- Kod: Zaznacz wszystko
ComboFix 08-07-01.3 - kapi 2008-07-02 17:30:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.467 [GMT 2:00]
Running from: C:\Documents and Settings\kapi\Pulpit\pobrane\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\oggview.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.
2008-07-02 08:56 . 2008-07-02 08:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-29 20:01 . 2008-06-29 20:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-29 20:01 . 2008-06-29 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-06-29 18:59 . 2008-06-29 18:59 26,624 --a------ C:\WINDOWS\system32\xmlview.dll
2008-06-28 22:40 . 2008-06-28 22:40 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\BlackBean
2008-06-28 22:39 . 2008-06-28 22:39 <DIR> d-------- C:\WINDOWS\Logs
2008-06-28 12:04 . 2008-06-28 12:04 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-28 11:48 . 2008-06-28 11:49 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-28 11:47 . 2008-06-28 11:47 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\DAEMON Tools
2008-06-28 11:47 . 2008-06-28 11:47 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-28 11:41 . 2008-06-28 11:41 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-06-27 21:15 . 2007-02-09 16:34 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2008-06-27 20:33 . 2008-06-27 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-06-27 20:33 . 2007-02-09 16:34 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-06-27 20:32 . 2007-02-09 16:34 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2008-06-27 20:30 . 2008-06-27 21:15 <DIR> d-------- C:\Program Files\CyberLink
2008-06-27 20:28 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2008-06-27 20:28 . 2007-05-16 15:01 13,568 -ra------ C:\WINDOWS\system32\drivers\u3khrc.sys
2008-06-27 20:27 . 2007-07-31 06:18 1,719,808 -ra------ C:\WINDOWS\system32\drivers\u3kh.sys
2008-06-27 20:27 . 2005-03-25 23:49 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2008-06-27 20:27 . 2007-03-13 17:40 147,844 -ra------ C:\WINDOWS\system32\u3khcp.ax
2008-06-27 20:27 . 2004-08-04 00:44 56,832 --a------ C:\WINDOWS\system32\MSDvbNP.ax
2008-06-27 20:27 . 2004-08-04 00:44 33,280 --a------ C:\WINDOWS\system32\PsisRndr.ax
2008-06-27 20:27 . 2004-08-04 00:44 18,432 --a------ C:\WINDOWS\system32\BdaPlgIn.ax
2008-06-27 20:27 . 2004-08-03 23:10 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2008-06-26 22:31 . 2008-06-26 22:31 <DIR> d-------- C:\Program Files\G DATA Software
2008-06-26 22:31 . 1999-07-07 21:01 171,967 --a------ C:\WINDOWS\system32\Odbcjet.hlp
2008-06-26 22:31 . 1999-07-07 21:02 7,348 --a------ C:\WINDOWS\system32\Odbcjet.cnt
2008-06-26 12:57 . 2008-06-26 12:57 <DIR> d-------- C:\Program Files\SiSoftware
2008-06-26 10:06 . 2008-06-26 10:06 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\Apple Computer
2008-06-25 22:09 . 2008-06-25 22:09 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\HP
2008-06-25 21:28 . 2008-06-29 10:55 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\GanymedeNet
2008-06-25 21:25 . 2008-06-27 00:04 <DIR> d-------- C:\Program Files\Ganymede
2008-06-24 22:10 . 2008-06-24 22:11 <DIR> d-------- C:\Program Files\QuickTime
2008-06-24 22:10 . 2008-06-24 22:10 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-24 22:10 . 2008-06-24 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-24 22:10 . 2008-06-24 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-06-24 16:24 . 2006-05-15 15:59 90,768 -ra------ C:\WINDOWS\system32\drivers\se26unic.sys
2008-06-24 16:24 . 2006-05-15 15:59 88,688 -ra------ C:\WINDOWS\system32\drivers\SE26mgmt.sys
2008-06-24 16:24 . 2006-05-15 15:59 86,560 -ra------ C:\WINDOWS\system32\drivers\SE26obex.sys
2008-06-24 16:24 . 2006-05-15 15:59 18,704 -ra------ C:\WINDOWS\system32\drivers\se26nd5.sys
2008-06-24 16:24 . 2006-05-15 15:59 4,128 -ra------ C:\WINDOWS\system32\drivers\se26cr.sys
2008-06-24 16:23 . 2006-05-15 15:59 97,184 -ra------ C:\WINDOWS\system32\drivers\SE26mdm.sys
2008-06-24 16:23 . 2006-05-15 15:59 61,600 -ra------ C:\WINDOWS\system32\drivers\SE26bus.sys
2008-06-24 16:23 . 2006-05-15 15:59 9,360 -ra------ C:\WINDOWS\system32\drivers\SE26mdfl.sys
2008-06-24 16:23 . 2006-05-15 15:59 6,240 -ra------ C:\WINDOWS\system32\drivers\SE26cmnt.sys
2008-06-24 16:23 . 2006-05-15 15:59 6,240 -ra------ C:\WINDOWS\system32\drivers\SE26cm.sys
2008-06-24 16:23 . 2006-05-15 15:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE26whnt.sys
2008-06-24 16:23 . 2006-05-15 15:59 5,872 -ra------ C:\WINDOWS\system32\drivers\se26wh.sys
2008-06-24 13:56 . 2008-06-24 13:56 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\Teleca
2008-06-24 13:56 . 2008-06-24 13:56 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\Sony Ericsson
2008-06-24 13:48 . 2008-06-24 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-06-24 12:01 . 2008-06-24 12:01 <DIR> d-------- C:\Program Files\MyPhoneExplorer
2008-06-24 12:01 . 2008-06-24 16:25 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\MyPhoneExplorer
2008-06-24 11:22 . 2008-06-24 11:22 <DIR> d-------- C:\Program Files\IVT Corporation
2008-06-24 11:22 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2008-06-24 11:04 . 2008-06-25 09:17 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\skypePM
2008-06-24 11:04 . 2008-06-24 11:04 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-24 11:03 . 2008-06-24 11:03 <DIR> d-------- C:\Program Files\Skype
2008-06-24 11:03 . 2008-06-24 11:03 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-24 11:03 . 2008-06-25 09:19 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\Skype
2008-06-24 11:03 . 2008-06-24 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-06-23 10:55 . 2008-06-22 20:33 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-06-23 10:55 . 2008-06-22 20:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-23 10:55 . 2008-06-22 20:33 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-20 23:40 . 2008-06-20 23:41 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-20 23:39 . 2008-06-20 23:39 <DIR> d-------- C:\WINDOWS\Cache
2008-06-18 19:51 . 2008-06-18 19:53 <DIR> d-------- C:\Program Files\Total Video Converter
2008-06-18 19:51 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-06-17 15:37 . 2008-06-17 15:37 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-06-17 15:31 . 2008-07-02 17:32 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\Azureus
2008-06-17 15:31 . 2008-06-17 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2008-06-17 15:18 . 2008-06-17 15:18 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-06-17 15:18 . 2008-06-17 15:18 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-06-17 15:18 . 2008-06-17 15:18 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-06-17 12:49 . 2008-06-21 15:22 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\iMesh
2008-06-17 12:49 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-06-17 12:48 . 2008-06-17 12:48 <DIR> d-------- C:\Program Files\iMesh Applications
2008-06-16 18:02 . 2008-06-16 18:02 <DIR> d-------- C:\Program Files\Peer2Mail
2008-06-16 17:08 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 17:07 . 2008-06-16 17:07 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-16 17:03 . 2008-06-16 17:03 <DIR> d-------- C:\WINDOWS\Sun
2008-06-16 16:57 . 2008-06-16 16:57 <DIR> d-------- C:\Program Files\Onet
2008-06-16 16:57 . 2008-06-16 16:57 <DIR> d-------- C:\Program Files\Common Files\Onet.pl
2008-06-16 16:57 . 2008-06-16 16:57 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\Kamerzysta
2008-06-16 16:57 . 2008-06-16 16:57 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\Czat
2008-06-16 16:57 . 2008-06-16 16:57 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\AutoUpdate
2008-06-15 22:53 . 2008-06-15 22:53 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-15 20:08 . 2008-06-15 20:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-15 19:34 . 2008-06-15 19:34 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-15 19:34 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-06-15 19:34 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-06-15 17:04 . 2008-06-15 17:04 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-15 17:04 . 2008-06-15 17:04 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-15 17:04 . 2007-10-25 18:44 8,488,960 --------- C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-15 17:01 . 2007-07-09 15:20 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-15 17:00 . 2008-05-08 14:14 203,008 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-15 16:59 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-15 16:59 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-15 16:57 . 2008-06-15 16:57 <DIR> d-------- C:\Program Files\AskSBar
2008-06-15 16:56 . 2008-07-02 11:59 <DIR> d-------- C:\Program Files\Azureus
2008-06-15 16:48 . 2008-06-15 16:48 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\Media Player Classic
2008-06-15 16:48 . 2008-06-28 09:11 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-15 14:20 . 2008-06-15 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-06-15 14:19 . 2008-06-15 14:19 <DIR> d-------- C:\Documents and Settings\kapi\Dane aplikacji\InstallShield
2008-06-15 14:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-15 14:18 . 2008-06-15 14:18 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-06-15 14:18 . 2008-06-15 14:18 0 ---hs---- C:\WINDOWS\S32E9F688.tmp
2008-06-15 14:13 . 2008-06-15 14:13 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-15 12:54 . 2008-06-15 12:54 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-15 12:31 . 2008-06-15 12:31 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-06-15 12:31 . 2008-06-28 22:57 <DIR> d-------- C:\Documents and Settings\kapi\Gadu-Gadu
2008-06-15 12:12 . 2008-06-15 12:12 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-15 12:12 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-15 12:11 . 2008-06-15 12:11 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-15 12:07 . 2008-06-15 12:07 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-15 12:00 . 2008-06-15 12:00 <DIR> d-------- C:\Program Files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 14:43 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-07-02 07:40 --------- d-----w C:\Program Files\Kalendarz XP
2008-06-29 18:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 09:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 18:28 --------- d-----w C:\Program Files\ASUS
2008-06-25 20:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-06-23 08:42 --------- d-----w C:\Program Files\Java
2008-06-17 15:11 --------- d-----w C:\Documents and Settings\kapi\Dane aplikacji\Ahead
2008-06-16 16:20 --------- d-----w C:\Program Files\My Company Name
2008-06-16 15:27 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-15 12:15 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-06-15 12:15 --------- d-----w C:\Documents and Settings\kapi\Dane aplikacji\DAEMON Tools Pro
2008-06-15 11:27 307,968 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-15 11:27 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-06-15 11:27 --------- d-----w C:\Documents and Settings\kapi\Dane aplikacji\TuneUp Software
2008-06-15 11:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
2008-06-15 11:23 --------- d-----w C:\Documents and Settings\kapi\Dane aplikacji\vlc
2008-06-15 11:22 --------- d-----w C:\Program Files\VideoLAN
2008-06-15 11:22 --------- d-----w C:\Program Files\Real Alternative
2008-06-15 11:21 --------- d-----w C:\Program Files\SubEdit-Player
2008-06-15 11:20 --------- d-----w C:\Documents and Settings\kapi\Dane aplikacji\Gadu-Gadu
2008-06-15 11:13 --------- d-----w C:\Documents and Settings\kapi\Dane aplikacji\Ubisoft
2008-06-15 11:13 --------- d-----w C:\Documents and Settings\kapi\Dane aplikacji\THQ
2008-06-15 11:13 --------- d-----w C:\Documents and Settings\kapi\Dane aplikacji\Joost
2008-06-15 11:09 --------- d-----w C:\Program Files\Sun
2008-06-15 09:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WEBREG
2008-06-15 09:58 --------- d-----w C:\Documents and Settings\kapi\Dane aplikacji\Winamp
2008-06-15 09:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
2008-06-15 09:53 --------- d-----w C:\Program Files\Winamp
2008-06-15 09:52 --------- d-----w C:\Program Files\HP
2008-06-15 09:52 --------- d-----w C:\Documents and Settings\kapi\Dane aplikacji\HPAppData
2008-06-15 09:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY
2008-06-15 09:51 --------- d-----w C:\Program Files\Common Files\HP
2008-06-15 09:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant
2008-06-15 09:50 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-15 09:50 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-06-15 09:47 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-06-15 09:45 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-15 09:41 --------- d-----w C:\Program Files\Nero
2008-06-15 09:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-06-15 09:38 --------- d-----w C:\Program Files\Multimedia Keyboard Driver
2008-06-15 09:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-15 09:27 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-06-15 09:27 --------- d-----w C:\Program Files\AvRack
2008-06-15 09:27 --------- d-----w C:\Program Files\AMD
2008-06-15 09:18 --------- d-----w C:\Program Files\Usługi online
2008-06-15 09:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-30 14:05 73,728 ----a-w C:\WINDOWS\system32\ElbyVCD.dll
2008-05-30 13:22 25,344 ----a-w C:\WINDOWS\system32\drivers\VClone.sys
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:03 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:03 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-22 08:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 08:02 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 08:02 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
------- Sigcheck -------
2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-15 16:57 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:57 1289000]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-01-17 07:43 84480]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 10:03 380928]
"WireLessKeyboard"="C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe" [2005-11-30 12:48 94208]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 17:01 135168]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-06-24 11:22:56 1183744]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-06-15 11:59:39 882176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\RpcSandraSrv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2007-10-17 20:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:44]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 10:03]
R3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 14:55]
R3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 03:08]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10:03]
S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-15 13:27]
S3 u3kh;ASUS My Cinema U3000 Hybrid;C:\WINDOWS\system32\DRIVERS\u3kh.sys [2007-07-31 06:18]
S3 u3khrc;ASUS Infrared Receiver;C:\WINDOWS\system32\DRIVERS\u3khrc.sys [2007-05-16 15:01]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-02 15:00:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-26 17:03:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 17:32:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-02 17:33:27
ComboFix-quarantined-files.txt 2008-07-02 15:33:23
Pre-Run: 2,625,679,360 bajtów wolnych
Post-Run: 2,640,764,928 bajtów wolnych
314 --- E O F --- 2008-06-22 08:08:24
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:34, on 2008-07-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 10032 bytes
Stronki internetowe z reklamami same się otwierają
pochwałka dla ciebie 
daje jeszcze loga z FixIEDef