r e k l a m a
Zaloguj się, aby obserwować  
Obserwujący 0
Pacman

Malware Doctor

Mam problem z programem Malware Doctor. Poniżej zamieszcam logi z combofixa:

ComboFix 09-05-28.07 - Kuba 2009-05-29 11:09.1 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1508 [GMT 2:00]

Uruchomiony z: d:\moje dokumenty\Maszyny\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.


(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))

.


f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\wiaserva.log

f:\documents and settings\LocalService\Dane aplikacji\691447002.exe

f:\windows\system\mmtaskclean.log

f:\windows\system32\avast!Antivirus.exe

f:\windows\system32\drivers\zexdvsw.sys

f:\windows\system32\sft.res


.

(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_avast!antivirus

-------\Service_avast!antivirus



(((((((((((((((((((((((((   Pliki utworzone od 2009-04-28 do 2009-05-29  )))))))))))))))))))))))))))))))

.


2009-05-29 08:28 . 2009-05-29 08:28	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\Malwarebytes

2009-05-29 08:28 . 2009-05-26 11:20	40160	----a-w	f:\windows\system32\drivers\mbamswissarmy.sys

2009-05-29 08:28 . 2009-05-29 08:28	--------	d-----w	f:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2009-05-29 08:28 . 2009-05-26 11:19	19096	----a-w	f:\windows\system32\drivers\mbam.sys

2009-05-29 08:17 . 2009-05-29 08:17	32768	----a-w	f:\windows\system32\avast!Antivirus(3).exe

2009-05-03 22:50 . 2009-05-03 22:50	--------	d-----w	f:\documents and settings\KUBA~1~KUB\USTAWI~1

2009-05-03 22:50 . 2009-05-03 22:50	--------	d-----w	f:\documents and settings\KUBA~1~KUB

2009-05-03 21:58 . 2009-05-03 21:58	--------	d-----w	f:\program files\Common Files\Wise Installation Wizard

2009-05-03 21:21 . 2009-05-03 21:48	--------	d-----w	f:\program files\AGEIA Technologies

2009-05-03 21:21 . 2009-05-03 21:21	--------	d-----w	f:\windows\system32\AGEIA

2009-05-02 08:51 . 2009-05-02 08:51	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\New Technology Studio

2009-04-29 22:18 . 2009-04-29 22:18	--------	d-----w	F:\t

2009-04-29 22:05 . 2009-04-29 22:05	--------	d-----w	F:\d

2009-04-29 21:53 . 2007-07-24 13:58	95616	----a-w	F:\junction.exe


.

((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-29 09:13 . 2009-04-05 08:53	83294	----a-w	f:\windows\system32\drivers\45ec582f.sys

2009-05-29 09:13 . 2008-11-27 15:25	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\Orbit

2009-05-29 09:10 . 2008-12-03 17:56	814312	----a-w	f:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-05-29 08:52 . 2008-03-31 07:42	--------	d-----w	f:\program files\Kalendarz XP

2009-05-29 08:13 . 2009-05-03 21:44	4904	----a-w	f:\windows\system32\PerfStringBackup.TMP

2009-05-29 08:13 . 2004-08-04 12:00	90632	----a-w	f:\windows\system32\perfc015.dat

2009-05-29 08:13 . 2004-08-04 12:00	503918	----a-w	f:\windows\system32\perfh015.dat

2009-05-28 20:28 . 2008-03-29 10:21	--------	d-----w	f:\program files\Mozilla Thunderbird

2009-05-20 22:10 . 2008-04-20 16:02	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\Skype

2009-05-20 06:00 . 2008-04-20 16:13	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\skypePM

2009-05-03 22:50 . 2008-02-28 21:38	--------	d-----w	f:\program files\Realtek

2009-05-03 21:08 . 2008-09-15 16:20	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\GetRightToGo

2009-04-29 22:33 . 2008-03-29 10:14	--------	d-----w	f:\program files\Microsoft Office backup

2009-04-28 22:58 . 2009-04-28 22:58	221252	----a-w	f:\windows\system32\maskDll.dll

2009-04-28 22:58 . 2009-04-28 22:58	200776	----a-w	f:\windows\system32\unMaskDLL.dll

2009-04-27 16:33 . 2008-02-28 21:25	78800	----a-w	f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-04-26 23:46 . 2008-02-28 21:35	--------	d--h--w	f:\program files\InstallShield Installation Information

2009-04-19 19:21 . 2009-04-19 19:20	--------	d-----w	f:\program files\DOSBox-0.72

2009-04-15 11:24 . 2009-04-15 11:24	29184	----a-w	f:\windows\system32\smstf.dll

2009-04-11 17:16 . 2008-11-27 15:25	--------	d-----w	f:\program files\Orbitdownloader

2009-04-07 18:19 . 2008-03-29 10:49	--------	d-----w	f:\program files\Gadu-Gadu

2009-03-30 20:57 . 2008-05-12 10:18	--------	d-----w	f:\program files\NAPI-PROJEKT

2009-03-27 06:14 . 2008-03-10 17:50	453152	----a-w	f:\windows\system32\NVUNINST.EXE

.


(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290}]

2009-05-29 09:13	29184	----a-w	f:\windows\system32\jhxm32.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"SkinClock"="f:\program files\Desktop Tray Clock\DTClock.exe" [2006-08-18 1712128]

"DAEMON Tools"="f:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="f:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"AdobeUpdater"="f:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

"RGSC"="e:\gta4\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]

"Malware Doctor"="f:\documents and settings\LocalService\Dane aplikacji\691447002.exe" [2009-05-29 96768]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"WinampAgent"="f:\program files\winamp\winampa.exe" [2008-01-15 37376]

"avgnt"="f:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]

"NeroFilterCheck"="f:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]

"NBKeyScan"="e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]

"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2009-03-27 86016]

"Malware Doctor"="f:\documents and settings\LocalService\Dane aplikacji\691447002.exe" [2009-05-29 96768]

"RTHDCPL"="RTHDCPL.EXE" - f:\windows\RTHDCPL.exe [2007-03-21 16126464]

"nwiz"="nwiz.exe" - f:\windows\system32\nwiz.exe [2009-03-27 1657376]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-04 15360]


f:\documents and settings\Kuba.KUBA-NW\Menu Start\Programy\Autostart\

kalendarz.lnk - f:\program files\Kalendarz XP\Start.exe [2008-3-31 30208]


f:\documents and settings\All Users\Menu Start\Programy\Autostart\

Orbit.lnk - f:\program files\Orbitdownloader\orbitdm.exe [2008-11-27 1690824]

Przyspieszenie uruchomienia programu AutoCAD.lnk - f:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Test drive\\TestDriveUnlimited.exe"=

"f:\\Program Files\\Gadu-Gadu\\gg.exe"=

"f:\\Program Files\\mIRC\\mirc.exe"=

"d:\\Alien Shooter 2\\AlienShooter.exe"=

"d:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=

"d:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=

"d:\\Program Files\\Gadu-Gadu\\gg.exe"=

"d:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=

"d:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

"d:\\Program Files\\eMule\\emule.exe"=

"e:\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=

"e:\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=

"e:\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=

"e:\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords_PitBoss.exe"=

"e:\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"g:\\HEROES3\\Death\\Heroes3.exe"=

"d:\\Herosi\\Heroes3.exe"=

"f:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"f:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"e:\\GTA 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"e:\\GTA 4\\Grand Theft Auto IV\\GTAIV.exe"=

"e:\\GTA4\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"f:\\Program Files\\Skype\\Phone\\Skype.exe"=

"d:\\Supreme Commander\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=

"d:\\Supreme Commander\\Supreme Commander\\bin\\SupremeCommander.exe"=

"d:\\Supreme Commander\\GPGNet\\GPG.Multiplayer.Client.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"444:UDP"= 444:UDP:444

"444:TCP"= 444:TCP:444


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)


R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;f:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]

R2 avast!Antivirus;avast!Antivirus;f:\windows\System32\avast!Antivirus.exe -k netsvcs --> f:\windows\System32\avast!Antivirus.exe -k netsvcs [?]

R2 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-07-13 98488]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;f:\windows\system32\drivers\atl01_xp.sys [2008-02-28 38656]

R3 DDCCI;DDC/CI monitor;f:\windows\system32\drivers\Moni2c.sys [2008-03-27 6494]

S0 bvli;bvli;f:\windows\system32\drivers\zexdvsw.sys --> f:\windows\system32\drivers\zexdvsw.sys [?]

S3 NDSPCIIO;NDSPCIIO;\??\f:\windows\system32\DRIVERS\NDSPCIIO.SYS --> f:\windows\system32\DRIVERS\NDSPCIIO.SYS [?]


--- Inne Usługi/Sterowniki w Pamięci ---


*NewlyCreated* - avast!antivirus

.

- - - - USUNIĘTO PUSTE WPISY - - - -


HKCU-Run-wsctf.exe - wsctf.exe

Notify-WgaLogon - (no file)

SafeBoot-procexp90.sys



.

------- Skan uzupełniający -------

.

uStart Page = hxxp://search.orbitdownloader.com/

IE: &Download by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&ksport do programu Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\Mozilla\Firefox\Profiles\d0gqwv3v.default\

FF - prefs.js: browser.startup.homepage - www.onet.pl

FF - plugin: d:\opera\program\plugins\npdsplay.dll

FF - plugin: d:\opera\program\plugins\npwmsdrm.dll

FF - plugin: f:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: f:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: f:\program files\Mozilla Firefox\plugins\npOggX.dll


---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

FF - user.js: security.checkloaduri - false

FF - user.js: capability.policy.default.checkloaduri.enabled - allAccess.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-29 11:13

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  



f:\windows\system32\jhxm32.dll


skanowanie pomyślnie ukończone

ukryte pliki: 1


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\45ec582f]

"ImagePath"="\SystemRoot\System32\drivers\45ec582f.sys"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_USERS\s-1-5-21-436374069-1060284298-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:c2,f8,76,21,3f,ba,cb,dc,db,5a,01,5d,88,f1,d9,d2,bc,9e,27,dc,a5,da,35,

   19,14,4d,ab,35,3a,d6,19,05,19,64,b2,27,f9,5c,f4,8d,64,2e,3c,e0,31,aa,21,29,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50


[HKEY_USERS\s-1-5-21-436374069-1060284298-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:d8,60,ff,89,e6,f2,7c,f6,a6,e0,c6,52,85,09,f2,67,a4,70,ea,f0,ba,

   e7,03,7f,b2,9c,08,8e,ab,e8,ee,83,0f,66,eb,ed,29,bc,7c,5b,1e,d5,eb,19,13,f3,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'explorer.exe'(1732)

f:\program files\Desktop Tray Clock\Clock.dll

f:\windows\system32\WPDShServiceObj.dll

f:\windows\system32\PortableDeviceTypes.dll

f:\windows\system32\PortableDeviceApi.dll

f:\windows\system32\browselc.dll

f:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

f:\windows\system32\jhxm32.dll

f:\program files\Microsoft Office\OFFICE11\msohev.dll

f:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll

f:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

f:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

d:\program files junction\Adobe\Reader 8.0\Reader\reader_sl.exe

f:\windows\system32\rundll32.exe

f:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

f:\program files\Java\jre6\bin\jqs.exe

f:\program files\Orbitdownloader\orbitnet.exe

e:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

f:\program files\Kalendarz XP\Kalendarz.exe

f:\windows\system32\nvsvc32.exe

f:\windows\system32\IoctlSvc.exe

f:\windows\system32\wscntfy.exe

f:\program files\Common Files\Nero\Lib\NMIndexingService.exe

f:\windows\system32\wbem\wmiapsrv.exe

f:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

f:\windows\system32\avast!Antivirus.exe

f:\windows\system32\notepad.exe

.

**************************************************************************

.

Czas ukończenia: 2009-05-29 11:14 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt  2009-05-29 09:14


Przed: 1 818 087 424 bajtów wolnych

Po: 2 388 976 128 bajtów wolnych


WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect


234	--- E O F ---	2009-03-12 02:01

Co z tym fantem zrobić?

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

Przeskanuj ten plik f:\junction.exe tutaj http://www.virustotal.com/pl/ daj raport na forum

wklej do notatnika:

File::

f:\windows\system32\avast!Antivirus(3).exe

f:\windows\system32\drivers\45ec582f.sys

f:\windows\system32\smstf.dll

f:\windows\system32\jhxm32.dll

f:\documents and settings\LocalService\Dane aplikacji\691447002.exe

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malware Doctor"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malware Doctor"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"=-

"DisableRegistryTools"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\45ec582f]

Driver::

avast!Antivirus

bvli

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Loga wklej na www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

log z Combodiska:

ComboFix 09-05-28.07 - Kuba 2009-05-29 11:56.2 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1506 [GMT 2:00]

Uruchomiony z: d:\moje dokumenty\Maszyny\ComboFix.exe

Użyto następujących komend :: d:\moje dokumenty\Maszyny\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}


FILE ::

"f:\documents and settings\LocalService\Dane aplikacji\691447002.exe"

"f:\windows\system32\avast!Antivirus(3).exe"

"f:\windows\system32\drivers\45ec582f.sys"

"f:\windows\system32\jhxm32.dll"

"f:\windows\system32\smstf.dll"

.


(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))

.


f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\burnlib.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\dsp_sps.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\enc_aacplus.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\enc_flac.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\enc_lame.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\enc_vorbis.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\enc_wav.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\enc_wma.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\gen_crasher.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\gen_ff.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\gen_hotkeys.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\gen_ml.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\gen_tray.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_cdda.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_dshow.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_flac.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_linein.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_midi.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_mod.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_mp3.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_mp4.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_nsv.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_vorbis.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_wave.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\in_wm.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_autotag.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_bookmarks.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_dash.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_disc.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_history.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_local.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_nowplaying.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_online.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_orb.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_playlists.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_plg.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_pmp.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_rg.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_transcode.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\ml_wire.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\out_disk.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\out_ds.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\out_wave.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\pmp_activesync.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\pmp_ipod.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\pmp_njb.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\pmp_p4s.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\pmp_usb.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\tagz.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\vis_avs.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\vis_avs_282.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\vis_milk.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\vis_milk2.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\vis_nsfs.lng

f:\docume~1\KUBA~1.KUB\USTAWI~1\Temp\WLZA180.tmp\winamp.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\burnlib.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\dsp_sps.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\enc_aacplus.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\enc_flac.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\enc_lame.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\enc_vorbis.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\enc_wav.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\enc_wma.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\gen_crasher.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\gen_ff.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\gen_hotkeys.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\gen_ml.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\gen_tray.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_cdda.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_dshow.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_flac.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_linein.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_midi.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_mod.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_mp3.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_mp4.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_nsv.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_vorbis.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_wave.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\in_wm.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_autotag.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_bookmarks.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_dash.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_disc.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_history.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_local.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_nowplaying.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_online.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_orb.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_playlists.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_plg.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_pmp.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_rg.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_transcode.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\ml_wire.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\out_disk.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\out_ds.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\out_wave.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\pmp_activesync.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\pmp_ipod.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\pmp_njb.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\pmp_p4s.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\pmp_usb.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\tagz.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\vis_avs.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\vis_avs_282.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\vis_milk.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\vis_milk2.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\vis_nsfs.lng

f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Temp\WLZA180.tmp\winamp.lng

f:\documents and settings\LocalService\Dane aplikacji\691447002.exe

f:\program files\Internet Explorer\setupapi.dll

f:\windows\system32\avast!Antivirus(3).exe

f:\windows\system32\avast!Antivirus.exe

f:\windows\system32\drivers\45ec582f.sys

f:\windows\system32\jhxm32.dll

f:\windows\system32\sft.res

f:\windows\system32\smstf.dll


.

(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_avast!antivirus

-------\Service_bvli

-------\Service_45ec582f



(((((((((((((((((((((((((   Pliki utworzone od 2009-04-28 do 2009-05-29  )))))))))))))))))))))))))))))))

.


2009-05-29 08:28 . 2009-05-29 08:28	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\Malwarebytes

2009-05-29 08:28 . 2009-05-26 11:20	40160	----a-w	f:\windows\system32\drivers\mbamswissarmy.sys

2009-05-29 08:28 . 2009-05-29 08:28	--------	d-----w	f:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2009-05-29 08:28 . 2009-05-26 11:19	19096	----a-w	f:\windows\system32\drivers\mbam.sys

2009-05-03 22:50 . 2009-05-03 22:50	--------	d-----w	f:\documents and settings\KUBA~1~KUB\USTAWI~1

2009-05-03 22:50 . 2009-05-03 22:50	--------	d-----w	f:\documents and settings\KUBA~1~KUB

2009-05-03 21:58 . 2009-05-03 21:58	--------	d-----w	f:\program files\Common Files\Wise Installation Wizard

2009-05-03 21:21 . 2009-05-03 21:48	--------	d-----w	f:\program files\AGEIA Technologies

2009-05-03 21:21 . 2009-05-03 21:21	--------	d-----w	f:\windows\system32\AGEIA

2009-05-02 08:51 . 2009-05-02 08:51	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\New Technology Studio

2009-04-29 22:18 . 2009-04-29 22:18	--------	d-----w	F:\t

2009-04-29 22:05 . 2009-04-29 22:05	--------	d-----w	F:\d

2009-04-29 21:53 . 2007-07-24 13:58	95616	----a-w	F:\junction.exe


.

((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-29 10:00 . 2008-11-27 15:25	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\Orbit

2009-05-29 09:57 . 2008-12-03 17:56	814312	----a-w	f:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-05-29 09:57 . 2008-03-31 07:42	--------	d-----w	f:\program files\Kalendarz XP

2009-05-29 08:13 . 2009-05-03 21:44	4904	----a-w	f:\windows\system32\PerfStringBackup.TMP

2009-05-29 08:13 . 2004-08-04 12:00	90632	----a-w	f:\windows\system32\perfc015.dat

2009-05-29 08:13 . 2004-08-04 12:00	503918	----a-w	f:\windows\system32\perfh015.dat

2009-05-28 20:28 . 2008-03-29 10:21	--------	d-----w	f:\program files\Mozilla Thunderbird

2009-05-20 22:10 . 2008-04-20 16:02	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\Skype

2009-05-20 06:00 . 2008-04-20 16:13	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\skypePM

2009-05-03 22:50 . 2008-02-28 21:38	--------	d-----w	f:\program files\Realtek

2009-05-03 21:08 . 2008-09-15 16:20	--------	d-----w	f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\GetRightToGo

2009-04-29 22:33 . 2008-03-29 10:14	--------	d-----w	f:\program files\Microsoft Office backup

2009-04-28 22:58 . 2009-04-28 22:58	221252	----a-w	f:\windows\system32\maskDll.dll

2009-04-28 22:58 . 2009-04-28 22:58	200776	----a-w	f:\windows\system32\unMaskDLL.dll

2009-04-27 16:33 . 2008-02-28 21:25	78800	----a-w	f:\documents and settings\Kuba.KUBA-NW\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-04-26 23:46 . 2008-02-28 21:35	--------	d--h--w	f:\program files\InstallShield Installation Information

2009-04-19 19:21 . 2009-04-19 19:20	--------	d-----w	f:\program files\DOSBox-0.72

2009-04-11 17:16 . 2008-11-27 15:25	--------	d-----w	f:\program files\Orbitdownloader

2009-04-07 18:19 . 2008-03-29 10:49	--------	d-----w	f:\program files\Gadu-Gadu

2009-03-30 20:57 . 2008-05-12 10:18	--------	d-----w	f:\program files\NAPI-PROJEKT

2009-03-27 06:14 . 2008-03-10 17:50	453152	----a-w	f:\windows\system32\NVUNINST.EXE

.


(((((((((((((((((((((((((((((   SnapShot@2009-05-29_09.13.04   )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-29 09:59 . 2009-05-29 09:59	16384              f:\windows\Temp\Perflib_Perfdata_31c.dat

.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"SkinClock"="f:\program files\Desktop Tray Clock\DTClock.exe" [2006-08-18 1712128]

"DAEMON Tools"="f:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="f:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"AdobeUpdater"="f:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

"RGSC"="e:\gta4\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"WinampAgent"="f:\program files\winamp\winampa.exe" [2008-01-15 37376]

"avgnt"="f:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]

"NeroFilterCheck"="f:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]

"NBKeyScan"="e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]

"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2009-03-27 86016]

"RTHDCPL"="RTHDCPL.EXE" - f:\windows\RTHDCPL.exe [2007-03-21 16126464]

"nwiz"="nwiz.exe" - f:\windows\system32\nwiz.exe [2009-03-27 1657376]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-04 15360]


f:\documents and settings\Kuba.KUBA-NW\Menu Start\Programy\Autostart\

kalendarz.lnk - f:\program files\Kalendarz XP\Start.exe [2008-3-31 30208]


f:\documents and settings\All Users\Menu Start\Programy\Autostart\

Orbit.lnk - f:\program files\Orbitdownloader\orbitdm.exe [2008-11-27 1690824]

Przyspieszenie uruchomienia programu AutoCAD.lnk - f:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Test drive\\TestDriveUnlimited.exe"=

"f:\\Program Files\\Gadu-Gadu\\gg.exe"=

"f:\\Program Files\\mIRC\\mirc.exe"=

"d:\\Alien Shooter 2\\AlienShooter.exe"=

"d:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=

"d:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=

"d:\\Program Files\\Gadu-Gadu\\gg.exe"=

"d:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=

"d:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

"d:\\Program Files\\eMule\\emule.exe"=

"e:\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=

"e:\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=

"e:\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=

"e:\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords_PitBoss.exe"=

"e:\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"g:\\HEROES3\\Death\\Heroes3.exe"=

"d:\\Herosi\\Heroes3.exe"=

"f:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"f:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"e:\\GTA 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"e:\\GTA 4\\Grand Theft Auto IV\\GTAIV.exe"=

"e:\\GTA4\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"f:\\Program Files\\Skype\\Phone\\Skype.exe"=

"d:\\Supreme Commander\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=

"d:\\Supreme Commander\\Supreme Commander\\bin\\SupremeCommander.exe"=

"d:\\Supreme Commander\\GPGNet\\GPG.Multiplayer.Client.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"444:UDP"= 444:UDP:444

"444:TCP"= 444:TCP:444


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)


R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;f:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]

R2 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-07-13 98488]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;f:\windows\system32\drivers\atl01_xp.sys [2008-02-28 38656]

R3 DDCCI;DDC/CI monitor;f:\windows\system32\drivers\Moni2c.sys [2008-03-27 6494]

S3 NDSPCIIO;NDSPCIIO;\??\f:\windows\system32\DRIVERS\NDSPCIIO.SYS --> f:\windows\system32\DRIVERS\NDSPCIIO.SYS [?]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://search.orbitdownloader.com/

IE: &Download by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&ksport do programu Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - f:\documents and settings\Kuba.KUBA-NW\Dane aplikacji\Mozilla\Firefox\Profiles\d0gqwv3v.default\

FF - prefs.js: browser.startup.homepage - www.onet.pl


---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

FF - user.js: security.checkloaduri - false

FF - user.js: capability.policy.default.checkloaduri.enabled - allAccess.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-29 11:59

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_USERS\S-1-5-21-436374069-1060284298-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:c2,f8,76,21,3f,ba,cb,dc,db,5a,01,5d,88,f1,d9,d2,bc,9e,27,dc,a5,da,35,

   19,14,4d,ab,35,3a,d6,19,05,19,64,b2,27,f9,5c,f4,8d,64,2e,3c,e0,31,aa,21,29,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50


[HKEY_USERS\S-1-5-21-436374069-1060284298-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:d8,60,ff,89,e6,f2,7c,f6,a6,e0,c6,52,85,09,f2,67,a4,70,ea,f0,ba,

   e7,03,7f,b2,9c,08,8e,ab,e8,ee,83,0f,66,eb,ed,29,bc,7c,5b,1e,d5,eb,19,13,f3,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'explorer.exe'(3700)

f:\program files\Desktop Tray Clock\Clock.dll

f:\windows\system32\WPDShServiceObj.dll

f:\windows\system32\PortableDeviceTypes.dll

f:\windows\system32\PortableDeviceApi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

f:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

d:\program files junction\Adobe\Reader 8.0\Reader\reader_sl.exe

f:\windows\system32\rundll32.exe

f:\program files\Kalendarz XP\Kalendarz.exe

f:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

f:\program files\Orbitdownloader\orbitnet.exe

f:\program files\Java\jre6\bin\jqs.exe

e:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

e:\gta4\Rockstar Games Social Club\1_1_3_0\RGSC.exe

f:\windows\system32\nvsvc32.exe

f:\windows\system32\IoctlSvc.exe

f:\program files\Common Files\Nero\Lib\NMIndexingService.exe

f:\windows\system32\wbem\wmiapsrv.exe

f:\windows\system32\wscntfy.exe

f:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Czas ukończenia: 2009-05-29 12:01 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt  2009-05-29 10:01

ComboFix2.txt  2009-05-29 09:14


Przed: 2 264 782 336 bajtów wolnych

Po: 2 252 440 064 bajtów wolnych


319	--- E O F ---	2009-03-12 02:01

Problem wyglada na rozwiazany, Malware Doctor znikł :) Co do f:\junction.exe:

Plik junction.exe otrzymany 2009.05.13 15:54:27 (UTC)

Obecny status: zakończono 

Wynik: 0/39 (0.00%)

 Zwięzły 

Drukuj wyniki  Antywirus	Wersja	Ostatnia aktualizacja	Wynik

a-squared	4.0.0.101	2009.05.13	-

AhnLab-V3	5.0.0.2	2009.05.13	-

AntiVir	7.9.0.166	2009.05.13	-

Antiy-AVL	2.0.3.1	2009.05.13	-

Authentium	5.1.2.4	2009.05.13	-

Avast	4.8.1335.0	2009.05.12	-

AVG	8.5.0.327	2009.05.13	-

BitDefender	7.2	2009.05.13	-

CAT-QuickHeal	10.00	2009.05.13	-

ClamAV	0.94.1	2009.05.13	-

Comodo	1157	2009.05.08	-

DrWeb	5.0.0.12182	2009.05.13	-

eSafe	7.0.17.0	2009.05.12	-

eTrust-Vet	31.6.6503	2009.05.13	-

F-Prot	4.4.4.56	2009.05.13	-

F-Secure	8.0.14470.0	2009.05.13	-

Fortinet	3.117.0.0	2009.05.13	-

GData	19	2009.05.13	-

Ikarus	T3.1.1.49.0	2009.05.13	-

K7AntiVirus	7.10.734	2009.05.13	-

Kaspersky	7.0.0.125	2009.05.13	-

McAfee	5613	2009.05.12	-

McAfee+Artemis	5613	2009.05.12	-

McAfee-GW-Edition	6.7.6	2009.05.13	-

Microsoft	1.4602	2009.05.13	-

NOD32	4071	2009.05.13	-

Norman	6.01.05	2009.05.13	-

nProtect	2009.1.8.0	2009.05.13	-

Panda	10.0.0.14	2009.05.13	-

PCTools	4.4.2.0	2009.05.07	-

Prevx	3.0	2009.05.13	-

Rising	21.29.24.00	2009.05.13	-

Sophos	4.41.0	2009.05.13	-

Sunbelt	3.2.1858.2	2009.05.13	-

Symantec	1.4.4.12	2009.05.13	-

TheHacker	6.3.4.1.325	2009.05.12	-

TrendMicro	8.950.0.1092	2009.05.13	-

VBA32	3.12.10.5	2009.05.13	-

ViRobot	2009.5.13.1733	2009.05.13	-

Dodatkowe informacje

File size: 95616 bytes

MD5   : a12686c5e71180980b51bc44dbbed50c

SHA1  : b081534131e27eade755677c54d28f3a146b7787

SHA256: 51d8cfee549e7338e62bf453388e7160bffc5892eaf338bde3e82192137a2bc7

PEInfo: PE Structure information


( base data )

entrypointaddress.: 0x406C

timedatestamp.....: 0x46A67AD0 (Wed Jul 25 00:18:56 2007)

machinetype.......: 0x14C (Intel I386)


( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0xADC4 0xB000 6.59 88b04182b7dcdc384e0ef2acab693c00

.rdata 0xC000 0x52BA 0x6000 4.89 67bccad983c71261ca80bd9e68253ed8

.data 0x12000 0x2D24 0x2000 1.38 8ef0691a51a3581e53432ed3c1351d08

.rsrc 0x15000 0x480 0x1000 3.79 5e137fc11c99662cb030b38cf6606c97


( 5 imports )


> advapi32.dll: RegQueryValueExW, RegSetValueExW, RegCloseKey, RegCreateKeyW

> comdlg32.dll: PrintDlgW

> gdi32.dll: SetMapMode, StartDocW, StartPage, EndPage, EndDoc, GetDeviceCaps

> kernel32.dll: CreateDirectoryW, GetVolumeInformationW, GetFullPathNameW, GetCurrentDirectoryW, RemoveDirectoryW, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, FindFirstFileW, FindNextFileW, FindClose, CreateFileW, GetLastError, DeviceIoControl, GetFileAttributesW, FormatMessageW, CloseHandle, LocalAlloc, LoadLibraryW, LocalFree, CreateFileA, GetModuleHandleW, HeapAlloc, HeapFree, EnterCriticalSection, LeaveCriticalSection, HeapReAlloc, GetProcAddress, GetModuleHandleA, ExitProcess, GetVersionExA, GetProcessHeap, DeleteCriticalSection, VirtualFree, VirtualAlloc, HeapDestroy, HeapCreate, WriteFile, GetStdHandle, GetModuleFileNameA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetHandleCount, GetFileType, GetStartupInfoA, Sleep, HeapSize, LoadLibraryA, InitializeCriticalSection, GetModuleFileNameW, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, RtlUnwind, SetFilePointer, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA

> user32.dll: DialogBoxIndirectParamW, GetDlgItem, GetSysColorBrush, EndDialog, SetWindowTextW, LoadCursorW, SetCursor, InflateRect, SendMessageW


( 0 exports )

TrID  : File type identification

60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)

16.6% (.EXE) Win32 Executable Generic (8527/13/3)

14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)

3.9% (.EXE) Generic Win/DOS Executable (2002/3)

3.8% (.EXE) DOS Executable Generic (2000/1)

ThreatExpert: http://www.threatexpert.com/report.aspx?md5=a12686c5e71180980b51bc44dbbed50c

ssdeep: 1536:85pItDPiPtaEtZuOxEb7rKP3wY+I0WFE2gsg5XYcAy/FaeE:BPifUbvKgsg5XYcAy/Ev

PEiD  : -

RDS   : NSRL Reference Data Set

Ten plik raczej jest w porządku - to mały dosowy program służący do tworzenia tworzenie na dysku "linków" do katalogu, które dla programów widoczne są jako oddzielne katalogi. Przydatna opcja jak ktos ma kilka partycji i mały systemowy dysk :)

Udostępnij ten post


Link to postu
Udostępnij na innych stronach
r e k l a m a
Ten plik raczej jest w porządku - to mały dosowy program służący do tworzenia tworzenie na dysku "linków" do katalogu, które dla programów widoczne są jako oddzielne katalogi. Przydatna opcja jak ktos ma kilka partycji i mały systemowy dysk :)

Chciałem się upewnić :)

Log wygląda na czysty.

usuń ręcznie folder C: \Qoobox oraz instalkê Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj system programem Malwarebytes który masz na dysku (pełne skanowanie)

lub dodatkowo Dr.WEB CureIt!

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

Zaloguj się, aby skomentować

Będziesz mógł dodać komentarz po zalogowaniu się



Zaloguj się
Zaloguj się, aby obserwować  
Obserwujący 0