Niestety zarażony został explorer.exe i kilka innych aplikacji z folderu system32. Nie chce formatować dysku ponieważ mam na nim dużo potrzebnych rzeczy, dało by się zrobić to jakoś inaczej?
ComboFix 08-10-30.13 - ogien 2008-10-31 20:23:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2373 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\ogien\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Program Files\Frets on Fire\data\songs\Lordi - Hard Rock Hallelujah\Desktop_.ini
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]000FA9C
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]001119E
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]02FBCC3.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]02FBE98.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]02FBFE0.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\r1y1.bat
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\xih9.cmd
D:\Autorun.inf
D:\install.exe
D:\r1y1.bat
D:\xih9.cmd
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ODBCASVC
-------\Service_odbcasvc
((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-31 )))))))))))))))))))))))))))))))
.
2008-10-31 13:18 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-10-31 13:18 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-10-27 20:42 . 2008-10-27 20:42 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\fretsonfire
2008-10-27 20:29 . 2008-10-27 20:42 <DIR> d-------- C:\Program Files\Frets on Fire
2008-10-27 19:43 . 2008-10-27 20:37 <DIR> d-------- C:\Program Files\Alarian
2008-10-26 15:43 . 2008-10-26 15:43 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-24 14:47 . 2008-10-15 17:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 17:56 . 2008-10-22 17:56 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\Tibia
2008-10-18 19:33 . 2008-10-19 11:29 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\Moje pliki zapisu Bitwy o Śródziemie
2008-10-15 17:22 . 2008-08-14 14:26 2,190,464 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 17:22 . 2008-08-14 14:26 2,146,816 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:22 . 2008-08-14 14:26 2,067,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:22 . 2008-08-14 14:26 2,025,472 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 17:22 . 2008-09-15 16:27 1,846,656 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 17:22 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 20:52 . 2008-10-14 20:53 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\XnView
2008-10-12 21:05 . 2008-10-12 21:05 <DIR> dr-h----- C:\Documents and Settings\ogien\Dane aplikacji\SecuROM
2008-10-12 20:54 . 2008-10-12 20:54 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-10-12 20:54 . 2008-10-12 20:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-12 20:54 . 2008-10-12 20:54 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-10-12 01:18 . 2008-10-12 01:18 <DIR> d-------- C:\Program Files\uTorrent
2008-10-12 01:18 . 2008-10-31 20:20 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\uTorrent
2008-10-08 10:12 . 2008-10-31 18:16 <DIR> d-------- C:\My Downloads
2008-10-05 14:44 . 2008-10-05 14:44 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-10-05 02:31 . 2008-10-05 02:31 <DIR> d---s---- C:\Documents and Settings\LocalService\Moje dokumenty
2008-10-04 19:26 . 2008-10-04 19:26 <DIR> d-------- C:\Program Files\SoundSpectrum
2008-10-04 19:26 . 2008-10-04 19:26 <DIR> d-------- C:\Program Files\Common Files\Real
2008-10-04 19:26 . 2008-10-04 19:28 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\SoundSpectrum
2008-10-04 19:16 . 2008-10-04 19:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-10-04 19:15 . 2008-10-05 02:34 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-10-03 09:45 . 2008-10-03 09:45 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\Leadertech
2008-10-01 08:10 . 2008-10-31 19:42 <DIR> d-------- C:\Program Files\MagicISO
2008-09-30 21:00 . 2008-09-30 21:02 5,370 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-28 21:11 . 2008-10-31 13:24 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\skypePM
2008-09-28 21:11 . 2008-09-28 21:11 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-28 21:09 . 2008-09-29 15:43 <DIR> d-------- C:\Program Files\Skype
2008-09-28 21:09 . 2008-09-28 21:09 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-28 21:09 . 2008-10-31 19:00 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\Skype
2008-09-28 21:09 . 2008-09-28 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-09-28 12:03 . 2008-09-28 12:03 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-27 21:37 . 2008-09-27 21:38 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-09-27 18:28 . 2008-09-27 18:28 <DIR> d-------- C:\Program Files\FileSubmit
2008-09-27 18:28 . 2008-09-27 18:28 <DIR> d-------- C:\Program Files\Duhiki
2008-09-27 13:32 . 2008-10-04 19:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-27 11:42 . 2008-09-27 11:42 <DIR> d-------- C:\Users
2008-09-27 11:37 . 2008-09-27 11:37 <DIR> d-------- C:\Documents and Settings\Kuba\Pulpit
2008-09-27 11:37 . 2008-09-27 11:37 <DIR> d-------- C:\Documents and Settings\Kuba
2008-09-25 22:22 . 2008-09-25 22:23 <DIR> d--hs---- C:\Documents and Settings\ogien\Phone Browser
2008-09-25 22:22 . 2008-10-05 02:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-09-25 22:20 . 2008-09-25 22:20 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-25 22:20 . 2008-09-25 22:20 <DIR> d-------- C:\Program Files\Nokia
2008-09-25 22:20 . 2008-09-25 22:20 <DIR> d-------- C:\Program Files\DIFX
2008-09-25 22:20 . 2008-09-25 22:20 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-25 22:20 . 2008-09-25 22:20 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-09-25 22:20 . 2008-09-25 22:20 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\PC Suite
2008-09-25 22:20 . 2008-09-25 22:20 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\Nokia
2008-09-25 22:20 . 2006-10-10 07:54 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-09-25 22:20 . 2006-10-10 07:54 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-09-25 22:20 . 2006-10-10 07:54 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-09-25 22:20 . 2006-10-10 07:54 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-09-25 22:20 . 2006-10-10 07:54 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-09-25 22:20 . 2006-10-10 07:54 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2008-09-25 22:17 . 2008-04-13 19:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-09-25 22:17 . 2008-04-13 19:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-09-25 22:16 . 2008-09-25 22:16 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-25 22:16 . 2008-09-25 22:16 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-09-25 20:31 . 2008-09-25 20:36 <DIR> d-------- C:\Program Files\SkanerOnline
2008-09-24 16:25 . 2008-09-24 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-09-24 16:22 . 2008-09-24 16:22 <DIR> d-------- C:\Program Files\Bonjour
2008-09-24 16:17 . 2008-09-24 16:17 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-24 16:16 . 2008-10-26 15:42 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-24 15:40 . 2008-09-24 15:40 <DIR> d-------- C:\WINDOWS\system32\pl
2008-09-24 15:40 . 2008-09-24 15:40 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-24 15:40 . 2008-09-24 15:40 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-24 15:39 . 2008-09-24 15:39 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-24 15:35 . 2008-09-24 15:35 <DIR> d-------- C:\WINDOWS\EHome
2008-09-24 15:17 . 2006-10-25 08:32 36,864 --ahs---- C:\WINDOWS\system32\EXPLORER.EXE(1).VIR
2008-09-24 15:16 . 2008-09-24 15:16 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\Ubisoft
2008-09-23 21:42 . 2008-09-23 21:42 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-09-22 17:39 . 2008-09-22 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-09-22 17:36 . 2004-08-03 23:44 91,136 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-09-22 17:36 . 2003-07-03 19:58 63,488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys
2008-09-22 17:36 . 2004-08-03 23:44 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-09-22 17:36 . 2004-08-03 23:44 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-09-22 17:36 . 2004-08-03 23:44 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-09-22 17:36 . 2004-08-03 23:44 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-09-22 17:36 . 2004-03-03 05:04 16,486 -ra------ C:\WINDOWS\system32\drivers\sktsio9x.vxd
2008-09-22 17:36 . 2005-01-18 10:39 208 -ra------ C:\WINDOWS\system32\drivers\vssver.scc
2008-09-22 17:35 . 2008-09-22 17:35 <DIR> d-------- C:\Program Files\IVT Corporation
2008-09-22 16:38 . 2008-09-22 16:42 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\Ahead
2008-09-22 16:38 . 2008-09-22 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-09-22 16:36 . 2008-09-22 16:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-09-22 16:28 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-22 16:28 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-09-22 16:28 . 2008-09-22 16:28 0 --a------ C:\WINDOWS\Irremote.ini
2008-09-22 14:29 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-21 14:03 . 2004-09-03 20:00 90,112 -ra------ C:\WINDOWS\system32\snymsico.dll
2008-09-21 14:03 . 2007-01-23 09:40 42,496 -ra------ C:\WINDOWS\system32\drivers\rimsptsk.sys
2008-09-21 14:03 . 2007-02-24 07:42 39,936 -ra------ C:\WINDOWS\system32\drivers\rimmptsk.sys
2008-09-21 14:02 . 2007-02-16 08:46 160,256 -ra------ C:\WINDOWS\system32\drivers\b57xp32.sys
2008-09-21 14:02 . 2007-02-16 08:46 160,256 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys
2008-09-21 14:01 . 2008-09-21 14:01 <DIR> d-------- C:\Program Files\Motorola
2008-09-21 14:01 . 2007-01-17 07:38 983,936 -ra------ C:\WINDOWS\system32\drivers\smserial.sys
2008-09-21 14:01 . 2007-01-17 07:34 196,608 -ra------ C:\WINDOWS\system32\sm56co6a.dll
2008-09-21 10:39 . 2008-09-21 10:39 <DIR> d--h-c--- C:\Documents and Settings\All Users\Dane aplikacji\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-09-21 10:31 . 2008-09-21 10:31 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-21 10:31 . 2008-09-21 10:31 1,650 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-20 23:23 . 2008-09-20 23:23 209,920 --a------ C:\WINDOWS\iun3401.exe
2008-09-20 16:53 . 2008-09-20 16:53 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\Media Player Classic
2008-09-20 15:01 . 2008-10-03 18:26 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-20 15:01 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-20 15:01 . 2007-03-08 06:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-20 15:01 . 2008-08-26 09:26 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-20 15:01 . 2008-08-26 09:26 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-20 15:01 . 2008-08-26 09:26 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-20 15:01 . 2008-08-26 09:26 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-20 15:01 . 2008-08-26 09:26 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-20 15:01 . 2008-08-25 09:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-20 15:00 . 2008-09-24 15:40 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-09-20 14:36 . 2008-09-20 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-09-20 11:05 . 2008-09-21 10:40 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-19 09:23 . 2006-12-15 09:15 189,692 --ahs---- C:\WINDOWS\system32\odbcasvc.exe(1).VIR
2008-09-19 09:23 . 2008-09-19 09:23 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx
2008-09-19 09:18 . 2008-09-19 09:18 <DIR> d-------- C:\Documents and Settings\ogien\Dane aplikacji\U3
2008-09-18 17:04 . 2008-09-18 17:04 319 --a------ C:\WINDOWS\game.ini
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 11:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 18:26 --------- d-----w C:\Program Files\Winamp
2008-09-28 12:17 --------- d-----w C:\Program Files\BearShare
2008-09-24 16:29 --------- d-----w C:\Program Files\WinFlip
2008-09-22 16:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-22 15:36 --------- d-----w C:\Program Files\Nero
2008-09-22 15:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-09-22 15:29 --------- d-----w C:\Program Files\Common Files\Nero
2008-09-15 16:02 --------- d-----w C:\Program Files\Styler
2008-09-15 15:58 --------- d-----w C:\Documents and Settings\ogien\Dane aplikacji\ViStart
2008-09-15 15:56 --------- d-----w C:\Program Files\TrueTransparency
2008-09-15 15:56 --------- d-----w C:\Documents and Settings\ogien\Dane aplikacji\Styler
2008-09-15 15:24 --------- d-----w C:\Program Files\BitComet
2008-09-15 15:19 --------- d-----w C:\Program Files\Real Alternative
2008-09-15 15:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-15 14:48 --------- d-----w C:\Documents and Settings\ogien\Dane aplikacji\Winamp
2008-09-15 14:25 --------- d-----w C:\Documents and Settings\ogien\Dane aplikacji\Nero
2008-09-15 13:56 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-09-15 13:56 --------- d-----w C:\Documents and Settings\ogien\Dane aplikacji\teamspeak2
2008-09-15 13:47 --------- d-----w C:\Program Files\Gadu-Gadu
2008-09-15 13:43 --------- d-----w C:\Program Files\Atheros
2008-09-15 13:43 --------- d-----w C:\Documents and Settings\ogien\Dane aplikacji\InstallShield
2008-09-15 13:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Atheros
2008-09-15 13:38 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-15 13:38 --------- d-----w C:\Program Files\Realtek
2008-09-15 13:34 --------- d-----w C:\Program Files\Intel
2008-09-15 13:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-15 13:26 --------- d-----w C:\Program Files\Usługi online
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
.
------- Sigcheck -------
2008-04-14 18:21 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\explorer.exe
2006-03-02 13:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-14 18:21 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-07-18 21:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-07-18 21:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-07-17 2599224]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"EXPLORER.EXE"="EXPLORER.EXE" [2008-04-14 C:\WINDOWS\explorer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-26 8462336]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2007-06-26 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2008-07-07 450649]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"nwiz"="nwiz.exe" [2007-06-26 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-08-01 16:04 3313664 C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-01-22 09:13 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-07-17 14:50 2599224 C:\Program Files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 11:34 2772992 C:\Program Files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 13:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-11-08 12:27 222208 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-12 16:13 21741864 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 00:02 36352 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"D:\\Program files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Program files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Program files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\Program files\\Valve\\hl.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"D:\\Program files\\EA GAMES\\Bitwa o Śródziemie\\game.dat"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22270:TCP"= 22270:TCP:BitComet 22270 TCP
"22270:UDP"= 22270:UDP:BitComet 22270 UDP
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1475b78f-9540-11dd-928e-0015af9df540}]
\Shell\1\Command - G:\
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43f42b5d-913b-11dd-927d-0015af9df540}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff364a9-83c7-11dd-9234-0015af9df540}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81508ca0-8623-11dd-9240-0015af9df540}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81508ca2-8623-11dd-9240-0015af9df540}]
\Shell\AutoRun\command - G:\r1y1.bat
\Shell\explore\Command - G:\r1y1.bat
\Shell\open\Command - G:\r1y1.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2cf562c-84bf-11dd-9237-0015af9df540}]
\Shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2cf562d-84bf-11dd-9237-0015af9df540}]
\Shell\AutoRun\command - H:\
\Shell\explore\Command - H:\EXPLORER.EXE
\Shell\open\Command - H:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9833c80-a066-11dd-92b8-0015af9df540}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feb62000-8bab-11dd-9261-0015af9df540}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\EXPLORER.EXE
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-wsctf.exe - wsctf.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-AlcoholAutomount - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-LClock - C:\Program Files\LClock\LClock.exe
MSConfigStartUp-ViOrb - C:\Program Files\ViOrb\ViOrb.exe
MSConfigStartUp-Vista Sidebar - C:\Program Files\Vista Sidebar\sidebar.exe
MSConfigStartUp-ViStart - C:\Program Files\ViStart\ViStart.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\ogien\Dane aplikacji\Mozilla\Firefox\Profiles\qjt22qnj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.pl/
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 20:25:36
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-31 20:28:34 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-10-31 19:28:14
Przed: 24 835 276 800 bajtów wolnych
Po: 27,803,742,208 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
363 --- E O F --- 2008-10-26 16:17:22
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:12, on 2008-10-31
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://media.fastclick.net/w/safepop.cgi?cid=118393&mid=227473&sid=21110&c=13
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Usługa konfiguracji Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6892 bytes
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
C:\WINDOWS\system32\sm56co6a.dll
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1475b78f-9540-11dd-928e-0015af9df540}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43f42b5d-913b-11dd-927d-0015af9df540}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff364a9-83c7-11dd-9234-0015af9df540}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81508ca0-8623-11dd-9240-0015af9df540}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81508ca2-8623-11dd-9240-0015af9df540}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2cf562c-84bf-11dd-9237-0015af9df540}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2cf562d-84bf-11dd-9237-0015af9df540}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9833c80-a066-11dd-92b8-0015af9df540}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feb62000-8bab-11dd-9261-0015af9df540}]
ogień napisał(a):Dziękuję już normalnie mogę dostać się do dysków i pozbyłem się wirusów dziękuje bardzo!
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 14 gości