2009-01-11 18:05 <DIR> d---s---- c:\program files\HLSW
2008-12-01 21:02 . 2008-12-01 21:02 <DIR> d-------- c:\windows\Sun
2008-12-01 19:27 . 2008-12-01 19:27 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\HP
2008-12-01 19:26 . 2009-01-24 20:30 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\HPAppData
2008-12-01 19:25 . 2008-12-01 19:25 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\WEBREG
2008-12-01 19:24 . 2008-12-01 19:24 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2008-12-01 19:24 . 2007-11-08 15:52 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-12-01 19:24 . 2007-10-20 18:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-12-01 19:24 . 2007-10-30 10:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-12-01 19:24 . 2007-10-30 10:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-12-01 19:24 . 2007-10-30 10:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-01 19:23 . 2008-04-13 20:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-01 19:20 . 2008-12-01 19:20 0 --a------ c:\windows\system32\YiYi
2008-12-01 19:19 . 2008-12-01 19:19 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-12-01 19:19 . 2009-01-12 22:12 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP
2008-12-01 19:17 . 2008-12-01 19:19 <DIR> d-------- c:\program files\HP
2008-12-01 19:17 . 2008-04-13 20:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-01 16:29 . 2008-12-01 16:29 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-01 16:29 . 2008-12-01 16:29 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-01 16:18 . 2008-12-01 16:18 <DIR> d-------- c:\program files\IrfanView
2008-12-01 16:03 . 2008-12-01 16:03 <DIR> d-------- c:\windows\system32\Lang
2008-12-01 16:03 . 2008-12-01 16:03 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2008-12-01 16:03 . 2008-12-01 16:03 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2008-12-01 16:02 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2008-12-01 16:02 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-01 16:00 . 2008-12-01 16:00 <DIR> d-------- c:\program files\ESET
2008-12-01 16:00 . 2008-12-01 16:00 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET
2008-12-01 15:33 . 2008-04-13 20:47 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
2008-12-01 15:33 . 2008-04-13 20:15 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2008-12-01 15:33 . 2008-04-13 20:15 6,272 --a------ c:\windows\system32\drivers\splitter.sys
2008-12-01 15:31 . 2008-04-13 20:15 60,160 --a------ c:\windows\system32\drivers\drmk.sys
2008-12-01 15:30 . 2008-12-01 15:30 <DIR> d-------- C:\SWSetup
2008-12-01 15:30 . 2008-12-01 15:30 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-01 15:30 . 2005-02-25 04:36 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-12-01 14:58 . 2008-12-01 14:58 <DIR> d-------- c:\documents and settings\User\Dane aplikacji\gtk-2.0
2008-12-01 14:57 . 2008-12-01 14:57 <DIR> d-------- c:\documents and settings\User\.thumbnails
2008-12-01 14:56 . 2009-01-25 19:10 <DIR> d-------- c:\documents and settings\User\.gimp-2.4
2008-12-01 14:55 . 2006-05-15 14:35 61,600 -ra------ c:\windows\system32\drivers\SE27bus.sys
2008-12-01 14:55 . 2008-04-13 22:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 15:48 --------- d-----w c:\program files\AutoConnect
2009-01-27 16:18 --------- d-----w c:\program files\Neostrada TP
2009-01-23 14:28 15,600 ----a-w c:\windows\gdrv.sys
2009-01-22 18:33 --------- d-----w c:\program files\Gadu-Gadu
2009-01-16 19:45 --------- d-----w c:\documents and settings\User\Dane aplikacji\Skype
2008-12-16 16:32 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-12-16 16:32 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-16 16:19 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-01 15:29 --------- d-----w c:\program files\Java
2008-12-01 14:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 22:28 --------- d-----w c:\program files\Common Files\LightScribe
2008-11-30 22:27 --------- d-----w c:\program files\Common Files\Ahead
2008-11-30 22:27 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ahead
2008-11-30 22:25 --------- d-----w c:\program files\Nero
2008-11-30 22:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero
2008-11-30 22:22 --------- d-----w c:\program files\VDOTool
2008-11-30 21:51 315,392 ----a-w c:\windows\HideWin.exe
2008-11-30 21:51 --------- d-----w c:\program files\DIFX
2008-11-30 21:46 --------- d-----w c:\documents and settings\User\Dane aplikacji\InstallShield
2008-11-30 21:42 --------- d-----w c:\program files\Common Files\snpstd
2008-11-30 21:32 --------- d-----w c:\program files\GIMP-2.0
2008-11-30 21:29 --------- d-----w c:\program files\Skype
2008-11-30 21:29 --------- d-----w c:\program files\Common Files\Skype
2008-11-30 21:29 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2008-11-30 21:28 --------- d-----w c:\program files\OpenOfficeT7 2.3.1
2008-11-30 21:26 --------- d-----w c:\documents and settings\User\Dane aplikacji\Winamp
2008-11-30 21:17 --------- d-----w c:\program files\Thomson
2008-11-30 21:17 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-30 21:10 --------- d-----w c:\documents and settings\User\Dane aplikacji\Gadu-Gadu
2008-11-30 21:08 --------- d-----w c:\program files\Winamp
2008-11-30 21:01 --------- d-----w c:\program files\Usługi online
2008-11-30 21:00 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-06 16:37 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-06 16:37 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-11-06 16:33 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-11-06 16:33 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-11-06 16:33 684,032 ----a-w c:\windows\system32\DivX.dll
2008-11-06 16:33 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 17:26 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-07-19 02:28 113,664 ----a-w c:\windows\inf\hdaudio.sys
.
------- Sigcheck -------
2007-07-11 08:06 642560 ce594e18fe0d0af804f1f3694921ce62 c:\windows\$NtServicePackUninstall$\user32.dll
2007-07-11 08:06 642560 ce594e18fe0d0af804f1f3694921ce62 c:\windows\system32\user32.dll
2008-06-16 16:28 361344 030dc4d48cc2b894fee2f390d8e66ad5 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-06-16 16:28 361344 030dc4d48cc2b894fee2f390d8e66ad5 c:\windows\system32\drivers\tcpip.sys
2008-06-16 16:28 549888 335813eacd16e84f3047a3326f6e5473 c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-06-16 16:28 549888 335813eacd16e84f3047a3326f6e5473 c:\windows\system32\winlogon.exe
2008-07-19 03:33 2032128 2bc05e243b86aa8e569ee3c5d8b3c424 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-07-19 03:33 2032128 2bc05e243b86aa8e569ee3c5d8b3c424 c:\windows\system32\ntkrnlpa.exe
2008-07-07 12:44 2153472 04404b7f25984558ad3390bf84c4eb95 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-07-07 12:44 2153472 04404b7f25984558ad3390bf84c4eb95 c:\windows\system32\ntoskrnl.exe
2008-06-27 18:36 1424896 4ec7ed41d95d18b3cd1a2bd9dfefb591 c:\windows\explorer.exe
2008-06-27 18:36 1424896 4ec7ed41d95d18b3cd1a2bd9dfefb591 c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-03 310784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-16 185872]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]
c:\documents and settings\User\Menu Start\Programy\Autostart\
cFos Speed Updater.exe [2008-10-13 30508]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^cFos Speed Updater.exe]
path=c:\documents and settings\User\Menu Start\Programy\Autostart\cFos Speed Updater.exe
backup=c:\windows\pss\cFos Speed Updater.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^OpenOfficeT7 2.3.1.lnk]
path=c:\documents and settings\User\Menu Start\Programy\Autostart\OpenOfficeT7 2.3.1.lnk
backup=c:\windows\pss\OpenOfficeT7 2.3.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]
-ra------ 2008-07-18 15:23 867544 c:\program files\cFosSpeed\cfosspeed.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 00:09 486856 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 11:54 2131392 c:\program files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
--a------ 2007-11-01 13:25 2165272 c:\program files\VDOTool\TBPANEL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-10-14 21:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 16:31 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 15:55 1057328 c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-08-23 17:36 455968 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 15:55 1628208 c:\program files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2009-01-11 17:13 1410296 d:\valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-01 16:29 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
--a------ 2006-02-17 10:14 163840 c:\program files\A4Tech\Mouse\Amoumain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\Sierra\\Half-Life\\hl.exe"=
"d:\\FIFA 08\\FIFA08.exe"=
"d:\\Valve\\Steam\\SteamApps\\miszcz358\\counter-strike\\hl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2008-06-16 25600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/pl/
TCP: {FD2DC150-EA86-4D78-9FAA-56DC57018F8E} = 194.204.159.1 217.98.63.164
FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\1xnvcip9.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 16:58:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\scecli.dll
.
Czas ukończenia: 2009-01-30 16:59:17
ComboFix-quarantined-files.txt 2009-01-30 15:59:15
Przed: 34 213 908 480 bajtów wolnych
Po: 34,231,472,128 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
358 --- E O F --- 2008-12-01 21:14:01
Proszę mi jakoś pomóc... bo mnie to naprawdę już dobija... ;/
