Już po czyszczeniu, oto logi:
Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 22:08:49, on 2007-06-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
d:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dom\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.01\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] d:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174552839640
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - d:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Combofix:
ComboFix 07-06-11 - C:\Documents and Settings\Dom\Pulpit\ComboFix.exe
"Dom" - 2007-06-10 22:01:29 - Dodatek Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Dom\DANEAP~1.\macromedia\Flash Player\#SharedObjects\HG8E2YE8\www.broadcaster.com
C:\DOCUME~1\Dom\DANEAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Dom\DANEAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\SSSInstaller.dll
C:\Program Files\screensavers.com\SSSUninst.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))
2007-06-10 22:01 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 21:14 <DIR> d-------- C:\Matrix Code Screensaver
2007-06-10 20:51 <DIR> d-------- C:\Program Files\3D Matrix Screensaver
2007-06-10 15:49 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-06-04 19:08 <DIR> d-------- C:\Program Files\eSkiMoS R2
2007-06-04 19:08 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\eSkiMoS R2
2007-06-04 07:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Locks Idol Bias Skip
2007-06-03 22:06 <DIR> d-------- C:\Program Files\bait blah user
2007-06-03 22:06 <DIR> d-------- C:\Program Files\3wPlayer
2007-06-01 14:49 <DIR> d-------- C:\Program Files\Buka
2007-05-26 22:31 61,440 --a------ C:\WINDOWS\system32\cygz.dll
2007-05-26 22:31 3,624,960 --a------ C:\WINDOWS\system32\mkgpmp.exe
2007-05-26 22:31 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-05-26 22:31 1,295,582 --a------ C:\WINDOWS\system32\cygwin1.dll
2007-05-26 22:31 <DIR> d-------- C:\AVOneExport
2007-05-26 22:30 87 --a------ C:\WINDOWS\system32\buyurl0502.dat
2007-05-26 20:10 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2007-05-25 23:34 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DANEAP~1\CyberLink
2007-05-25 23:29 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-05-25 23:29 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys
2007-05-25 23:14 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2007-05-25 23:14 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2007-05-25 23:14 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2007-05-25 23:14 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-05-25 23:14 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2007-05-25 23:14 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2007-05-25 23:12 <DIR> d-------- C:\dup
2007-05-25 22:04 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-05-23 10:37 850,809 --a------ C:\WINDOWS\ssaver.dat
2007-05-23 10:37 48,640 --a------ C:\WINDOWS\grwprocs.dll
2007-05-23 10:37 405,504 --a------ C:\WINDOWS\tvn.scr
2007-05-19 23:03 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\Pinnacle Systems
2007-05-19 20:42 <DIR> d-------- C:\Program Files\Mv2Player
2007-05-19 19:45 <DIR> d-------- C:\WINDOWS\system32\Quicktime
2007-05-19 19:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\SmartSound Software Inc
2007-05-19 19:43 <DIR> d-------- C:\Program Files\CyberLink
2007-05-18 19:30 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2007-05-18 19:30 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-05-18 19:30 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2007-05-18 19:30 <DIR> d-------- C:\Temp
2007-05-17 23:57 12,208 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-16 00:06 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-05-16 00:01 <DIR> d-------- C:\Program Files\MSBuild
2007-05-15 23:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-05-15 23:53 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-05-15 23:51 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-05-15 21:50 <DIR> d--hs---- C:\WINDOWS\CSC
2007-05-15 15:54 36,480 --a------ C:\WINDOWS\system32\drivers\P2k.sys
2007-05-15 14:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy
2007-05-14 20:35 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\Lavasoft
2007-05-14 20:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-13 17:46 573,440 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-05-13 17:46 491,520 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2007-05-13 17:46 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2007-05-13 17:46 143,872 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2007-05-13 17:46 120,832 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-05-13 10:38 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-13 03:33 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\Eltima Software
2007-05-13 03:01 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
2007-05-13 03:01 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
2007-05-13 03:01 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
2007-05-13 03:01 <DIR> d-------- C:\Program Files\Common Files\Eltima Shared
2007-05-13 02:24 49,152 --a------ C:\WINDOWS\system32\RegistrationLib193.dll
2007-05-13 02:01 <DIR> d-------- C:\Program Files\Riva
2007-05-13 01:13 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-05-13 01:13 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\MegauploadToolbar
2007-05-12 17:04 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\foobar2000
2007-05-12 00:13 <DIR> d-------- C:\Program Files\ScanSoft
2007-05-10 23:57 <DIR> d-------- C:\OutputFolder
2007-05-10 23:55 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-05-10 23:41 <DIR> d-------- C:\DOCUME~1\Dom\DANEAP~1\vlc
2007-05-10 23:02 903,205 --a------ C:\WINDOWS\IVO Glossary Uninstaller.exe
2007-05-10 21:51 <DIR> d-------- C:\WINDOWS\speech
2007-05-10 20:31 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-10 20:03:04 533,316 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-10 20:03:04 103,456 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-01 19:28:37 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-01 16:39:26 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-17 20:23:53 -------- d-----w C:\DOCUME~1\Dom\DANEAP~1\CyberLink
2007-05-09 21:28:33 4 ----a-w C:\WINDOWS\system32\micr0st.dll
2007-05-09 19:48:12 -------- d-----w C:\Program Files\Microsoft SQL Server
2007-05-09 19:38:14 -------- d-----w C:\Program Files\SmartSound Software
2007-05-09 19:36:16 96 ----a-w C:\AUTOEXEC.BAT
2007-05-09 19:35:45 -------- d-----w C:\Program Files\DivX
2007-05-09 18:48:22 -------- d-----w C:\Program Files\C-Media
2007-05-01 14:41:51 -------- d-----w C:\Program Files\Common Files\3DO Shared
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-30 08:46:20 -------- d-----w C:\Program Files\Media Player Classic
2007-04-28 16:21:28 -------- d-----w C:\DOCUME~1\Dom\DANEAP~1\OpenOffice.org2
2007-04-25 10:59:42 -------- d-----w C:\Program Files\Northworks Solutions Ltd
2007-04-23 17:59:31 -------- d-----w C:\DOCUME~1\Dom\DANEAP~1\AdobeUM
2007-04-22 20:43:40 1,903 ----a-w C:\WINDOWS\mozver.dat
2007-04-20 13:38:05 -------- d-----w C:\DOCUME~1\Dom\DANEAP~1\Talkback
2007-04-20 13:37:58 -------- d-----w C:\DOCUME~1\Dom\DANEAP~1\Thunderbird
2007-04-19 13:40:13 8 ----a-w C:\WINDOWS\system32\nvModes.dat
2007-04-18 19:07:33 -------- d-----w C:\DOCUME~1\Dom\DANEAP~1\Mp3tag
2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 17:19:22 -------- d-----w C:\Program Files\Yahoo!
2007-04-13 19:22:55 -------- d-----w C:\Program Files\Common Files\NSV
2007-04-12 15:11:14 -------- d-----w C:\Program Files\Winamp
2007-04-10 14:44:20 -------- d-----w C:\DOCUME~1\Dom\DANEAP~1\Megaupload
2007-04-10 08:02:14 -------- d-----w C:\Program Files\Common Files\Ahead
2007-04-09 07:29:11 3,474 ----a-w C:\WINDOWS\system32\sdbackup.reg
2007-04-06 14:28:02 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-04-04 16:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
2007-04-04 16:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-03-30 20:53:49 88 --sh--r C:\WINDOWS\system32\C21EE3189C.sys
2007-03-23 04:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 04:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 18:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 21:24:04 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-16 18:02:29 1 ----a-w C:\WINDOWS\system32\SI.bin
2007-03-15 14:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
2007-03-12 14:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
2007-03-12 14:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
2007-03-10 09:31:33 0 --sha-r C:\MSDOS.SYS
2007-03-10 09:31:33 0 --sha-r C:\IO.SYS
2007-03-10 09:26:28 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2004-08-03 23:44:20 1,583,104 --sh--r C:\WINDOWS\system32\avp.exe
2004-08-03 23:44:28 33,280 --sh--r C:\WINDOWS\system32\rundll32.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 07:12]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll]
"RivaTunerStartupDaemon"="D:\Program Files\RivaTuner v2.01\RivaTuner.exe" [2007-04-29 19:05]
"RemoteControl"="d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"Cmaudio"="cmicnfg.cpl" []
"PWRISOVM.EXE"="d:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 09:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dom^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Dom\Menu Start\Programy\Autostart\Yahoo! Widget Engine.lnk
backup=C:\windows\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HtmBoneCreativeAbout]
C:\Documents and Settings\All Users\Dane aplikacji\Cakeuphtmbone\Idle Hide.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIGNFORK]
C:\DOCUME~1\Dom\DANEAP~1\BAITBL~1\barb chin debug.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
d:\Program Files\Winamp\winampa.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\PKBE_Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\welcome.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- welcome.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\Autorun.exe
dinstall\command- I:\Directx\dxsetup.exe
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-10 22:05:01
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-06-10 22:05:58
C:\ComboFix-quarantined-files.txt ... 2007-06-10 22:05
--- E O F ---
Mam nadzieję, że log z Combofixa jest zamieszcznony prawidłowo. Jeśli jednak tak nie jest to proszę o instrukcję, jak to zrobić.
pozdrawiam
