Log z ComboFix:
- Kod: Zaznacz wszystko
ComboFix 08-09-16.05 - Bartek 2008-09-18 20:19:07.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1586 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Bartek\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\aaadcb_z.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_POWERMANAGER
((((((((((((((((((((((((( Pliki utworzone od 2008-08-18 do 2008-09-18 )))))))))))))))))))))))))))))))
.
2008-09-18 20:02 . 2008-09-18 20:11 <DIR> d-------- C:\SDFix
2008-09-18 19:12 . 2008-09-18 19:12 <DIR> d-------- C:\SOPHTEMP
2008-09-18 18:08 . 2008-09-18 18:28 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-18 18:08 . 2008-09-18 18:28 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-18 18:07 . 2008-09-18 18:07 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-09-18 18:07 . 2008-09-18 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-09-18 18:07 . 2008-09-18 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-18 18:07 . 2008-09-18 20:22 1,756,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-18 18:07 . 2008-09-18 20:22 475,168 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-18 18:07 . 2008-09-18 20:22 15,848 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-18 18:07 . 2008-09-18 20:22 3,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-17 19:49 . 2008-09-18 18:26 <DIR> d-------- C:\Program Files\jv16 PowerTools 2008
2008-09-17 19:49 . 2008-09-17 19:49 23 --a------ C:\WINDOWS\system32\faffe0_z.ocx
2008-09-17 19:43 . 2008-09-18 18:26 <DIR> d-------- C:\Program Files\jv16 PowerTools
2008-09-16 15:24 . 2008-09-16 15:24 <DIR> d-------- C:\Program Files\DownloadToolz
2008-09-14 22:15 . 2008-09-14 22:15 38 --a------ C:\WINDOWS\avisplitter.INI
2008-09-13 23:02 . 2008-09-13 23:02 <DIR> d-------- C:\!KillBox
2008-09-10 18:58 . 2008-09-10 18:58 <DIR> d-------- C:\WINDOWS\File & Folder List Maker
2008-09-10 18:58 . 2008-09-10 18:58 <DIR> d-------- C:\Program Files\File & Folder List Maker
2008-09-10 18:54 . 2008-09-10 18:54 <DIR> d-------- C:\Program Files\MakeitOne
2008-09-10 18:54 . 2008-09-10 18:54 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\MakeitOne
2008-09-10 18:54 . 2008-09-18 19:00 131,584 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-09-10 18:54 . 2008-09-10 18:54 28,898 --a------ C:\WINDOWS\system32\SpoonUninstall-MakeitOne MP3 Album Maker.bmp
2008-09-10 18:54 . 2008-09-10 18:54 664 --a------ C:\WINDOWS\system32\SpoonUninstall-MakeitOne MP3 Album Maker.dat
2008-09-10 18:48 . 2008-09-10 18:48 <DIR> d-------- C:\Program Files\MP3Detective
2008-09-10 18:48 . 2008-09-10 18:48 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\Chequers Software
2008-09-10 18:46 . 2008-09-10 18:46 <DIR> d-------- C:\Program Files\Docket
2008-09-10 18:37 . 2001-08-23 14:00 2,758 --a------ C:\WINDOWS\system32\Msml32.ocx
2008-09-08 19:32 . 2008-09-08 19:32 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\gnupg
2008-09-08 14:52 . 2008-09-08 14:52 <DIR> d-------- C:\Program Files\DVD Audio Extractor
2008-09-08 02:13 . 2008-09-08 02:13 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys
2008-09-08 02:13 . 2008-09-08 02:13 304,528 --a------ C:\WINDOWS\system32\appdrvrem01.exe
2008-09-08 00:15 . 2008-09-08 00:15 <DIR> d-------- C:\Documents and Settings\All Users\documents
2008-09-07 23:00 . 2008-09-08 13:58 <DIR> d-------- C:\Program Files\FairUse Wizard 2
2008-09-07 22:26 . 2008-09-07 22:28 <DIR> d-------- C:\Program Files\dvdmb
2008-09-07 22:26 . 2008-09-07 22:28 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\fltk.org
2008-09-07 22:26 . 2001-03-28 15:38 69,632 --a------ C:\WINDOWS\system32\GkSui18.EXE
2008-09-07 19:06 . 2008-09-07 19:06 <DIR> d-------- C:\Program Files\Collectorz.com
2008-09-07 13:26 . 2008-09-07 13:29 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\SPORE
2008-09-07 00:21 . 2008-09-07 00:43 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\FileOpen
2008-09-07 00:21 . 2008-09-07 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FileOpen
2008-09-07 00:15 . 2008-09-07 00:15 <DIR> d-------- C:\Program Files\FileOpen
2008-09-06 22:50 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-09-06 22:50 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-06 22:50 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-09-06 22:50 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-09-06 22:50 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-09-06 22:50 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-06 22:50 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-06 22:49 . 2008-09-06 22:49 <DIR> d-------- C:\WINDOWS\Logs
2008-09-02 20:48 . 2008-09-02 20:48 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-09-02 20:47 . 2008-09-02 20:47 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-08-31 14:26 . 2008-08-31 14:27 <DIR> d-------- C:\Program Files\The GodFather
2008-08-31 14:07 . 2008-08-31 14:07 <DIR> d-------- C:\Program Files\Audio Manager 3
2008-08-29 19:10 . 2008-08-29 19:11 <DIR> d-------- C:\Program Files\nbpro
2008-08-29 19:10 . 2008-08-29 19:10 12,499 --a------ C:\WINDOWS\system32\Seagate.bin
2008-08-29 19:10 . 2008-08-29 19:10 2,368 --a------ C:\WINDOWS\system32\SVKP.sys
2008-08-29 01:37 . 2008-09-08 14:02 <DIR> d-------- C:\Program Files\Halite
2008-08-28 22:11 . 2008-09-18 13:16 <DIR> d-------- C:\Program Files\Music NFO Builder
2008-08-24 13:56 . 2008-08-24 13:56 <DIR> d-------- C:\Program Files\BearShare Applications
2008-08-24 13:56 . 2008-08-26 16:43 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\BearShare
2008-08-24 13:56 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-08-24 13:12 . 2008-05-31 01:22 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-08-24 13:12 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-24 13:12 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-21 22:31 . 2008-08-21 22:31 <DIR> d-------- C:\Program Files\Sigma Production Inc
2008-08-21 13:14 . 2008-09-18 20:21 <DIR> d--h----- C:\Documents and Settings\Administrator.KOMPUTER_XP\Ustawienia lokalne
2008-08-21 13:14 . 2008-01-22 14:21 <DIR> d-------- C:\Documents and Settings\Administrator.KOMPUTER_XP\Ulubione
2008-08-21 13:14 . 2008-01-22 13:25 <DIR> d--h----- C:\Documents and Settings\Administrator.KOMPUTER_XP\Szablony
2008-08-21 13:14 . 2008-01-22 14:21 <DIR> d-------- C:\Documents and Settings\Administrator.KOMPUTER_XP\Pulpit
2008-08-21 13:14 . 2008-01-22 14:21 <DIR> d-------- C:\Documents and Settings\Administrator.KOMPUTER_XP\Moje dokumenty
2008-08-21 13:14 . 2008-01-22 14:21 <DIR> dr------- C:\Documents and Settings\Administrator.KOMPUTER_XP\Menu Start
2008-08-21 13:14 . 2008-01-22 14:21 <DIR> dr-h----- C:\Documents and Settings\Administrator.KOMPUTER_XP\Dane aplikacji
2008-08-21 13:14 . 2008-08-21 13:14 <DIR> d-------- C:\Documents and Settings\Administrator.KOMPUTER_XP
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 17:00 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2008-09-18 17:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2008-09-18 17:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2008-09-18 17:00 356,352 ----a-w C:\WINDOWS\system32\nvuninst.exe
2008-09-18 17:00 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2008-09-18 17:00 319,488 ----a-w C:\WINDOWS\system32\AegisI5.exe
2008-09-18 17:00 249,856 ----a-w C:\WINDOWS\system32\drmupgds.exe
2008-09-18 17:00 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-09-18 17:00 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2008-09-18 17:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2008-09-18 17:00 146,432 ----a-w C:\WINDOWS\system32\wudfhost.exe
2008-09-18 17:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2008-09-18 16:45 1,191,936 ------r C:\WINDOWS\RtlUpd.exe
2008-09-18 16:44 729,088 ----a-w C:\WINDOWS\iun6002.exe
2008-09-18 16:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-18 16:44 2,165,760 ------r C:\WINDOWS\MicCal.exe
2008-09-18 16:15 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-18 16:13 --------- d-----w C:\Program Files\Aegisub
2008-09-18 16:13 --------- d-----r C:\Program Files\SubEdit-Player
2008-09-18 16:04 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\foobar2000
2008-09-18 12:17 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\uTorrent
2008-09-18 12:03 --------- d-----w C:\Program Files\English Translator 3
2008-09-17 18:41 --------- d-----w C:\Program Files\Winamp
2008-09-17 18:41 --------- d-----w C:\Program Files\BitComet
2008-09-17 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 18:13 --------- d-----w C:\Program Files\Prime95
2008-09-17 18:11 --------- d-----w C:\Program Files\BitLord2
2008-09-14 20:54 --------- d-----w C:\Program Files\FlashGet
2008-09-10 15:46 --------- d-----w C:\Program Files\Easy CD-DA Extractor 6
2008-09-07 21:24 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\dvdcss
2008-09-06 20:53 279,712 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-09-06 20:53 25,888 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-09-05 17:11 --------- d-----w C:\Program Files\mIRC
2008-08-30 14:01 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Vso
2008-08-27 09:59 --------- d-----w C:\Program Files\Gadu-Gadu
2008-08-24 11:13 --------- d-----r C:\Program Files\K-Lite Codec Pack
2008-08-24 11:12 --------- d-----w C:\Program Files\DivX
2008-08-21 14:45 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Xfire
2008-08-21 14:00 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Skype
2008-08-21 13:39 --------- d-----w C:\Program Files\eMule
2008-08-21 09:36 --------- d-----w C:\Program Files\Xfire
2008-08-21 09:23 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\skypePM
2008-08-17 18:37 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-08-17 11:36 --------- d-----w C:\Program Files\foobar2000
2008-08-15 18:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-08-12 22:08 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-08-10 18:09 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Moje pliki zapisu Bitwy o Śródziemie
2008-08-08 21:26 --------- d-----w C:\Program Files\Cyanide
2008-08-04 19:32 --------- d-----w C:\Program Files\Ontrack
2008-08-03 21:38 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Moje pliki Bitwy o Śródziemie™ II
2008-08-03 13:14 --------- d-----w C:\Program Files\Icecast2 Win32
2008-08-03 13:02 --------- d-----w C:\Program Files\SHOUTcast
2008-07-31 17:14 --------- d-----w C:\Program Files\Deutsch Translator 2
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-13 18:31 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-13 18:31 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-07 20:19 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 18:38 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-24 16:30 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 15:41 827,904 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-18 20:37 2,045,459 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-04-18 16:35 22,328 ----a-w C:\Documents and Settings\Bartek\Dane aplikacji\PnkBstrK.sys
2008-01-29 17:51 47,360 ----a-w C:\Documents and Settings\Bartek\Dane aplikacji\pcouffin.sys
2008-01-22 11:31 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008012220080123\index.dat
2008-01-22 11:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 1267040]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-08-27 2131392]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-02-21 1142784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Bartek^Menu Start^Programy^Autostart^hamachi.lnk]
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Bartek^Menu Start^Programy^Autostart^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
--a------ 2008-09-18 18:18 492896 C:\Program Files\Dealio\DealioAU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-09-18 18:17 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2007-05-13 16:57 5308416 C:\Program Files\eMule\byzato.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2008-09-18 18:13 2042416 C:\Program Files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-08-27 12:00 2131392 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-09-18 18:13 1729536 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-09-18 19:00 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 23:33 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\eMule\\byzato.exe"=
"C:\\Program Files\\Puzzle Quest\\Puzzle Quest.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"C:\\Program Files\\Icecast2 Win32\\Icecast2win.exe"=
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"D:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50910:TCP"= 50910:TCP:eMule
"24214:UDP"= 24214:UDP:eMule
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-08 2915944]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;C:\Program Files\Icecast2 Win32\icecastService.exe C:\Program Files\Icecast2 Win32 [ ]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-08-29 2368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ]
S3 qcusbser;ZTE USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\ZTEusbmdm.sys [2007-04-04 99584]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-Mp3Detective - (no file)
HKLM-Run-Mp3Detective - (no file)
MSConfigStartUp-DAEMON Tools Pro Agent - D:\Program Files\DAEMON Tools Pro\DTProAgent.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Bartek\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]rxuet22.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.bearshare.com/pl/
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 20:24:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2008-09-18 20:26:14 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-09-18 18:26:09
Przed: 9,239,007,232 bajt˘w wolnych
Po: 9,207,721,984 bajt˘w wolnych
317 --- E O F --- 2008-09-10 05:42:27
