Logi
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:42, on 2008-11-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\Mstray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Adparatus\Adparatus.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Documents and Settings\NoviN\Menu Start\Programy\Autostart\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adparatus - {8B2C7C9D-716D-4e9e-9358-B9C80A81B7ED} - C:\Program Files\Adparatus\Adparatus.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Duhiki - {20001E7A-823D-4E19-ADE2-D6AB53C7C81E} - C:\Program Files\Duhiki\DuhikiToolbar\Duhiki.dll
O4 - HKLM\..\Run: [DriverCD] E:\Run.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe
O4 - HKCU\..\Run: [Adparatus] "C:\Program Files\Adparatus\Adparatus.exe"
O4 - HKCU\..\Run: [DuhikiToolbarNotifier] "C:\Program Files\Duhiki\DuhikiToolbar\DuhikiToolbarNotifier.exe"
O4 - HKCU\..\Run: [GoD] "C:\Documents and Settings\NoviN\Moje dokumenty\GoD\GoD.exe" /tray
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ctfmon.exe
O4 - Startup: Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5976 bytes
- Kod: Zaznacz wszystko
ComboFix 08-11-28.03 - NoviN 2008-11-30 19:40:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1475 [GMT 1:00]
Uruchomiony z: c:\documents and settings\NoviN\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\NoviN\Menu Start\Programy\Autostart\ctfmon.exe
c:\recycled\Recycled
c:\recycled\Recycled\ctfmon.exe
D:\Autorun.inf
----- File Replicators -----
c:\documents and settings\All Users\Menu Start\Programy\MOPy Fish\MOPy Fish.exe
c:\documents and settings\NoviN\AQQWINFILE.EXE
c:\documents and settings\NoviN\GoDWINFILE.EXE
c:\documents and settings\NoviN\Pulpit\Aplikacje\Aplikacje.exe
c:\documents and settings\NoviN\Pulpit\inne\inne.exe
c:\documents and settings\NoviN\Pulpit\Mobile Files\Aplikacje\Aplikacje Java\Aplikacje Java.exe
c:\documents and settings\NoviN\Pulpit\Mobile Files\Aplikacje\Aplikacje.exe
c:\documents and settings\NoviN\Pulpit\Mobile Files\Aplikacje\Aplikacje\Aplikacje.exe
c:\documents and settings\NoviN\Pulpit\Mobile Files\Gry\Gry.exe
c:\documents and settings\NoviN\Pulpit\Mobile Files\Gry\XIII\XIII.exe
c:\documents and settings\NoviN\Pulpit\Mobile Files\Mobile Files.exe
c:\documents and settings\NoviN\Pulpit\paczkajava\Doc_Viewer\Doc_Viewer.exe
c:\documents and settings\NoviN\Pulpit\paczkajava\GSM Aplikacje\Disco Light - Latarka Disco\Disco Light - Latarka Disco.exe
c:\documents and settings\NoviN\Pulpit\paczkajava\GSM Aplikacje\Dowcipy\Dowcipy.exe
c:\documents and settings\NoviN\Pulpit\paczkajava\GSM Aplikacje\Dzienniczek ucznia\Dzienniczek ucznia.exe
c:\documents and settings\NoviN\Pulpit\paczkajava\GSM Aplikacje\GSM Aplikacje.exe
c:\documents and settings\NoviN\Pulpit\paczkajava\paczkajava.exe
c:\program files\Program Files.exe
c:\program files\Valve\Steam\SteamApps\novi00\counter-strike\counter-strike.exe
c:\program files\Valve\Steam\SteamApps\novi00\counter-strike\cstrike_polish\cstrike_polish.exe
c:\windows\Help\NLLIJ.exe .. failed to delete
C:\WINFILE.EXE
.
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-28 do 2008-11-30 )))))))))))))))))))))))))))))))
.
2008-11-26 17:02 . 2008-11-30 19:23 <DIR> d-------- C:\MOPYFISH
2008-11-26 17:02 . 2008-11-26 17:02 14,320 --a------ c:\windows\MOPYFISH.SCR
2008-11-26 17:02 . 2008-11-26 17:02 10,944 --a------ c:\windows\BYEFISH.EXE
2008-11-26 17:02 . 2008-11-28 19:13 58 --a------ c:\windows\mopyfish.ini
2008-11-25 20:34 . 2008-11-25 20:34 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-25 20:34 . 2008-11-25 20:34 1,409 --a------ c:\windows\QTFont.for
2008-11-25 20:32 . 2008-11-25 20:32 <DIR> d-------- c:\program files\Onet
2008-11-25 18:22 . 2008-11-25 18:22 697 ---hs---- C:\comment.htt
2008-11-25 18:22 . 2008-11-25 18:22 72 ---hs---- C:\desktop.ini
2008-11-15 21:44 . 2008-11-29 17:19 <DIR> d-------- c:\program files\Tlen.pl
2008-11-15 21:44 . 2008-11-28 21:19 <DIR> d-------- c:\documents and settings\NoviN\Dane aplikacji\Tlen.pl
2008-11-15 21:44 . 2008-11-15 21:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\tlen.pl
2008-11-14 21:00 . 2008-11-14 21:00 <DIR> d-------- c:\program files\Audacity
2008-11-09 22:03 . 2008-11-09 22:03 <DIR> d-------- c:\program files\Selteco
2008-11-09 20:51 . 2008-11-09 20:51 <DIR> d-------- c:\program files\Pivot Stickfigure Animator
2008-11-01 16:11 . 2008-11-01 16:11 <DIR> d-------- c:\program files\Adventure Game Studio 3.0.2 SP1
2008-10-27 13:57 . 2008-10-27 13:57 <DIR> d-------- c:\documents and settings\NoviN\Dane aplikacji\EurekaLog
2008-10-19 18:17 . 2008-10-19 18:17 <DIR> d-------- c:\documents and settings\Konto 2\Dane aplikacji\AdobeUM
2008-10-17 20:11 . 2008-11-12 18:09 <DIR> d-------- c:\program files\mIRC
2008-10-17 20:11 . 2008-11-12 18:10 <DIR> d-------- c:\documents and settings\NoviN\Dane aplikacji\mIRC
2008-10-10 13:41 . 2008-10-10 13:41 <DIR> d-------- c:\program files\MSXML 4.0
2008-10-08 12:06 . 2008-10-08 12:06 <DIR> d-------- c:\program files\Duhiki
2008-10-08 12:06 . 2008-10-08 12:06 <DIR> d-------- c:\program files\Adparatus
2008-10-08 12:05 . 2008-10-08 12:05 <DIR> d-------- c:\program files\FileSubmit
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-24 17:24 53,765 ----a-w c:\windows\Help\NLLIJ.exe
2008-11-30 18:24 --------- d-----w c:\documents and settings\NoviN\Dane aplikacji\skypePM
2008-11-30 18:24 --------- d-----w c:\documents and settings\NoviN\Dane aplikacji\Skype
2008-11-23 11:28 --------- d-----w c:\program files\Gadu-Gadu
2008-11-11 09:56 --------- d-----w c:\program files\Nowe Gadu-Gadu
2008-11-10 19:56 --------- d-----w c:\documents and settings\NoviN\Dane aplikacji\teamspeak2
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-15 18:14 --------- d-----w c:\program files\Teamspeak2_RC2
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-20 15:13 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-08-20 05:38 662,016 ----a-w c:\windows\system32\wininet.dll
2008-08-18 13:59 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-08-14 13:46 2,137,600 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:46 2,017,280 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-04-08 15:25 22,328 ----a-w c:\documents and settings\NoviN\Dane aplikacji\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-10-09 1410296]
"ares"="c:\program files\Ares\Ares.exe" [2008-02-20 963072]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-30 22058792]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2008-09-18 1674736]
"Adparatus"="c:\program files\Adparatus\Adparatus.exe" [2008-09-25 451264]
"DuhikiToolbarNotifier"="c:\program files\Duhiki\DuhikiToolbar\DuhikiToolbarNotifier.exe" [2008-09-25 156360]
"GoD"="c:\documents and settings\NoviN\Moje dokumenty\GoD\GoD.exe" [2008-10-25 2517504]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2008-11-28 5837800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\NoviN\Menu Start\Programy\Autostart\
Mopy Points Collector.lnk - c:\mopyfish\GETPOINT.EXE [2008-11-26 39612]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-18 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 00:09 486856 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskSpace]
--a------ 2008-01-19 03:29 1181696 c:\program files\DeskSpace\deskspace.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 11:04 2127296 c:\program files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu]
--a------ 2008-06-27 09:28 8798816 c:\program files\Nowe Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
--a------ 2008-03-11 12:29 5382144 c:\program files\Real Desktop\Real Desktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 22:33 36352 c:\program files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\novi00\\counter-strike\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\cs\\CS 1.5\\Instalki\\hl1110.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\novi00\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Metin2_PL\\metin2.bin"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\EE pozdro\\hl.exe"=
"c:\\Program Files\\EE pozdro\\hlds.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-DriverCD - E:\Run.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\NoviN\Dane aplikacji\Mozilla\Firefox\Profiles\808g8jju.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 19:42:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2008-11-30 19:43:50
ComboFix-quarantined-files.txt 2008-11-30 18:43:28
Przed: 136 642 215 936 bajtów wolnych
Po: 137,147,764,736 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
207 --- E O F --- 2008-11-13 14:45:59
