Reader_s.exe

[kokos]

Witam
jako, że siostra "urzędowała" wczoraj na komputerze nie wiem co robiła, ale gdy dziś odpaliłem go, nie dosyć, że avira posypała się z miejsca, to jeszcze bardzo wolno chodzi...

Kod: Zaznacz wszystko

ComboFix 09-03-06.02 - Anna 2009-03-07 17:34:37.6 - NTFSx86
Uruchomiony z: c:\documents and settings\Anna\Pulpit\ComboFix.exe
AV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Outdated)
* Resident AV is active


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anna\reader_s.exe
c:\windows\services.exe
c:\windows\system32\9.tmp
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\E.tmp
c:\windows\system32\reader_s.exe

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_restore


(((((((((((((((((((((((((   Pliki utworzone od 2009-02-07 do 2009-03-07  )))))))))))))))))))))))))))))))
.

2009-03-07 17:32 . 2009-03-07 17:32   80   --a------   c:\windows\system32\8.tmp
2009-03-07 17:28 . 2009-03-07 17:28   <DIR>   d--------   C:\rsit
2009-03-07 17:24 . 2009-03-07 17:24   80   --a------   c:\windows\system32\B.tmp
2009-03-07 17:21 . 2009-03-07 17:34   <DIR>   d--------   c:\program files\ESET
2009-03-07 17:21 . 2009-03-07 17:21   512,096   --a------   c:\windows\system32\drivers\amon.sys
2009-03-07 17:21 . 2009-03-07 17:21   298,104   --a------   c:\windows\system32\imon.dll
2009-03-07 17:21 . 2009-03-07 17:21   15,424   --a------   c:\windows\system32\drivers\nod32drv.sys
2009-03-07 17:17 . 2009-03-07 17:17   35,841   --a------   c:\windows\services.ex_
2009-03-07 17:17 . 2009-03-07 17:17   80   --a------   c:\windows\system32\6.tmp
2009-03-07 16:56 . 2009-03-07 16:56   38,913   --a------   c:\windows\system32\84.tmp
2009-03-07 16:56 . 2009-03-07 16:56   80   --a------   c:\windows\system32\82.tmp
2009-03-07 16:25 . 2009-03-07 16:52   3,568   --ahs----   c:\windows\klif.spi
2009-03-07 16:24 . 2009-03-07 16:24   80   --a------   c:\windows\system32\7.tmp
2009-03-07 16:19 . 2009-03-07 16:19   80   --a------   c:\windows\system32\4.tmp
2009-03-07 16:16 . 2009-03-07 16:16   80   --a------   c:\windows\system32\55.tmp
2009-03-07 16:14 . 2009-03-07 16:14   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-07 15:53 . 2009-03-07 15:53   80   --a------   c:\windows\system32\3.tmp
2009-03-07 15:30 . 2009-03-07 15:30   182,656   --a--c---   c:\windows\system32\dllcache\ndis.sys
2009-03-07 15:30 . 2009-03-07 17:32   130   --a------   c:\windows\adobe.bat
2009-03-07 15:30 . 2009-03-07 15:30   80   --a------   c:\windows\system32\2.tmp
2009-03-07 15:30 . 2009-03-07 15:34   6   --a------   c:\windows\_id.dat
2009-03-07 15:30 . 2009-03-07 15:30   0   --a------   c:\windows\system32\5.tmp
2009-03-07 13:13 . 2009-03-07 13:13   580,096   --a--c---   c:\windows\system32\dllcache\user32.dll
2009-03-07 13:11 . 2009-03-07 13:12   <DIR>   d--------   c:\windows\ERUNT
2009-03-07 13:11 . 2009-03-07 13:23   <DIR>   d--------   C:\SDFix
2009-03-07 09:53 . 2009-03-07 09:53   952   --ahs----   c:\windows\system32\KGyGaAvL.sys
2009-03-07 09:52 . 2009-03-07 09:52   <DIR>   d--------   c:\documents and settings\Anna\Dane aplikacji\Thinstall
2009-03-01 16:21 . 2009-03-01 16:21   <DIR>   d--------   c:\windows\system32\LogFiles
2009-02-28 15:40 . 2009-02-28 15:40   <DIR>   d--------   c:\program files\SopCast
2009-02-26 18:47 . 2009-02-26 18:47   <DIR>   d--------   c:\documents and settings\Anna\.gstreamer-0.10
2009-02-26 18:46 . 2009-02-26 19:54   <DIR>   d--------   c:\documents and settings\Anna\Dane aplikacji\Nowe Gadu-Gadu
2009-02-26 18:45 . 2009-02-26 18:45   <DIR>   d--------   c:\program files\Nowe Gadu-Gadu
2009-02-24 19:56 . 2009-02-24 19:56   27,236   --a------   C:\TeamPlayersDB.2.xml
2009-02-24 19:56 . 2009-02-24 19:56   18,388   --a------   C:\HistTM_2009_55.2.xml
2009-02-24 19:56 . 2009-02-24 19:56   104   --a------   C:\SquadTrainers.xml
2009-02-23 18:58 . 2009-03-01 11:02   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2009-02-22 13:42 . 2009-02-22 13:46   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\gong
2009-02-22 13:40 . 2009-02-22 13:57   <DIR>   d--------   C:\Gong
2009-02-17 09:01 . 2009-02-22 13:11   <DIR>   d--------   c:\program files\FlashFXP
2009-02-17 09:01 . 2009-02-17 09:01   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\FlashFXP
2009-02-16 20:01 . 2009-02-16 20:01   385   --a------   c:\windows\ODBC.INI
2009-02-15 21:08 . 2009-02-15 21:08   <DIR>   d--------   c:\program files\INSYDE
2009-02-14 13:12 . 2009-02-26 19:45   <DIR>   d--------   c:\documents and settings\Anna\Dane aplikacji\GanymedeNet
2009-02-14 13:11 . 2009-02-14 13:12   <DIR>   d--------   c:\program files\Ganymede
2009-02-08 21:49 . 2009-02-08 21:49   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2009-02-08 21:47 . 2009-02-08 21:47   <DIR>   d--------   c:\program files\Common Files\Adobe Systems Shared
2009-02-08 21:46 . 2009-02-08 21:47   <DIR>   d--------   c:\program files\Common Files\Adobe
2009-02-07 13:57 . 2009-03-07 17:07   <DIR>   d--h-----   c:\documents and settings\Administrator\Ustawienia lokalne
2009-02-07 13:57 . 2009-02-07 13:59   <DIR>   d--------   c:\documents and settings\Administrator\Ulubione
2009-02-07 13:57 . 2009-01-24 14:23   <DIR>   d--h-----   c:\documents and settings\Administrator\Szablony
2009-02-07 13:57 . 2009-01-24 14:19   <DIR>   d--------   c:\documents and settings\Administrator\Pulpit
2009-02-07 13:57 . 2009-01-24 14:19   <DIR>   d--------   c:\documents and settings\Administrator\Moje dokumenty
2009-02-07 13:57 . 2009-01-24 14:19   <DIR>   dr-------   c:\documents and settings\Administrator\Menu Start
2009-02-07 13:57 . 2009-01-24 14:19   <DIR>   dr-h-----   c:\documents and settings\Administrator\Dane aplikacji
2009-02-07 13:57 . 2009-02-07 13:57   <DIR>   d--------   c:\documents and settings\Administrator
2009-02-07 13:57 . 2009-03-07 15:49   664   --a------   c:\windows\system32\d3d9caps.dat
2009-02-07 13:40 . 2009-02-07 13:40   <DIR>   d--------   c:\program files\DIFX

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 16:44   31,901   ----a-w   c:\windows\system32\C.tmp
2009-03-07 16:05   ---------   d-----w   c:\program files\foobar2000
2009-03-07 15:52   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\foobar2000
2009-03-07 15:29   138,240   ----a-w   c:\windows\system32\verclsid.exe
2009-03-07 15:28   291,840   ----a-w   c:\windows\regedit.exe
2009-03-07 15:25   657,408   ----a-w   c:\windows\system32\logonui.exe
2009-03-07 15:25   571,392   ----a-w   c:\windows\system32\cmd.exe
2009-03-07 15:25   46,080   ----a-w   c:\windows\system32\agrsmsvc.exe
2009-03-07 15:25   278,528   ----a-w   c:\windows\system32\nvsvc32.exe
2009-03-07 15:24   110,080   ----a-w   c:\windows\system32\rundll32.exe
2009-03-07 15:24   1,079,296   ----a-w   c:\windows\explorer.exe
2009-03-07 15:21   31,744   ----a-w   c:\windows\system32\ntsd.exe
2009-03-07 15:21   253,440   ----a-w   c:\windows\system32\logon.scr
2009-03-07 15:21   171,520   ----a-w   c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
2009-03-07 15:19   287,232   ----a-w   c:\windows\system32\wuauclt.exe
2009-03-07 14:30   182,656   ----a-w   c:\windows\system32\drivers\ndis.sys
2009-03-03 20:07   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Skype
2009-03-03 19:52   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\skypePM
2009-02-18 08:34   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\BESTplayer
2009-02-16 19:15   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-02-03 18:52   ---------   d-----w   c:\program files\Common Files\Skype
2009-02-03 18:52   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-03 18:52   ---------   d-----r   c:\program files\Skype
2009-02-02 19:36   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Samsung
2009-02-02 19:23   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-02 19:23   ---------   d-----w   c:\program files\Samsung
2009-01-31 08:36   ---------   d-----w   c:\program files\hp deskjet 3820 series
2009-01-31 08:36   ---------   d-----w   c:\program files\Hewlett-Packard
2009-01-28 18:07   ---------   d-----w   c:\program files\Futuremark
2009-01-28 14:24   ---------   d-----w   c:\program files\Broadcom
2009-01-28 09:59   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Media Player Classic
2009-01-28 07:52   ---------   d-----w   c:\program files\Real Alternative
2009-01-27 21:42   ---------   d-----w   c:\program files\K-Lite Codec Pack
2009-01-27 09:53   ---------   d-----w   c:\program files\Cream Software
2009-01-27 09:53   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Cream Software
2009-01-25 14:35   ---------   d-----w   c:\program files\Common Files\INCA Shared
2009-01-25 13:58   410,984   ----a-w   c:\windows\system32\deploytk.dll
2009-01-25 13:58   ---------   d-----w   c:\program files\Java
2009-01-25 11:56   ---------   d-----w   c:\program files\Gothic III
2009-01-25 11:05   271,360   ----a-w   c:\windows\system32\drivers\atksgt.sys
2009-01-25 11:05   18,048   ----a-w   c:\windows\system32\drivers\lirsgt.sys
2009-01-25 10:39   ---------   d-----w   c:\program files\MSBuild
2009-01-25 10:39   ---------   d-----w   c:\program files\Microsoft Works
2009-01-25 09:44   ---------   d-----w   c:\program files\Microsoft Silverlight
2009-01-24 21:18   ---------   d-----w   c:\program files\AGEIA Technologies
2009-01-24 20:54   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Gadu-Gadu
2009-01-24 20:18   ---------   d-----w   c:\program files\Foxit Software
2009-01-24 20:18   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Foxit
2009-01-24 20:00   ---------   d-----w   c:\program files\Gadu-Gadu
2009-01-24 19:41   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Avira
2009-01-24 19:26   ---------   d-----w   c:\program files\WIDCOMM
2009-01-24 19:11   ---------   d-----w   c:\program files\Fingerprint Sensor
2009-01-24 18:56   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-24 18:54   ---------   d-----w   c:\program files\Games-Masters.com
2009-01-24 14:11   ---------   d-----w   c:\program files\Common Files\Ahead
2009-01-24 14:11   ---------   d-----w   c:\program files\Ahead
2009-01-24 13:59   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Broadcom
2009-01-24 13:56   315,392   ----a-w   c:\windows\HideWin.exe
2009-01-24 13:56   ---------   d-----w   c:\program files\Realtek
2009-01-24 13:53   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Atheros
2009-01-24 13:39   ---------   d-----w   c:\program files\Marvell
2009-01-24 13:39   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\InstallShield
2009-01-24 13:36   ---------   d-----w   c:\program files\Intel
2009-01-24 13:34   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-01-24 13:32   ---------   d-----w   c:\program files\Lavalys
2009-01-24 13:27   ---------   d-----w   c:\program files\microsoft frontpage
2009-01-24 13:26   558,142   ----a-w   c:\windows\java\Packages\771R9FPR.ZIP
2009-01-24 13:26   155,995   ----a-w   c:\windows\java\Packages\IYW9R7H3.ZIP
2009-01-24 13:23   ---------   d-----w   c:\program files\Usługi online
2008-12-16 21:07   453,152   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-12-11 00:33   86,016   ----a-w   c:\windows\system32\dpl100.dll
2008-12-08 11:53   57,344   ----a-w   c:\windows\system32\ff_vfw.dll
2008-12-07 18:08   795,648   ----a-w   c:\windows\system32\xvidcore.dll
2008-12-07 18:08   130,048   ----a-w   c:\windows\system32\xvidvfw.dll
.

------- Sigcheck -------

2002-09-28 23:00  167552  1df7f42665c94b825322fae71721130d   c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-14 00:50  182656  1df7f42665c94b825322fae71721130d   c:\windows\ServicePackFiles\i386\ndis.sys
2009-03-07 15:30  213120  1df7f42665c94b825322fae71721130d   c:\windows\system32\dllcache\ndis.sys
2009-03-07 15:30  213120  1df7f42665c94b825322fae71721130d   c:\windows\system32\drivers\ndis.sys

2009-03-07 16:24  1079296  66214e257b8e9d51c1345b61ee80489e   c:\windows\explorer.exe
2002-09-28 23:00  1082368  48db8013c416b71d2863f588b9a5b365   c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 22:51  1079296  2cf618bbb5227e6572eefe5e156444ea   c:\windows\ServicePackFiles\i386\explorer.exe

2002-09-28 23:00  24576  db2c3f1dfab298a08b34f50226ea4327   c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 22:51  26624  d433f6cac3daff5542c5b39c073126a7   c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 22:51  26624  c10bb99b2e11e5508d0ef55b67eff6c0   c:\windows\system32\ctfmon.exe

2002-09-28 23:00  186368  158988760565498409b1bbec326d4f61   c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-04-14 22:51  156160  f0dbd1e2dbdbe5ab991cdeffa6830711   c:\windows\ServicePackFiles\i386\wuauclt.exe
2009-03-07 16:19  287232  530008507acb02fcfb3723db8580b3ec   c:\windows\system32\wuauclt.exe

2002-09-28 23:00  66560  242c31aeedb56bc275fc692e89a01318   c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 22:51  37888  ddccdb74e252ea59fc1fe2335be34d30   c:\windows\ServicePackFiles\i386\userinit.exe
2009-03-07 16:20  103424  860cfe6cbc0a0106b89976617254282d   c:\windows\system32\userinit.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 26624]
"reader_s"="c:\documents and settings\Anna\reader_s.exe" [2009-03-07 33280]
"services"="c:\windows\services.exe" [2009-03-07 35841]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13594624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-08 86016]
"reader_s"="c:\windows\System32\reader_s.exe" [2009-03-07 33280]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-03-07 994432]
"services"="c:\windows\services.exe" [2009-03-07 35841]
"nwiz"="nwiz.exe" [2008-12-08 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 26624]
"reader_s"="c:\documents and settings\Anna\reader_s.exe" [2009-03-07 33280]
"services"="c:\windows\services.exe" [2009-03-07 35841]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"services"="c:\windows\services.exe" [2009-03-07 35841]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"services"="c:\windows\services.exe" [2009-03-07 35841]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"services"="c:\windows\services.exe" [2009-03-07 35841]

c:\documents and settings\Anna\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 157696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2006-07-17 22:40 65536 c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-03-28 10:20 200704 c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 200704 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-12-08 05:42 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-25 14:58 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-04-18 15:30 16861696 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\DRIVERS\qcusbmdm.sys [2003-03-11 59632]
R3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\system32\DRIVERS\qcusbser.sys [2003-03-11 59632]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-03-07 15424]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-09-24 41376]


--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - AFD
*Deregistered* - AgereModemAudio
*Deregistered* - ALG
*Deregistered* - AMON
*Deregistered* - atksgt
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avipbb
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - BTKRNL
*Deregistered* - btwdins
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - Int15
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - lirsgt
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - nod32drv
*Deregistered* - NOD32krn
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssmdrv
*Deregistered* - StarOpen
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33bc1556-00d8-11de-9872-0016ea645a52}]
\Shell\AutoRun\command - a2h2.com
\Shell\open\Command - a2h2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcf7085b-0ae7-11de-989a-0016ea645a52}]
\Shell\AutoRun\command - F:\2.bat
\Shell\open\Command - F:\2.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcf7085c-0ae7-11de-989a-0016ea645a52}]
\Shell\AutoRun\command - 2.bat
\Shell\open\Command - 2.bat
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Anna\Dane aplikacji\Mozilla\Firefox\Profiles\y7oxoe0u.default\
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 17:43:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 


c:\windows\system32\reader_s.exe 33280 bytes executable
c:\windows\system32\9.tmp 80 bytes

skanowanie pomyślnie ukończone
ukryte pliki: 2

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\Temp\BN1.tmp
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-07 17:45:47 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-03-07 16:45:43
ComboFix2.txt  2009-03-07 16:07:51

Przed: 129 347 379 200 bajtów wolnych
Po: 129,180,426,240 bajtów wolnych

412


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:35, on 2009-03-07
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN1.tmp
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anna\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Anna\reader_s.exe
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-21-515967899-448539723-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-515967899-448539723-682003330-1003\..\Run: [reader_s] C:\Documents and Settings\Anna\reader_s.exe (User '?')
O4 - HKUS\S-1-5-21-515967899-448539723-682003330-1003\..\Run: [services] C:\WINDOWS\services.exe (User '?')
O4 - HKUS\S-1-5-21-515967899-448539723-682003330-1003\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - S-1-5-21-515967899-448539723-682003330-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6886 bytes


Liczę na szybką, fachową pomoc

[wojtas]

skasuj:

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Anna\reader_s.exe
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-21-515967899-448539723-682003330-1003\..\Run: [reader_s] C:\Documents and Settings\Anna\reader_s.exe (User '?')
O4 - HKUS\S-1-5-21-515967899-448539723-682003330-1003\..\Run: [services] C:\WINDOWS\services.exe (User '?')
O4 - HKUS\S-1-5-21-515967899-448539723-682003330-1003\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User '?')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\8.tmp
c:\windows\system32\B.tmp
c:\windows\services.ex_
c:\windows\system32\6.tmp
c:\windows\system32\84.tmp
c:\windows\system32\82.tmp
c:\windows\system32\7.tmp
c:\windows\system32\4.tmp
c:\windows\system32\55.tmp
c:\windows\system32\3.tmp
c:\windows\adobe.bat
c:\windows\system32\2.tmp
c:\windows\system32\reader_s.exe
c:\windows\Temp\BN1.tmp
c:\windows\system32\9.tmp
c:\windows\_id.dat
c:\windows\system32\5.tmp
c:\windows\system32\C.tmp

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reader_s"=-
"services"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reader_s"=-
"services"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"reader_s"=-
"services"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"services"=-
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"services"=-
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"services"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33bc1556-00d8-11de-9872-0016ea645a52}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcf7085b-0ae7-11de-989a-0016ea645a52}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcf7085c-0ae7-11de-989a-0016ea645a52}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[kokos]

Kod: Zaznacz wszystko

ComboFix 09-03-06.02 - Anna 2009-03-07 18:12:29.7 - NTFSx86
Uruchomiony z: c:\documents and settings\Anna\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Anna\Pulpit\CFScript.txt
AV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Outdated)
* Resident AV is active


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::
c:\windows\_id.dat
c:\windows\adobe.bat
c:\windows\services.ex_
c:\windows\system32\2.tmp
c:\windows\system32\3.tmp
c:\windows\system32\4.tmp
c:\windows\system32\5.tmp
c:\windows\system32\55.tmp
c:\windows\system32\6.tmp
c:\windows\system32\7.tmp
c:\windows\system32\8.tmp
c:\windows\system32\82.tmp
c:\windows\system32\84.tmp
c:\windows\system32\9.tmp
c:\windows\system32\B.tmp
c:\windows\system32\C.tmp
c:\windows\system32\reader_s.exe
c:\windows\Temp\BN1.tmp
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anna\reader_s.exe
c:\windows\_id.dat
c:\windows\adobe.bat
c:\windows\services.ex_
c:\windows\services.exe
c:\windows\system32\2.tmp
c:\windows\system32\3.tmp
c:\windows\system32\4.tmp
c:\windows\system32\5.tmp
c:\windows\system32\55.tmp
c:\windows\system32\6.tmp
c:\windows\system32\7.tmp
c:\windows\system32\8.tmp
c:\windows\system32\82.tmp
c:\windows\system32\84.tmp
c:\windows\system32\9.tmp
c:\windows\system32\B.tmp
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\reader_s.exe
c:\windows\Temp\BN1.tmp

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_restore


(((((((((((((((((((((((((   Pliki utworzone od 2009-02-07 do 2009-03-07  )))))))))))))))))))))))))))))))
.

2009-03-07 18:09 . 2009-03-07 18:09   33,280   --a------   c:\windows\system32\D.tm_
2009-03-07 18:09 . 2009-03-07 18:09   80   --a------   c:\windows\system32\A.tmp
2009-03-07 17:28 . 2009-03-07 17:28   <DIR>   d--------   C:\rsit
2009-03-07 17:21 . 2009-03-07 17:51   <DIR>   d--------   c:\program files\ESET
2009-03-07 17:21 . 2009-03-07 17:21   512,096   --a------   c:\windows\system32\drivers\amon.sys
2009-03-07 17:21 . 2009-03-07 17:21   298,104   --a------   c:\windows\system32\imon.dll
2009-03-07 17:21 . 2009-03-07 17:21   15,424   --a------   c:\windows\system32\drivers\nod32drv.sys
2009-03-07 16:25 . 2009-03-07 16:52   3,568   --ahs----   c:\windows\klif.spi
2009-03-07 16:14 . 2009-03-07 16:14   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-07 15:30 . 2009-03-07 15:30   182,656   --a--c---   c:\windows\system32\dllcache\ndis.sys
2009-03-07 13:13 . 2009-03-07 13:13   580,096   --a--c---   c:\windows\system32\dllcache\user32.dll
2009-03-07 13:11 . 2009-03-07 13:12   <DIR>   d--------   c:\windows\ERUNT
2009-03-07 13:11 . 2009-03-07 13:23   <DIR>   d--------   C:\SDFix
2009-03-07 09:53 . 2009-03-07 09:53   952   --ahs----   c:\windows\system32\KGyGaAvL.sys
2009-03-07 09:52 . 2009-03-07 09:52   <DIR>   d--------   c:\documents and settings\Anna\Dane aplikacji\Thinstall
2009-03-01 16:21 . 2009-03-01 16:21   <DIR>   d--------   c:\windows\system32\LogFiles
2009-02-28 15:40 . 2009-02-28 15:40   <DIR>   d--------   c:\program files\SopCast
2009-02-26 18:47 . 2009-02-26 18:47   <DIR>   d--------   c:\documents and settings\Anna\.gstreamer-0.10
2009-02-26 18:46 . 2009-02-26 19:54   <DIR>   d--------   c:\documents and settings\Anna\Dane aplikacji\Nowe Gadu-Gadu
2009-02-26 18:45 . 2009-02-26 18:45   <DIR>   d--------   c:\program files\Nowe Gadu-Gadu
2009-02-24 19:56 . 2009-02-24 19:56   27,236   --a------   C:\TeamPlayersDB.2.xml
2009-02-24 19:56 . 2009-02-24 19:56   18,388   --a------   C:\HistTM_2009_55.2.xml
2009-02-24 19:56 . 2009-02-24 19:56   104   --a------   C:\SquadTrainers.xml
2009-02-23 18:58 . 2009-03-01 11:02   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2009-02-22 13:42 . 2009-02-22 13:46   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\gong
2009-02-22 13:40 . 2009-02-22 13:57   <DIR>   d--------   C:\Gong
2009-02-17 09:01 . 2009-02-22 13:11   <DIR>   d--------   c:\program files\FlashFXP
2009-02-17 09:01 . 2009-02-17 09:01   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\FlashFXP
2009-02-16 20:01 . 2009-02-16 20:01   385   --a------   c:\windows\ODBC.INI
2009-02-15 21:08 . 2009-02-15 21:08   <DIR>   d--------   c:\program files\INSYDE
2009-02-14 13:12 . 2009-02-26 19:45   <DIR>   d--------   c:\documents and settings\Anna\Dane aplikacji\GanymedeNet
2009-02-14 13:11 . 2009-02-14 13:12   <DIR>   d--------   c:\program files\Ganymede
2009-02-08 21:49 . 2009-02-08 21:49   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2009-02-08 21:47 . 2009-02-08 21:47   <DIR>   d--------   c:\program files\Common Files\Adobe Systems Shared
2009-02-08 21:46 . 2009-02-08 21:47   <DIR>   d--------   c:\program files\Common Files\Adobe
2009-02-07 13:57 . 2009-03-07 17:45   <DIR>   d--h-----   c:\documents and settings\Administrator\Ustawienia lokalne
2009-02-07 13:57 . 2009-02-07 13:59   <DIR>   d--------   c:\documents and settings\Administrator\Ulubione
2009-02-07 13:57 . 2009-01-24 14:23   <DIR>   d--h-----   c:\documents and settings\Administrator\Szablony
2009-02-07 13:57 . 2009-01-24 14:19   <DIR>   d--------   c:\documents and settings\Administrator\Pulpit
2009-02-07 13:57 . 2009-01-24 14:19   <DIR>   d--------   c:\documents and settings\Administrator\Moje dokumenty
2009-02-07 13:57 . 2009-01-24 14:19   <DIR>   dr-------   c:\documents and settings\Administrator\Menu Start
2009-02-07 13:57 . 2009-01-24 14:19   <DIR>   dr-h-----   c:\documents and settings\Administrator\Dane aplikacji
2009-02-07 13:57 . 2009-02-07 13:57   <DIR>   d--------   c:\documents and settings\Administrator
2009-02-07 13:57 . 2009-03-07 15:49   664   --a------   c:\windows\system32\d3d9caps.dat
2009-02-07 13:40 . 2009-02-07 13:40   <DIR>   d--------   c:\program files\DIFX

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 16:05   ---------   d-----w   c:\program files\foobar2000
2009-03-07 15:52   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\foobar2000
2009-03-07 15:29   138,240   ----a-w   c:\windows\system32\verclsid.exe
2009-03-07 15:28   291,840   ----a-w   c:\windows\regedit.exe
2009-03-07 15:25   657,408   ----a-w   c:\windows\system32\logonui.exe
2009-03-07 15:25   571,392   ----a-w   c:\windows\system32\cmd.exe
2009-03-07 15:25   46,080   ----a-w   c:\windows\system32\agrsmsvc.exe
2009-03-07 15:25   278,528   ----a-w   c:\windows\system32\nvsvc32.exe
2009-03-07 15:24   110,080   ----a-w   c:\windows\system32\rundll32.exe
2009-03-07 15:24   1,079,296   ----a-w   c:\windows\explorer.exe
2009-03-07 15:21   31,744   ----a-w   c:\windows\system32\ntsd.exe
2009-03-07 15:21   253,440   ----a-w   c:\windows\system32\logon.scr
2009-03-07 15:21   171,520   ----a-w   c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
2009-03-07 15:19   287,232   ----a-w   c:\windows\system32\wuauclt.exe
2009-03-07 14:30   182,656   ----a-w   c:\windows\system32\drivers\ndis.sys
2009-03-03 20:07   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Skype
2009-03-03 19:52   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\skypePM
2009-02-18 08:34   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\BESTplayer
2009-02-16 19:15   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-02-03 18:52   ---------   d-----w   c:\program files\Common Files\Skype
2009-02-03 18:52   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-03 18:52   ---------   d-----r   c:\program files\Skype
2009-02-02 19:36   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Samsung
2009-02-02 19:23   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-02 19:23   ---------   d-----w   c:\program files\Samsung
2009-01-31 08:36   ---------   d-----w   c:\program files\hp deskjet 3820 series
2009-01-31 08:36   ---------   d-----w   c:\program files\Hewlett-Packard
2009-01-28 18:07   ---------   d-----w   c:\program files\Futuremark
2009-01-28 14:24   ---------   d-----w   c:\program files\Broadcom
2009-01-28 09:59   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Media Player Classic
2009-01-28 07:52   ---------   d-----w   c:\program files\Real Alternative
2009-01-27 21:42   ---------   d-----w   c:\program files\K-Lite Codec Pack
2009-01-27 09:53   ---------   d-----w   c:\program files\Cream Software
2009-01-27 09:53   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Cream Software
2009-01-25 14:35   ---------   d-----w   c:\program files\Common Files\INCA Shared
2009-01-25 13:58   410,984   ----a-w   c:\windows\system32\deploytk.dll
2009-01-25 13:58   ---------   d-----w   c:\program files\Java
2009-01-25 11:56   ---------   d-----w   c:\program files\Gothic III
2009-01-25 11:05   271,360   ----a-w   c:\windows\system32\drivers\atksgt.sys
2009-01-25 11:05   18,048   ----a-w   c:\windows\system32\drivers\lirsgt.sys
2009-01-25 10:39   ---------   d-----w   c:\program files\MSBuild
2009-01-25 10:39   ---------   d-----w   c:\program files\Microsoft Works
2009-01-25 09:44   ---------   d-----w   c:\program files\Microsoft Silverlight
2009-01-24 21:18   ---------   d-----w   c:\program files\AGEIA Technologies
2009-01-24 20:54   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Gadu-Gadu
2009-01-24 20:18   ---------   d-----w   c:\program files\Foxit Software
2009-01-24 20:18   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\Foxit
2009-01-24 20:00   ---------   d-----w   c:\program files\Gadu-Gadu
2009-01-24 19:41   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Avira
2009-01-24 19:26   ---------   d-----w   c:\program files\WIDCOMM
2009-01-24 19:11   ---------   d-----w   c:\program files\Fingerprint Sensor
2009-01-24 18:56   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-24 18:54   ---------   d-----w   c:\program files\Games-Masters.com
2009-01-24 14:11   ---------   d-----w   c:\program files\Common Files\Ahead
2009-01-24 14:11   ---------   d-----w   c:\program files\Ahead
2009-01-24 13:59   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Broadcom
2009-01-24 13:56   315,392   ----a-w   c:\windows\HideWin.exe
2009-01-24 13:56   ---------   d-----w   c:\program files\Realtek
2009-01-24 13:53   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Atheros
2009-01-24 13:39   ---------   d-----w   c:\program files\Marvell
2009-01-24 13:39   ---------   d-----w   c:\documents and settings\Anna\Dane aplikacji\InstallShield
2009-01-24 13:36   ---------   d-----w   c:\program files\Intel
2009-01-24 13:34   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-01-24 13:32   ---------   d-----w   c:\program files\Lavalys
2009-01-24 13:27   ---------   d-----w   c:\program files\microsoft frontpage
2009-01-24 13:26   558,142   ----a-w   c:\windows\java\Packages\771R9FPR.ZIP
2009-01-24 13:26   155,995   ----a-w   c:\windows\java\Packages\IYW9R7H3.ZIP
2009-01-24 13:23   ---------   d-----w   c:\program files\Usługi online
2008-12-16 21:07   453,152   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-12-11 00:33   86,016   ----a-w   c:\windows\system32\dpl100.dll
2008-12-08 11:53   57,344   ----a-w   c:\windows\system32\ff_vfw.dll
2008-12-07 18:08   795,648   ----a-w   c:\windows\system32\xvidcore.dll
2008-12-07 18:08   130,048   ----a-w   c:\windows\system32\xvidvfw.dll
.

------- Sigcheck -------

2002-09-28 23:00  167552  1df7f42665c94b825322fae71721130d   c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-14 00:50  182656  1df7f42665c94b825322fae71721130d   c:\windows\ServicePackFiles\i386\ndis.sys
2009-03-07 15:30  213120  1df7f42665c94b825322fae71721130d   c:\windows\system32\dllcache\ndis.sys
2009-03-07 15:30  213120  1df7f42665c94b825322fae71721130d   c:\windows\system32\drivers\ndis.sys

2009-03-07 16:24  1079296  66214e257b8e9d51c1345b61ee80489e   c:\windows\explorer.exe
2002-09-28 23:00  1082368  48db8013c416b71d2863f588b9a5b365   c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 22:51  1079296  2cf618bbb5227e6572eefe5e156444ea   c:\windows\ServicePackFiles\i386\explorer.exe

2002-09-28 23:00  24576  db2c3f1dfab298a08b34f50226ea4327   c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 22:51  26624  d433f6cac3daff5542c5b39c073126a7   c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 22:51  26624  c10bb99b2e11e5508d0ef55b67eff6c0   c:\windows\system32\ctfmon.exe

2002-09-28 23:00  219136  2198f6cdea5efbf6b718e01cd1d44206   c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-04-14 22:51  156160  f0dbd1e2dbdbe5ab991cdeffa6830711   c:\windows\ServicePackFiles\i386\wuauclt.exe
2009-03-07 16:19  287232  530008507acb02fcfb3723db8580b3ec   c:\windows\system32\wuauclt.exe

2002-09-28 23:00  66560  242c31aeedb56bc275fc692e89a01318   c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 22:51  37888  ddccdb74e252ea59fc1fe2335be34d30   c:\windows\ServicePackFiles\i386\userinit.exe
2009-03-07 16:20  103424  860cfe6cbc0a0106b89976617254282d   c:\windows\system32\userinit.exe
.
(((((((((((((((((((((((((((((   SnapShot@2009-03-07_17.45.14.21   )))))))))))))))))))))))))))))))))))))))))
.
- 2002-09-28 22:00:00   1,049,600   -c----w   c:\windows\$NtServicePackUninstall$\explorer.exe
+ 2002-09-28 22:00:00   1,082,368   -c----w   c:\windows\$NtServicePackUninstall$\explorer.exe
- 2002-09-28 22:00:00   33,792   -c----w   c:\windows\$NtServicePackUninstall$\userinit.exe
+ 2002-09-28 22:00:00   66,560   -c----w   c:\windows\$NtServicePackUninstall$\userinit.exe
- 2002-09-28 22:00:00   153,600   -c----w   c:\windows\$NtServicePackUninstall$\wuauclt.exe
+ 2002-09-28 22:00:00   186,368   -c----w   c:\windows\$NtServicePackUninstall$\wuauclt.exe
- 2005-10-20 19:02:28   163,328   ----a-w   c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28   178,176   ----a-w   c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 07:00:00   75,776   ----a-w   c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00   29,696   ----a-w   c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00   271,872   ----a-w   c:\windows\SWREG.exe
+ 2000-08-31 07:00:00   173,568   ----a-w   c:\windows\SWREG.exe
- 2009-03-07 16:43:23   32,768   ----a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-07 17:21:08   32,768   ----a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-07 16:43:23   32,768   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2009-03-07 17:21:08   32,768   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2009-03-07 16:43:24   32,768   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012009030720090308\index.dat
+ 2009-03-07 17:21:08   32,768   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012009030720090308\index.dat
- 2009-03-07 16:43:33   49,152   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-07 17:21:14   49,152   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-07 17:20:47   11,776   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\P4DK78CT\load[1].exe
- 2008-04-14 21:51:24   73,216   ----a-w   c:\windows\system32\magnify.exe
+ 2008-04-14 21:51:24   117,760   ----a-w   c:\windows\system32\magnify.exe
- 2009-03-07 15:20:35   138,752   ----a-w   c:\windows\system32\mshta.exe
+ 2009-03-07 15:20:35   171,520   ----a-w   c:\windows\system32\mshta.exe
- 2008-04-14 21:51:36   35,840   ----a-w   c:\windows\system32\rcimlby.exe
+ 2008-04-14 21:51:36   80,384   ----a-w   c:\windows\system32\rcimlby.exe
- 2002-09-28 22:00:00   164,352   ----a-w   c:\windows\system32\winmine.exe
+ 2002-09-28 22:00:00   229,888   ----a-w   c:\windows\system32\winmine.exe
+ 2009-03-07 17:20:25   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_1cc.dat
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13594624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-08 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-03-07 1059968]
"nwiz"="nwiz.exe" [2008-12-08 c:\windows\system32\nwiz.exe]

c:\documents and settings\Anna\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 189952]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2006-07-17 22:40 65536 c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-03-28 10:20 200704 c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 200704 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-12-08 05:42 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-25 14:58 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-04-18 15:30 16861696 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\DRIVERS\qcusbmdm.sys [2003-03-11 59632]
R3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\system32\DRIVERS\qcusbser.sys [2003-03-11 59632]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-03-07 15424]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-09-24 41376]


--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - AFD
*Deregistered* - AgereModemAudio
*Deregistered* - ALG
*Deregistered* - AMON
*Deregistered* - atksgt
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avipbb
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - BTKRNL
*Deregistered* - btwdins
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - Int15
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - lirsgt
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - nod32drv
*Deregistered* - NOD32krn
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssmdrv
*Deregistered* - StarOpen
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Anna\Dane aplikacji\Mozilla\Firefox\Profiles\y7oxoe0u.default\
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 18:21:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\Temp\BN3.tmp
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-07 18:23:07 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-03-07 17:23:04
ComboFix2.txt  2009-03-07 16:45:48
ComboFix3.txt  2009-03-07 16:07:51

Przed: 128 934 551 552 bajtów wolnych
Po: 128,886,747,136 bajtów wolnych

442


[wojtas]

Wykonaj to co jest podane w tym temacie

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\D.tm_
c:\windows\system32\A.tmp

Folder::
c:\windows\Temp

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.