log:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:16, on 2008-06-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Pucek\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe
--
End of file - 6010 bytes
dopiero teraz przeczytałem że trzeba jeszce wrzucać logi z combo fix'a - oto on:
- Kod: Zaznacz wszystko
ComboFix 08-06-20.4 - Pucek 2008-06-24 23:44:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1606 [GMT 2:00]
Running from: C:\Documents and Settings\Pucek\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.
2008-06-22 18:00 . 2008-06-22 18:00 <DIR> d-------- C:\WINDOWS\C6996F17923349EB8084E73E5272DAF4.TMP
2008-06-19 20:07 . 2008-06-19 20:07 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-18 23:21 . 2008-06-22 20:05 <DIR> d-------- C:\Documents and Settings\Pucek\Dane aplikacji\SPORE Creature Creator
2008-06-17 17:09 . 2008-06-17 17:09 <DIR> d-------- C:\WINDOWS\USB Vibration
2008-06-17 17:09 . 2008-06-17 17:09 <DIR> d-------- C:\Program Files\USB Vibration
2008-06-17 17:09 . 2005-11-24 10:49 73,728 --a------ C:\WINDOWS\system32\dancemat.exe
2008-06-17 17:09 . 2006-10-23 11:42 31,899 --a------ C:\WINDOWS\system32\drivers\hid8101.sys
2008-06-15 15:32 . 2008-06-15 15:32 <DIR> d-------- C:\WINDOWS\Common Files
2008-06-15 15:32 . 2008-06-15 15:32 <DIR> d-------- C:\Program Files\VID_0E8F&PID_0003
2008-06-15 15:32 . 2004-06-17 11:15 4,736 --a------ C:\WINDOWS\system32\drivers\DV3.sys
2008-06-15 14:05 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-15 14:05 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-14 22:42 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 22:42 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 19:54 . 2008-06-20 22:34 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-14 10:26 . 2008-06-14 10:26 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-14 10:26 . 2008-06-14 10:27 <DIR> d-------- C:\WINDOWS\NV23602564.TMP
2008-06-14 10:26 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-06-14 09:13 . 2008-06-14 09:13 114,226 -r-hs---- C:\6x8be16.cmd
2008-06-14 08:59 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp589.tmp
2008-06-14 08:59 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp588.tmp
2008-06-14 08:42 . 2008-06-14 10:01 <DIR> d-------- C:\Program Files\GRID
2008-06-12 17:42 . 2008-06-12 17:42 <DIR> d-------- C:\Program Files\KOEI
2008-06-11 17:46 . 2008-06-14 01:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2008-06-11 17:43 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-11 17:43 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-11 17:43 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp1B5.tmp
2008-06-11 17:43 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp1B4.tmp
2008-06-11 17:43 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-11 17:43 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-11 17:43 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-11 17:43 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-09 22:03 . 2008-06-09 22:14 <DIR> d-------- C:\WINDOWS\system32\embedded
2008-06-09 22:03 . 2008-06-24 14:15 <DIR> d-------- C:\Program Files\Mafia
2008-06-09 17:26 . 2002-06-06 14:38 139,264 --a------ C:\WINDOWS\system32\eax.dll
2008-06-08 12:49 . 2008-06-18 00:33 <DIR> d-------- C:\Program Files\Rohan
2008-06-08 00:17 . 2008-06-08 00:17 <DIR> d-------- C:\Program Files\Common Files\BioWare
2008-06-08 00:07 . 2008-06-08 00:18 <DIR> d-------- C:\Program Files\Mass Effect
2008-06-07 20:55 . 2008-06-07 20:56 <DIR> d-------- C:\Program Files\SopCast
2008-06-07 13:06 . 2008-06-07 13:06 <DIR> d-------- C:\Documents and Settings\Pucek\Dane aplikacji\Touchstone
2008-06-07 12:43 . 2008-06-07 12:43 <DIR> d-------- C:\Program Files\Touchstone
2008-06-07 12:42 . 2008-06-07 12:42 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-07 12:42 . 2008-06-22 18:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 12:42 . 2008-06-07 12:43 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-07 12:42 . 2008-06-07 13:01 870 --a------ C:\WINDOWS\disney.ini
2008-06-07 03:55 . 2008-06-07 03:55 109,728 -r-hs---- C:\e.cmd
2008-06-05 18:18 . 2008-06-18 00:40 <DIR> d-------- C:\Program Files\America's Army
2008-06-03 03:58 . 2008-06-03 03:58 107,937 -r-hs---- C:\nby.bat
2008-06-02 16:13 . 2008-06-07 02:25 51 --a------ C:\WINDOWS\GunzLauncher.INI
2008-06-02 15:31 . 2008-06-02 15:31 <DIR> d-------- C:\Program Files\MAIET
2008-05-31 13:11 . 2008-05-31 13:11 <DIR> d-------- C:\Program Files\ffdshow
2008-05-31 13:11 . 2007-11-25 18:32 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-31 13:11 . 2007-11-28 19:25 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-31 13:11 . 2007-11-25 18:32 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-31 02:43 . 2008-05-31 02:43 108,885 -r-hs---- C:\jdwx.exe
2008-05-24 21:03 . 2008-05-24 21:03 <DIR> d-------- C:\Program Files\Piranha Bytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 17:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-24 17:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-22 14:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-06-21 18:50 --------- d-----w C:\Program Files\Microsoft Games
2008-06-21 07:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 19:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-19 11:20 --------- d-----w C:\Program Files\CapCom
2008-06-19 10:03 --------- d-----w C:\Documents and Settings\Pucek\Dane aplikacji\uTorrent
2008-06-18 21:20 --------- d-----w C:\Program Files\Electronic Arts
2008-06-17 22:41 --------- d-----w C:\Documents and Settings\Pucek\Dane aplikacji\Microsoft Games
2008-06-14 06:59 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-14 06:59 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-14 06:33 --------- d-----w C:\Program Files\Sigma-Team
2008-06-14 06:30 --------- d-----w C:\Program Files\FEARCombat
2008-06-13 08:58 --------- d-----w C:\Program Files\FlashGet
2008-06-11 15:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-11 15:43 --------- d-----w C:\Program Files\OpenAL
2008-06-08 22:18 --------- d-----w C:\Program Files\Metin2_PL
2008-06-07 21:58 --------- d-----w C:\Program Files\EA GAMES
2008-06-07 21:57 --------- d-----w C:\Program Files\CABAL Online
2008-06-07 21:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-06-07 01:37 --------- d-----w C:\Program Files\Xfire
2008-06-04 23:11 --------- d-----w C:\Documents and Settings\Pucek\Dane aplikacji\Xfire
2008-06-03 11:05 --------- d-----w C:\Program Files\World of Warcraft
2008-05-31 00:07 --------- d-----w C:\Program Files\MU
2008-05-30 15:15 --------- d-----w C:\Program Files\Winamp
2008-05-22 14:03 --------- d-----w C:\Documents and Settings\Pucek\Dane aplikacji\Winamp
2008-05-16 19:55 --------- d-----w C:\Program Files\KotOR2-PL
2008-05-15 14:44 --------- d-----w C:\Program Files\LucasArts
2008-05-14 01:29 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 15:00 --------- d-----w C:\Program Files\Ascaron Entertainment
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 18:13 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-05-06 18:13 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-05-06 18:13 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-05-03 17:56 --------- d-----w C:\Program Files\Enlight
2008-05-01 13:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MsvThumbs
2008-05-01 13:30 --------- d-----w C:\Program Files\Sierra Entertainment
2008-05-01 10:44 --------- d-----w C:\Program Files\Gpotato
2008-04-30 17:57 --------- d-----w C:\Program Files\Ubisoft
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-30 13:45 --------- d-----w C:\Documents and Settings\Pucek\Dane aplikacji\Kopia Ubisoft
2008-04-29 06:59 --------- d-----w C:\Documents and Settings\Pucek\Dane aplikacji\fretsonfire
2008-04-26 21:39 --------- d-----w C:\Program Files\THQ
2008-04-25 11:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-25 08:29 104,161 --sh--r C:\1dg.exe
2008-04-24 21:59 --------- d-----w C:\Program Files\WinSCP
2008-04-24 21:31 --------- d-----w C:\Program Files\GlobalSCAPE
2008-04-24 21:31 --------- d-----w C:\Documents and Settings\Pucek\Dane aplikacji\GlobalSCAPE
2008-04-24 07:42 --------- d-----w C:\Program Files\ZiPhone
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 20:33 22,328 ----a-w C:\Documents and Settings\Pucek\Dane aplikacji\PnkBstrK.sys
2008-04-14 20:33 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 22:13 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 12:22 517768]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 19:13 2695168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
--a------ 2005-05-24 23:41 503808 C:\Program Files\Konnekt\konnekt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton AntiVirus\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-11-06 10:27 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\Microsoft Games\\Viva Pinata\\Viva Pinata.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TDU\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Puzzle Quest\\Puzzle Quest.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-enUS-downloader.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Metin2_PL\\metin2.bin"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\Enlight\\Scrapland\\Bin\\Scrap.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Touchstone\\Turok\\Binaries\\TurokGame.exe"=
"C:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"C:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"C:\\Program Files\\GRID\\GRID.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 19:21]
R3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;C:\WINDOWS\system32\DRIVERS\NETDLWL.SYS [2003-07-14 12:45]
S2 GAFilter;Double Vibration Controller 3;C:\WINDOWS\system32\DRIVERS\DV3.sys [2004-06-17 11:15]
S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-23 11:42]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []
Start Pending2 WZCBDLService;WZCBDL Service;"C:\Program Files\WZCBDL Service\WZCBDLS.exe" [2002-03-19 13:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27efe6bf-f8d3-11dc-a3d8-00134629a2b1}]
\Shell\AutoRun\command - e.cmd
\Shell\explore\Command - e.cmd
\Shell\open\Command - e.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9eb9d7-190d-11dd-a417-00134629a2b1}]
\Shell\AutoRun\command - K:\nby.bat
\Shell\explore\Command -
\Shell\open\Command - nby.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe83d4d4-c76d-11dc-a34e-b412a9127961}]
\Shell\AutoRun\command - K:\1dg.exe
\Shell\explore\Command - K:\1dg.exe
\Shell\open\Command - K:\1dg.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 23:47:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-24 23:48:56
ComboFix-quarantined-files.txt 2008-06-24 21:48:37
Pre-Run: 18,299,473,920 bajtów wolnych
Post-Run: 18,670,133,248 bajtów wolnych
245 --- E O F --- 2008-06-20 20:34:42
bo jak możesz czyścić rejestr z polecenia "File" 
do tego jest "Registry" 
