- Kod: Zaznacz wszystko
ComboFix 09-05-26.05 - Serwis 2009-05-28 15:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1623 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Serwis\Pulpit\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Dane aplikacji\twain_32
c:\documents and settings\LocalService\Dane aplikacji\twain_32\user.ds
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain_32\user.ds.cla
c:\windows\system32\twext.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-28 do 2009-05-28 )))))))))))))))))))))))))))))))
.
2009-05-25 14:36 . 2009-05-25 14:37 -------- d-----w c:\documents and settings\Serwis\Ustawienia lokalne\Dane aplikacji\salvation
2009-05-25 14:36 . 2009-05-25 14:36 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\salvation
2009-05-25 14:31 . 2009-05-25 14:31 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-05-25 14:31 . 2009-05-25 18:42 -------- d-----w c:\program files\DAEMON Tools Lite
2009-05-25 14:28 . 2009-05-25 14:33 -------- d-----w c:\documents and settings\Serwis\Dane aplikacji\DAEMON Tools Lite
2009-05-20 06:44 . 2009-05-08 10:05 2051864 ----a-w c:\documents and settings\All Users\Dane aplikacji\avg8\update\backup\avgcorex.dll
2009-05-20 06:44 . 2009-05-08 10:05 354584 ----a-w c:\documents and settings\All Users\Dane aplikacji\avg8\update\backup\avgxch32.dll
2009-05-20 06:44 . 2009-05-08 10:05 3399960 ----a-w c:\documents and settings\All Users\Dane aplikacji\avg8\update\backup\avgui.exe
2009-05-20 06:44 . 2009-05-08 10:05 3288344 ----a-w c:\documents and settings\All Users\Dane aplikacji\avg8\update\backup\setup.exe
2009-05-20 06:44 . 2009-05-08 10:05 2302232 ----a-w c:\documents and settings\All Users\Dane aplikacji\avg8\update\backup\avguiadv.dll
2009-05-20 06:44 . 2009-05-08 10:04 424472 ----a-w c:\documents and settings\All Users\Dane aplikacji\avg8\update\backup\avgwdwsc.dll
2009-05-20 06:44 . 2009-05-08 10:04 312088 ----a-w c:\documents and settings\All Users\Dane aplikacji\avg8\update\backup\avglngx.dll
2009-05-20 06:44 . 2009-05-08 10:04 177432 ----a-w c:\documents and settings\All Users\Dane aplikacji\avg8\update\backup\avgmail.dll
2009-05-20 06:44 . 2009-05-08 10:05 486168 ----a-w c:\documents and settings\All Users\Dane aplikacji\avg8\update\backup\avgrsx.exe
2009-05-20 06:44 . 2009-05-08 10:03 755992 ----a-w c:\documents and settings\All Users\Dane aplikacji\avg8\update\backup\avginet.dll
2009-05-20 06:44 . 2009-05-08 10:03 1437464 ----a-w c:\documents and settings\All Users\Dane aplikacji\avg8\update\backup\avgupd.dll
2009-05-05 10:42 . 2009-05-05 10:42 -------- d-----w c:\documents and settings\Serwis\Ustawienia lokalne\Dane aplikacji\Fallout3
2009-05-05 10:34 . 2009-05-05 10:34 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Fallout3
2009-05-05 10:34 . 2008-09-16 22:20 121064 ------r c:\documents and settings\All Users\Dane aplikacji\Fallout3\setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 13:39 . 2008-12-01 07:59 1364032 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-05-28 13:32 . 2008-09-20 17:49 -------- d-----w c:\documents and settings\Serwis\Dane aplikacji\uTorrent
2009-05-25 14:29 . 2008-09-20 13:14 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-08 10:05 . 2008-09-19 14:37 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-08 10:05 . 2008-09-19 14:37 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-08 10:05 . 2008-09-19 14:37 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-05 10:34 . 2008-09-19 14:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 13:45 . 2008-09-20 19:09 26024 ----a-w c:\documents and settings\Serwis\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-29 06:26 . 2001-10-26 14:15 84208 ----a-w c:\windows\system32\perfc015.dat
2009-04-29 06:26 . 2001-10-26 14:15 491152 ----a-w c:\windows\system32\perfh015.dat
2009-04-23 19:47 . 2008-11-08 13:47 -------- d-----w c:\documents and settings\Serwis\Dane aplikacji\2K Sports
2009-04-20 17:06 . 2009-04-20 17:06 1599488 --sh--w c:\documents and settings\Serwis\Moje dokumentyQoH5Hr_cfdg.exe
2009-04-20 16:58 . 2009-04-20 16:58 1599488 --sh--w c:\documents and settings\Serwis\Moje dokumentyKcg8Ce_cfdg.exe
2009-04-16 18:34 . 2009-04-16 18:34 -------- d-----w c:\program files\Softstunt RM RMVB Converter
2009-04-12 19:36 . 2009-04-12 19:36 -------- d-----w c:\documents and settings\Serwis\Dane aplikacji\Leadertech
2009-04-10 10:15 . 2009-01-09 17:27 189496 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-26 09:11 . 2009-04-24 15:42 2082104 ----a-w c:\documents and settings\Serwis\Dane aplikacji\Mozilla\Firefox\Profiles\cyv245ai.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-03-21 14:42 . 2009-01-09 17:27 139984 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-19 15:46 . 2009-03-19 15:46 1599488 --sh--w c:\documents and settings\Serwis\Moje dokumentyMbH655_cfdg.exe
2009-03-08 20:41 . 2009-03-08 20:41 1599488 --sh--w c:\documents and settings\Serwis\Moje dokumentyWjP0Gh_cfdg.exe
2009-03-06 14:22 . 2004-08-03 22:44 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-04 15:16 . 2009-03-04 15:16 3638 ----a-r c:\documents and settings\Serwis\Dane aplikacji\Microsoft\Installer\{40247AAC-AB0D-449C-882F-90401C3351E8}\_69525f90.exe
2009-03-03 00:10 . 2004-08-03 22:44 826368 ----a-w c:\windows\system32\wininet.dll
2008-12-17 17:05 . 2008-12-17 17:04 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-08-30 1708032]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RGSC"="d:\grys\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-26 306088]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-06 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-17 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-02 1657376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 10:05 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0lbxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2npxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2tjxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2yoxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3dfxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4hwxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6gjxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6pfxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7gvxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7vlxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8etxx.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Documents and Settings\\Serwis\\Moje dokumenty\\utorrent.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Grys\\Infogrames\\Grand Prix 4\\GP4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Grys\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Grys\\GTAIVsc\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Grys\\GTAIVsc\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Grys\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 200834\\fm.exe"=
"d:\\torr\\[PC] Tom Clancy's Splinter Cell Double Agent [RIP] [dopeman]\\TCSCDA\\TCSCDA\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Grys\\KONAMI\\Pro Evolution Soccer 2009\\GCP2009.exe"=
"d:\\Grys\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Grys\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"d:\\Grys\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Grys\\Sports Interactive\\Football Manager 2009\\fm.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-21 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-09-19 325896]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-19 298776]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-08 49152]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-01-23 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-01-23 28800]
S0 ati0lbxx;ati0lbxx;c:\windows\system32\Drivers\ati0lbxx.sys --> c:\windows\system32\Drivers\ati0lbxx.sys [?]
S0 ati2npxx;ati2npxx;c:\windows\system32\Drivers\ati2npxx.sys --> c:\windows\system32\Drivers\ati2npxx.sys [?]
S0 ati2tjxx;ati2tjxx;c:\windows\system32\Drivers\ati2tjxx.sys --> c:\windows\system32\Drivers\ati2tjxx.sys [?]
S0 ati2yoxx;ati2yoxx;c:\windows\system32\Drivers\ati2yoxx.sys --> c:\windows\system32\Drivers\ati2yoxx.sys [?]
S0 ati3dfxx;ati3dfxx;c:\windows\system32\Drivers\ati3dfxx.sys --> c:\windows\system32\Drivers\ati3dfxx.sys [?]
S0 ati4hwxx;ati4hwxx;c:\windows\system32\Drivers\ati4hwxx.sys --> c:\windows\system32\Drivers\ati4hwxx.sys [?]
S0 ati6gjxx;ati6gjxx;c:\windows\system32\Drivers\ati6gjxx.sys --> c:\windows\system32\Drivers\ati6gjxx.sys [?]
S0 ati6pfxx;ati6pfxx;c:\windows\system32\Drivers\ati6pfxx.sys --> c:\windows\system32\Drivers\ati6pfxx.sys [?]
S0 ati7gvxx;ati7gvxx;c:\windows\system32\Drivers\ati7gvxx.sys --> c:\windows\system32\Drivers\ati7gvxx.sys [?]
S0 ati7vlxx;ati7vlxx;c:\windows\system32\Drivers\ati7vlxx.sys --> c:\windows\system32\Drivers\ati7vlxx.sys [?]
S0 ati8etxx;ati8etxx;c:\windows\system32\Drivers\ati8etxx.sys --> c:\windows\system32\Drivers\ati8etxx.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-17 29744]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
SafeBoot-procexp90.Sys
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: efs.gov.pl\www.generatorwnioskow
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Serwis\Dane aplikacji\Mozilla\Firefox\Profiles\cyv245ai.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Serwis\Dane aplikacji\Mozilla\Firefox\Profiles\cyv245ai.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 15:42
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-117609710-1085031214-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,fd,5a,72,40,e8,b5,c1,79,f9,7f,70,d9,92,18,e2,5a,a2,f6,f3,b8,65,c5,
fb,56,a4,b0,01,22,85,da,6e,c9,6c,b7,7b,7c,53,d3,05,01,ea,01,24,77,0d,39,1b,\
"??"=hex:29,31,91,b6,67,2b,cd,ca,15,9f,32,97,f9,4f,4b,0d
[HKEY_USERS\S-1-5-21-117609710-1085031214-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:70,67,22,33,70,41,33,7e,8f,cd,e8,70,7a,b6,fa,7b,6c,c1,98,fe,8f,
fc,2a,74,c6,c1,87,86,50,0e,f5,24,5d,60,61,2a,c6,17,55,3c,0d,4b,9e,02,6e,55,\
"rkeysecu"=hex:5d,ff,39,99,fe,35,8c,01,e8,51,eb,0a,92,3d,a6,9d
.
Czas ukończenia: 2009-05-28 15:43
ComboFix-quarantined-files.txt 2009-05-28 13:43
ComboFix2.txt 2009-02-23 13:40
Przed: 31 226 101 760 bajtów wolnych
Po: 32 077 692 928 bajtów wolnych
210 --- E O F --- 2009-05-13 20:14
