
ComboFix 09-02-05.01 - Seba 2009-02-05 23:13:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.669 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Seba\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\IEToolbar
c:\program files\IEToolbar\ECO Bar\basis.xml
c:\program files\IEToolbar\ECO Bar\ecobar.dll
c:\program files\IEToolbar\ECO Bar\icons.bmp
c:\program files\IEToolbar\ECO Bar\info.txt
c:\program files\IEToolbar\ECO Bar\tbhelper.dll
c:\program files\IEToolbar\ECO Bar\uninstall.exe
c:\program files\IEToolbar\ECO Bar\version.txt
c:\program files\IEToolbar\ECO Bar\your_logo.png
c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]265840F
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]2658660
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]2658799.bin
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]265893F.bin
c:\program files\myglobalsearch\bar\Cache\[u]0[/u]2658A58.bin
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\program files\p2pmax
c:\program files\p2pmax\p2pmaxu.exe
c:\windows\system32\ityeayfvwggzieka.dll
c:\windows\system32\tmp14.tmp
c:\windows\ufdata2000.log
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
J:\Autorun.inf
K:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_POWERMANAGER
((((((((((((((((((((((((( Pliki utworzone od 2009-01-05 do 2009-02-05 )))))))))))))))))))))))))))))))
.
2009-02-05 18:43 . 2009-02-05 18:45 <DIR> d-------- c:\program files\Winamp
2009-02-05 18:43 . 2009-02-05 20:47 1,125 --a------ c:\windows\winamp.ini
2009-02-05 18:41 . 2009-02-05 18:41 706 --a------ c:\windows\unins000.dat
2009-02-05 00:27 . 2009-02-05 00:27 <DIR> d-------- C:\SOPHTEMP
2009-02-04 23:33 . 2009-02-04 23:33 <DIR> d-------- c:\windows\ERUNT
2009-02-04 23:27 . 2009-02-04 23:39 <DIR> d-------- C:\SDFix
2009-02-03 21:59 . 2009-02-03 22:20 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\FarmFrenzy2
2009-02-03 20:53 . 2009-02-03 20:53 <DIR> d-------- c:\program files\7-Zip
2009-02-03 20:49 . 2009-02-03 20:49 <DIR> d-------- c:\program files\EA GAMES
2009-02-03 20:30 . 2009-02-03 20:30 <DIR> d-------- c:\documents and settings\Seba\Dane aplikacji\PlanetPlayMore
2009-02-03 18:24 . 2009-02-03 18:24 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DivoGames
2009-02-03 17:00 . 2009-02-03 17:00 632 --a------ c:\windows\CoDUO.INI
2009-02-03 16:56 . 2009-02-03 20:11 632 --a------ c:\windows\CoD.INI
2009-02-02 19:11 . 2009-02-02 19:11 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Awem
2009-02-01 21:49 . 2009-02-01 21:49 <DIR> d-------- c:\program files\ReflexiveArcade
2009-01-30 20:18 . 2009-01-30 21:25 <DIR> d-------- c:\program files\Impka
2009-01-30 08:03 . 2009-02-03 16:31 <DIR> d-------- c:\program files\runit
2009-01-30 08:03 . 2009-02-04 18:29 905,670 --a------ c:\windows\xjvrp14857.exe
2009-01-30 08:03 . 2009-02-04 18:29 184,563 --a------ c:\windows\xigr5657.exe
2009-01-30 08:03 . 2009-01-30 08:03 85,289 --a------ c:\windows\system32\cont_blueskyadagency-remove.exe
2009-01-30 08:03 . 2009-01-30 08:03 69,697 --a------ c:\windows\kbffe0705.exe
2009-01-30 08:03 . 2009-01-30 08:03 48,287 --a------ c:\windows\system32\dyjfcomaqcq.exe
2009-01-28 16:06 . 2009-01-28 22:10 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Playrix Entertainment
2009-01-28 13:34 . 2009-01-28 13:34 <DIR> d-------- c:\program files\DJ2000 Demo
2009-01-28 13:34 . 1999-03-13 22:07 2,344,448 --a------ c:\windows\system32\MMToolsX.OCX
2009-01-28 13:34 . 1999-03-13 14:11 286,720 --a------ c:\windows\system32\MMTypesX.OCX
2009-01-28 13:34 . 2009-01-28 13:37 1,603 --a------ c:\windows\dj2000demo.ini
2009-01-28 13:34 . 2009-01-28 13:37 115 --a------ c:\windows\215TechRemoteAdds.ini
2009-01-27 23:49 . 2009-02-05 21:46 <DIR> d-------- c:\program files\Playrix Games
2009-01-27 23:49 . 2009-01-27 23:49 <DIR> d-------- c:\program files\Playrix Gameplayer
2009-01-27 23:49 . 2009-01-28 16:06 <DIR> d-------- c:\documents and settings\Seba\Dane aplikacji\PlayrixGamemanager
2009-01-27 17:33 . 2009-01-27 17:33 <DIR> d-------- c:\program files\BFG
2009-01-27 17:33 . 2009-01-27 17:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Trymedia
2009-01-27 17:33 . 2009-01-27 17:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\TERMINAL Studio
2009-01-26 20:16 . 2009-01-26 20:16 <DIR> d-------- c:\documents and settings\Seba\Dane aplikacji\Media Player Classic
2009-01-23 17:57 . 2009-01-23 17:57 <DIR> d-------- c:\program files\Trend Micro
2009-01-21 20:03 . 2009-02-05 23:17 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-01-21 20:03 . 2009-02-05 12:16 2,415,648 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-21 20:03 . 2009-02-05 21:47 409,632 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-21 20:03 . 2009-02-04 18:15 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-01-21 20:03 . 2009-02-04 18:15 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-01-21 20:03 . 2009-02-05 12:16 24,144 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-21 20:03 . 2009-02-05 21:47 6,672 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-21 20:02 . 2009-01-21 20:02 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-01-20 20:07 . 2009-01-20 20:07 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-20 20:07 . 2009-01-20 20:07 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-20 09:11 . 2009-01-20 09:11 <DIR> d-------- C:\NVIDIA
2009-01-20 09:11 . 2008-12-26 00:08 206,755 --a------ c:\windows\system32\nvapps.nvb
2009-01-19 13:42 . 2009-01-19 13:42 <DIR> dr-h----- c:\documents and settings\Seba\Dane aplikacji\SecuROM
2009-01-18 15:20 . 2009-01-21 20:11 40 --a------ c:\windows\VI20.set
2009-01-18 14:53 . 2009-01-18 14:53 <DIR> d-------- c:\program files\Common Files\ArcSoft
2009-01-18 14:53 . 2009-01-22 19:08 <DIR> d-------- c:\documents and settings\Seba\Dane aplikacji\ArcSoft
2009-01-18 14:53 . 2004-12-07 10:11 258,352 --a------ c:\windows\system32\unicows.dll
2009-01-18 14:53 . 2005-02-23 14:58 11,776 --a------ c:\windows\system32\drivers\afc.sys
2009-01-18 14:52 . 2009-01-22 19:06 <DIR> d-------- c:\program files\ArcSoft
2009-01-18 14:52 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2009-01-18 14:33 . 2009-01-18 14:33 <DIR> d-------- C:\cme-data
2009-01-18 14:22 . 2009-01-18 14:22 <DIR> d-------- c:\program files\Aardvark Digital
2009-01-18 14:22 . 2009-01-18 14:26 1,676 --a------ c:\windows\xGeode.ini
2009-01-18 14:18 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-01-18 14:17 . 2004-08-03 23:10 78,464 --a------ c:\windows\system32\drivers\usbvideo.sys
2009-01-18 14:17 . 2004-08-04 00:44 20,992 --a------ c:\windows\system32\dshowext.ax
2009-01-18 13:07 . 2009-01-18 13:07 <DIR> d-------- c:\windows\system32\Futuremark
2009-01-18 13:07 . 2004-10-25 20:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys
2009-01-18 13:07 . 1999-11-02 10:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd
2009-01-18 13:07 . 2004-06-22 15:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys
2009-01-18 13:07 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys
2009-01-18 13:06 . 2009-01-18 13:06 <DIR> d-------- c:\program files\Futuremark
2009-01-16 09:36 . 2009-01-16 09:36 <DIR> d-------- c:\windows\system32\EVGA
2009-01-13 19:41 . 2009-01-13 19:43 <DIR> d-------- c:\program files\Xfire
2009-01-13 19:41 . 2009-01-13 20:30 <DIR> d-------- c:\documents and settings\Seba\Dane aplikacji\Xfire
2009-01-09 08:14 . 2009-01-09 08:14 <DIR> d-------- c:\windows\EFC1B35CFFF241D8A70ACE6037F8040B.TMP
2009-01-09 08:14 . 2008-01-29 11:53 782,336 -ra------ c:\windows\system32\tmpB1.tmp
2009-01-09 08:14 . 2008-01-29 11:53 782,336 -ra------ c:\windows\system32\tmpB0.tmp
2009-01-07 09:06 . 2009-01-07 18:23 <DIR> d-------- c:\program files\PhotoScape
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 20:30 --------- d-----w c:\documents and settings\Seba\Dane aplikacji\Skype
2009-02-05 17:37 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-04 23:33 682,280 ----a-w c:\windows\system32\pbsvc.exe
2009-02-04 23:33 446,464 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-04 23:33 446,464 ----a-w c:\windows\system32\nvudisp.exe
2009-02-04 23:33 442,368 ----a-w c:\windows\system32\nvappbar.exe
2009-02-04 23:33 432,672 ----a-w c:\windows\system32\keystone.exe
2009-02-04 23:33 356,352 ----a-w c:\windows\system32\nvusmb.exe
2009-02-04 23:33 356,352 ----a-w c:\windows\system32\nvunrm.exe
2009-02-04 23:33 143,360 ----a-w c:\windows\system32\nvcolor.exe
2009-02-04 23:33 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe
2009-02-04 17:50 801,312 ----a-w c:\windows\system32\nvcplui.exe
2009-02-04 17:29 966,656 -c--a-w c:\windows\UNNeroVision.exe
2009-02-04 17:28 364,544 -c--a-w c:\windows\RtlUpd.exe
2009-02-04 17:28 315,392 -c--a-w c:\windows\alcupd.exe
2009-02-04 17:28 217,088 -c--a-w c:\windows\alcrmv.exe
2009-02-04 17:28 2,158,592 -c--a-w c:\windows\MicCal.exe
2009-02-04 17:27 --------- d-----w c:\program files\SubEdit-Player
2009-02-04 17:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-03 22:36 --------- d-----w c:\program files\BitComet
2009-01-21 19:03 --------- d-----w c:\program files\Kaspersky Lab
2009-01-20 19:07 --------- d-----w c:\program files\Java
2009-01-20 08:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-19 12:42 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-18 14:06 --------- d-----w c:\program files\FlashGet
2009-01-18 13:52 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-13 11:41 --------- d-----w c:\program files\Common Files\Adobe
2009-01-09 07:14 --------- d-----w c:\program files\OpenAL
2009-01-04 06:32 --------- d-----w c:\program files\OniGames
2008-12-29 20:46 686,080 ----a-w c:\windows\system32\nst148.dll
2008-12-23 23:32 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-23 11:50 --------- d-----w c:\program files\COMODO
2008-12-23 01:21 --------- d-----w c:\program files\Skype
2008-12-20 21:47 --------- d-----w c:\documents and settings\Seba\Dane aplikacji\Samsung
2008-12-19 08:23 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-12-19 08:23 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-19 07:57 --------- d-----w c:\documents and settings\Seba\Dane aplikacji\Gadu-Gadu
2008-12-19 07:54 --------- d-----w c:\program files\Gadu-Gadu
2008-12-19 07:49 --------- d-----w c:\documents and settings\Seba\Dane aplikacji\Nowe Gadu-Gadu
2008-12-19 07:31 --------- d-----w c:\program files\ClocX
2008-12-19 07:07 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Codemasters
2008-12-19 06:18 --------- d-----w c:\program files\RALINK
2008-12-18 13:46 --------- d-----w c:\program files\NSS
2008-12-18 13:37 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-11 20:38 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-12-11 15:54 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-11 15:54 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-11-28 19:05 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-28 17:56 1,648 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-11-20 02:58 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-20 02:58 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-12 08:00 22,328 ----a-w c:\documents and settings\Seba\Dane aplikacji\PnkBstrK.sys
2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll
2008-12-29 20:46 652,288 ----a-w c:\program files\mozilla firefox\components\nsblueskyadagency.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1af50bdc-4e48-3cc0-954d-bdfaf359f793}]
2008-12-29 21:46 686080 --a------ c:\windows\system32\nst148.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2009-02-04 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2009-02-04 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-05 206088]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.10\RivaTuner.exe" [2008-08-31 2711552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-02-04 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 c:\windows\RTHDCPL.exe]
"Resume copy"="copyfstq.exe" [2008-09-15 c:\windows\copyfstq.exe]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Seba\Menu Start\Programy\Autostart\
RaConfig.exe [2003-09-25 380928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\gry\\Codemasters\\GRID\\GRID.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14665:TCP"= 14665:TCP:BitComet 14665 TCP
"14665:UDP"= 14665:UDP:BitComet 14665 UDP
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2008-12-19 51712]
S3 3xHybrid;TV-Station DVR service;c:\windows\system32\drivers\3xHybrid.sys [2008-09-29 1121536]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2008-09-19 32377]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
BHO-{4BD91E9A-B7FA-7ED6-5FFE-3434644AC635} - c:\windows\system32\ityeayfvwggzieka.dll
HKCU-Run-wsctf.exe - wsctf.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.bearshare.com/pl/
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
TCP: {2983D0FC-3569-43B9-B347-3E0C2F142C9C} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Seba\Dane aplikacji\Mozilla\Firefox\Profiles\wahsobfk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - component: c:\documents and settings\Seba\Dane aplikacji\Mozilla\Firefox\Profiles\wahsobfk.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\components\nsblueskyadagency.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 23:16:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Seba\USTAWI~1\Temp\ASFWHide"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1454471165-1078145449-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:6c,e0,d9,51,6d,4a,47,d3,22,fe,4a,f0,0c,8d,25,d2,01,09,73,6e,d7,
ab,7f,49,c6,23,37,7c,ee,96,f5,1b,82,c4,d0,08,06,3d,1a,ed,b5,3e,bc,36,c5,9c,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\Seba\Menu Start\Programy\Autostart\RaConfig.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-05 23:18:43 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-02-05 22:18:41
Przed: 2 542 538 752 bajtów wolnych
Po: 5,098,053,632 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
301
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:18, on 2009-02-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Seba\Menu Start\Programy\Autostart\RaConfig.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: blueskyadagency - {1af50bdc-4e48-3cc0-954d-bdfaf359f793} - C:\WINDOWS\system32\nst148.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.10\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RaConfig.exe
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2983D0FC-3569-43B9-B347-3E0C2F142C9C}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2983D0FC-3569-43B9-B347-3E0C2F142C9C}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2983D0FC-3569-43B9-B347-3E0C2F142C9C}: NameServer = 192.168.0.1
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6502 bytes
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 9 gości