Co wywalić (logi z Hijackthis)


(Macgyverxxx) #1

Witam

Co z tego wywalić ?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:32, on 2009-04-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\rserver30\RServer3.exe

D:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\WINDOWS\system32\rserver30\FamItrfc.Exe

D:\WINDOWS\System32\ESB.exe

D:\WINDOWS\system32\VTTimer.exe

D:\Program Files\QuickTime\QTTask.exe

D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\hkcmd.exe

D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe

D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Program Files\DAP\DAP.EXE

D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\WINDOWS\system32\igfxext.exe

D:\WINDOWS\system32\wuauclt.exe

D:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe

D:\Program Files\SAGEM WiFi manager\WLANUTL.exe

D:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe

D:\WINDOWS\system32\drwtsn32.exe

D:\WINDOWS\system32\drwtsn32.exe

D:\WINDOWS\explorer.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - D:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)

O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - D:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - D:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - D:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - D:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - D:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [ESB] D:\WINDOWS\System32\ESB.exe

O4 - HKLM..\Run: [VTTimer] VTTimer.exe

O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM..\Run: [Trickler] "d:\documents and settings\heniek\ustawienia lokalne\temp\gain_trickler_3202.exe"

O4 - HKLM..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM..\Run: [system Guards] D:\Program Files\SystemGuards.com\SystemGuards\SysGuards.exe

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM..\Run: [synTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [Keyboard Manager Utility] "D:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H

O4 - HKCU..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [KMRemote] C:\pulpit 2\KM Remote\kmremote.exe

O4 - HKCU..\Run: [speedBitVideoAccelerator] D:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

O4 - HKCU..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU..\Run: [Gadwin PrintScreen] D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU..\Run: [Vidalia] "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Privoxy.lnk = D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe

O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?

O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~2\sblsp.dll

O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~2\sblsp.dll

O10 - Unknown file in Winsock LSP: d:\progra~1\speedb~2\sblsp.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ocl32 - Unknown owner - D:\WINDOWS/system32/srvany.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - D:\WINDOWS\system32\rserver30\RServer3.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - D:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe


(Leon$) #2

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s ... ntry395642 uruchom dwuklikiem

pokaż log

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

:slight_smile:


(Macgyverxxx) #3

Logi z Combofix:

ComboFix 09-04-19.05 - Ja 2009-04-19 13:19.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1014.640 [GMT 2:00]

Uruchomiony z: d:\documents and settings\heniek\Pulpit\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090418-0] *On-access scanning disabled* (Updated)

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\documents and settings\Administrator\Cookies[pc games] gta-grand theft auto- vice city- full version(3).exe

d:\documents and settings\Administrator\Cookies__technic.nfo

d:\documents and settings\Administrator\Cookies\ea games - (pc game) - need for speed underground {ea games}(2).exe

d:\documents and settings\Administrator\Cookies\ford racing 3(pc rip by bfg).exe

d:\documents and settings\Administrator\Cookies\grand theft auto-gta-liberty city stories umd-rip.exe

d:\documents and settings\Administrator\Cookies\gta-vc.exe

d:\documents and settings\Administrator\Cookies\gta esta entero.exe

d:\documents and settings\Administrator\Cookies\gta3.img

d:\documents and settings\Administrator\Cookies\l.exe

d:\documents and settings\Administrator\Cookies\Mss32.dll

d:\documents and settings\Administrator\Cookies\nfs carbon(2).exe

d:\documents and settings\Administrator\Cookies\p.exe

d:\documents and settings\Administrator\Cookies\readMe.txt

d:\documents and settings\Administrator\Cookies\TecAudio.bat

d:\documents and settings\Administrator\Cookies\Tecsetup.exe

d:\windows\hosts

d:\windows\system32\instsrv.exe

d:\windows\system32\pthreadGC2.dll

.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-19 do 2009-04-19 )))))))))))))))))))))))))))))))

.

2009-09-03 13:18 . 2007-01-16 11:52 17664 ----a-w d:\windows\system32\drivers\ZDPSp50.sys

2009-09-03 13:18 . 2007-01-16 11:52 20608 ----a-w d:\windows\system32\drivers\BRGSp50.sys

2009-09-03 13:18 . 2009-09-03 13:18 -------- d-----w d:\program files\SAGEM WiFi manager

2009-09-03 13:18 . 2009-09-03 13:18 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\InstallShield

2009-09-03 13:15 . 2007-01-10 08:14 450560 ----a-w d:\windows\system32\drivers\WlanBZXP.sys

2009-04-18 19:49 . 2009-04-18 19:50 -------- d-----w d:\program files\SubEdit-Player

2009-04-18 19:31 . 2009-04-18 19:31 -------- d-----w d:\program files\Trend Micro

2009-04-18 18:49 . 2009-04-18 18:49 -------- d-----w d:\program files\Keyboard Manager

2009-04-18 14:53 . 2008-07-30 19:09 38 ----a-w d:\windows\avisplitter.ini

2009-04-16 00:46 . 2009-04-18 16:05 54156 ---ha-w d:\windows\QTFont.qfn

2009-04-16 00:46 . 2009-04-16 00:46 1409 ----a-w d:\windows\QTFont.for

2009-04-12 14:58 . 2009-04-12 14:58 -------- d-----w d:\program files\Alwil Software

2009-04-12 12:18 . 2009-04-17 15:03 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\gtk-2.0

2009-04-12 12:17 . 2009-04-12 12:17 -------- d-----w d:\documents and settings\heniek.thumbnails

2009-04-12 12:16 . 2009-04-17 15:08 -------- d-----w d:\documents and settings\heniek.gimp-2.6

2009-04-12 12:16 . 2009-04-12 12:16 -------- d-----w d:\documents and settings\heniek.gegl-0.0

2009-04-12 12:15 . 2009-04-12 12:15 -------- d-----w d:\program files\GIMP-2.0

2009-04-12 11:47 . 2009-04-12 12:01 -------- d-----w d:\program files\MiniFoto

2009-04-12 11:36 . 2009-04-12 11:36 -------- d-----w d:\program files\IrfanView

2009-04-12 11:23 . 2009-04-17 15:09 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\VSO

2009-04-12 11:23 . 2009-04-12 11:23 -------- d-----w d:\program files\VSO

2009-04-12 11:20 . 2009-04-12 11:22 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\GetRightToGo

2009-04-11 08:34 . 2009-04-11 08:34 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\Sony

2009-04-11 08:34 . 2009-04-11 08:34 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\Sony

2009-04-10 12:13 . 2009-04-10 12:13 -------- d-----w d:\documents and settings\heniek\DoctorWeb

2009-04-09 19:33 . 2009-04-13 18:53 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\ipla

2009-04-09 19:33 . 2009-04-09 19:33 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\ipla

2009-04-09 19:33 . 2009-04-09 19:33 -------- d-----w d:\program files\ipla

2009-04-09 15:17 . 2009-04-09 15:17 -------- d-----w d:\program files\AVIcodec

2009-04-09 15:09 . 2009-04-02 13:21 50688 ----a-w d:\windows\system32\ff_acm.acm

2009-04-09 10:58 . 2009-04-09 10:58 -------- d-----w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\Real

2009-04-09 10:58 . 2009-04-09 10:58 -------- d-----w d:\program files\Common Files\xing shared

2009-04-09 10:57 . 2009-04-09 10:57 -------- d-----w d:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google

2009-04-09 10:43 . 2009-04-09 10:43 -------- d-----w d:\program files\AviSynth 2.5

2009-04-09 10:43 . 2009-04-18 12:30 -------- d-----w d:\program files\Avi2Dvd

2009-04-09 10:18 . 2009-04-09 10:18 230 ----a-w d:\windows\system32\spupdsvc.inf

2009-04-08 15:55 . 2009-04-08 15:55 -------- d-----w d:\program files\Photo!

2009-04-08 15:39 . 2009-04-08 15:39 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\Ashampoo

2009-04-08 15:39 . 2009-04-08 15:39 -------- d-----w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\ashampoo

2009-04-08 15:39 . 2009-04-08 15:39 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\ashampoo

2009-04-08 14:36 . 2009-04-11 08:34 -------- d-----w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\Sony

2009-04-08 14:32 . 2009-04-08 14:32 -------- d-----w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\Apple

2009-04-08 14:31 . 2006-10-04 14:06 764868 -c----w d:\windows\system32\dllcache\apph_sp.sdb

2009-04-08 14:31 . 2006-10-04 14:06 217118 -c----w d:\windows\system32\dllcache\apphelp.sdb

2009-04-08 14:31 . 2006-10-04 14:06 1197294 -c----w d:\windows\system32\dllcache\sysmain.sdb

2009-04-08 14:30 . 2009-04-08 14:42 -------- d-----w d:\windows\system32\drivers\UMDF

2009-04-08 14:30 . 2009-04-08 14:30 -------- d-----w d:\windows\system32\LogFiles

2009-04-08 14:27 . 2009-04-08 14:54 -------- d-----w d:\program files\PhotoFiltre

2009-04-08 12:22 . 2009-04-08 12:22 -------- d-----w d:\program files\Rockstar Games

2009-04-08 12:10 . 2009-04-08 12:10 -------- d-----w d:\program files\Gadwin Systems

2009-04-08 11:01 . 2009-04-08 11:01 -------- d-----w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\Prec

2009-04-08 10:58 . 2009-04-08 10:58 90864 ----a-w d:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-04-08 10:57 . 2009-04-08 10:57 -------- d-----w d:\program files\MSBuild

2009-04-08 10:57 . 2009-04-08 11:00 -------- d-----w d:\windows\system32\XPSViewer

2009-04-08 10:57 . 2009-04-08 10:57 -------- d-----w d:\program files\Reference Assemblies

2009-04-08 10:56 . 2006-06-29 11:07 14048 ------w d:\windows\system32\spmsg2.dll

2009-04-08 10:56 . 2009-04-08 10:56 -------- d-----w d:\program files\MSXML 6.0

2009-04-08 10:50 . 2009-04-08 12:57 -------- d-----w d:\program files\Prec

2009-04-07 12:19 . 2009-04-07 12:19 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\SpeedBit

2009-04-07 12:18 . 2009-04-07 12:19 -------- d-----w d:\program files\SpeedOptimizer

2009-04-06 18:02 . 2009-04-10 09:54 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\OpenOffice.org2

2009-04-06 16:12 . 2009-04-19 10:58 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\tor

2009-04-06 16:10 . 2009-04-19 10:58 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\Vidalia

2009-04-06 16:10 . 2009-04-06 16:10 -------- d-----w d:\program files\Vidalia Bundle

2009-04-06 11:00 . 2009-04-06 11:00 -------- d-----w d:\documents and settings\heniek.gstreamer-0.10

2009-04-06 10:57 . 2009-04-06 13:40 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\Nowe Gadu-Gadu

2009-04-06 10:56 . 2009-04-06 10:57 -------- d-----w d:\program files\Nowe Gadu-Gadu

2009-04-05 18:42 . 2009-04-05 18:51 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\DeepBurner

2009-04-05 18:41 . 2009-04-05 18:41 -------- d-----w d:\program files\Astonsoft

2009-04-05 18:39 . 2009-04-05 18:39 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\ImgBurn

2009-04-05 18:37 . 2009-04-05 18:38 -------- d-----w d:\program files\ImgBurn

2009-04-05 15:53 . 2009-04-05 15:54 -------- d-----w d:\program files\OpenOffice.org 2.4

2009-04-05 13:07 . 2009-04-05 13:07 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\Media Player Classic

2009-04-05 09:10 . 2009-04-05 09:11 -------- d-----w d:\program files\SpeedBit Video Accelerator

2009-04-05 09:10 . 2009-04-05 09:10 -------- d-----w d:\program files\AskSBar

2009-04-05 08:57 . 2009-04-05 09:20 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\SpeedBit

2009-04-05 08:57 . 2009-04-05 08:57 -------- d-----w d:\program files\SpeedBit Toolbar

2009-04-05 08:57 . 2009-04-05 08:57 172032 ----a-w d:\windows\system32\AniGIF.ocx

2009-04-05 08:57 . 2009-04-19 11:08 -------- d-----w d:\program files\DAP

2009-04-04 23:59 . 2009-04-07 23:59 -------- d-----w d:\program files\Budzik

2009-04-04 23:59 . 2003-05-17 13:08 140288 ----a-w d:\windows\system32\ComDlg32.ocx

2009-04-04 23:47 . 2009-04-04 23:47 -------- d-----w d:\program files\Merlin

2009-04-04 23:47 . 1996-07-18 11:06 297472 ----a-w d:\windows\uninst.exe

2009-04-04 20:47 . 2008-02-15 10:49 180224 ----a-w d:\windows\system32\igfxres.dll

2009-04-04 20:38 . 2008-03-07 10:56 920088 ----a-w d:\windows\system32\igxpun.exe

2009-04-04 20:38 . 2006-11-10 06:25 319456 ----a-w d:\windows\system32\difxapi.dll

2009-04-04 20:38 . 2009-04-04 20:38 -------- d-----w D:\Intel

2009-04-04 20:28 . 2009-04-16 11:26 1282767 ----a-w d:\windows\setupapi.log.2.old

2009-04-04 20:28 . 2006-04-14 14:45 69722 ----a-w d:\windows\system32\SynTPFcs.dll

2009-04-04 20:28 . 2006-04-14 14:45 90202 ----a-w d:\windows\system32\SynTPAPI.dll

2009-04-04 20:28 . 2006-04-14 14:45 81920 ----a-w d:\windows\system32\SynTPCo2.dll

2009-04-04 20:28 . 2006-04-14 14:45 191872 ----a-w d:\windows\system32\drivers\SynTP.sys

2009-04-04 20:28 . 2006-04-14 14:45 114688 ----a-w d:\windows\system32\SynCtrl.dll

2009-04-04 20:28 . 2006-04-14 14:45 82013 ----a-w d:\windows\system32\SynCOM.dll

2009-04-04 20:28 . 2009-04-04 20:28 -------- d-----w d:\program files\Synaptics

2009-04-04 20:27 . 2009-04-04 21:08 -------- d-----w d:\windows\system32\CatRoot_bak

2009-04-04 20:26 . 2008-06-14 18:01 273024 -c----w d:\windows\system32\dllcache\bthport.sys

2009-04-04 20:23 . 2008-05-01 14:33 331776 -c----w d:\windows\system32\dllcache\msadce.dll

2009-04-04 20:10 . 2006-07-20 18:58 208896 ----a-w d:\windows\system32\nvudisp.exe

2009-04-04 20:10 . 2006-07-20 21:21 208896 ----a-w d:\windows\system32\NVUNINST.EXE

2009-04-04 18:52 . 2009-04-04 19:27 -------- d-----w d:\program files\SystemRequirementsLab

2009-04-04 18:52 . 2009-04-04 19:27 -------- d-----w d:\documents and settings\heniek\SystemRequirementsLab

2009-04-04 18:28 . 2009-04-04 18:28 -------- d-----w d:\program files\SIW

2009-04-04 17:16 . 2009-04-10 11:18 1324 ----a-w d:\windows\system32\d3d9caps.dat

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-19 10:59 . 2008-01-20 08:40 -------- d-----w d:\program files\Mozilla Firefox 3 Beta 2

2009-04-19 10:58 . 2008-01-18 19:30 -------- d---a-w d:\documents and settings\All Users\Dane aplikacji\TEMP

2009-04-18 18:49 . 2008-01-18 17:03 -------- d--h--w d:\program files\InstallShield Installation Information

2009-04-18 18:38 . 2008-01-19 13:14 -------- d-----w d:\program files\Google

2009-04-18 14:53 . 2009-04-05 13:03 -------- d-----w d:\program files\K-Lite Codec Pack

2009-04-14 19:07 . 2002-09-28 22:00 84208 ----a-w d:\windows\system32\perfc015.dat

2009-04-14 19:07 . 2002-09-28 22:00 491838 ----a-w d:\windows\system32\perfh015.dat

2009-04-11 08:41 . 2008-01-18 18:18 -------- d-----w d:\program files\City Interactive

2009-04-11 08:40 . 2008-01-26 20:30 -------- d-----w d:\program files\Sony Ericsson

2009-04-11 08:40 . 2008-01-26 20:30 -------- d-----w d:\program files\Common Files\Teleca Shared

2009-04-11 08:32 . 2008-02-19 21:34 -------- d-----w d:\program files\Anti Trojan Elite

2009-04-10 11:50 . 2008-03-08 14:13 -------- d-----w d:\program files\cFos

2009-04-09 20:33 . 2008-02-26 17:29 -------- d-----w d:\program files\Enigma Browser

2009-04-09 17:20 . 2008-01-21 05:52 -------- d-----w d:\program files\Ontrack

2009-04-09 10:58 . 2008-01-31 22:47 -------- d-----w d:\program files\Common Files\Real

2009-04-09 07:43 . 2008-03-08 09:48 -------- d-sh--w d:\documents and settings\All Users\Dane aplikacji\dtmcfg

2009-04-08 16:55 . 2009-04-11 14:30 188062 ----a-w d:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1045.dat

2009-04-08 14:33 . 2008-01-18 23:22 -------- d---a-w d:\program files\QuickTime

2009-04-08 14:33 . 2008-01-26 20:40 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\Apple Computer

2009-04-08 11:01 . 2008-02-03 16:47 34152 ----a-w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-04-07 20:29 . 2008-01-22 19:22 -------- d-----w d:\program files\Ahead

2009-04-07 20:29 . 2008-01-22 19:22 -------- d-----w d:\program files\Common Files\Ahead

2009-04-07 20:28 . 2008-02-12 18:30 -------- d-----w d:\program files\Java

2009-04-07 13:27 . 2008-01-26 08:39 -------- d-----w d:\program files\Shareaza

2009-04-07 13:26 . 2008-02-22 11:53 -------- d-----w d:\program files\Prawo Jazdy 2006

2009-04-05 13:01 . 2008-01-18 23:23 -------- d-----w d:\program files\DivX

2009-04-05 09:16 . 2008-02-18 22:03 -------- d-----w d:\program files\System Closer

2009-04-04 16:05 . 2008-01-18 19:17 -------- d-----w d:\program files\iPlus

2009-04-04 16:05 . 2008-01-18 19:17 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\iPlus

2009-04-04 15:46 . 2008-01-18 19:44 -------- d-----w d:\program files\Ares

2009-04-04 15:44 . 2008-02-06 00:19 -------- d-----w d:\program files\Webroot

2009-04-04 15:44 . 2008-01-26 18:10 -------- d-----w d:\program files\01-mp3search

2009-04-02 13:21 . 2009-04-05 13:03 84480 ----a-w d:\windows\system32\ff_vfw.dll

2009-03-09 20:34 . 2009-03-09 16:24 -------- d-----w d:\program files\BearShare Applications

2009-03-09 18:58 . 2009-03-09 18:58 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\72DE

2009-03-09 15:58 . 2008-01-18 17:04 -------- d-----w d:\program files\CONEXANT

2009-03-09 15:37 . 2008-01-18 17:03 -------- d-----w d:\program files\Realtek

2009-02-09 14:19 . 2002-09-28 22:00 1846528 ----a-w d:\windows\system32\win32k.sys

2008-03-08 12:35 . 2008-03-07 23:03 492 ----a-w d:\documents and settings\heniek\Dane aplikacji\regdatels.dat

2008-01-26 20:22 . 2008-01-26 20:22 131 ----a-w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

2003-05-10 03:16 . 2008-01-20 00:02 1438 ----a-w d:\documents and settings\heniek_Unpak.bat

2001-12-27 23:00 . 2008-01-20 00:02 100864 ----a-w d:\documents and settings\heniek\Tecuha.exe

.

------- Sigcheck -------

[-] 2002-09-28 22:00 12800 B3C95BFEEF6781A82A1C429F466A3A11 d:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2004-08-03 23:44 14336 BA98327E90022DBD6EE76490E0622E2E d:\windows\ServicePackFiles\i386\svchost.exe

[-] 2008-04-14 17:21 14336 8607D35D92528E2DF386F19A960D23CE d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\svchost.exe

[-] 2004-08-03 23:44 14336 BA98327E90022DBD6EE76490E0622E2E d:\windows\system32\svchost.exe

[-] 2002-09-28 22:00 75264 9B7D1C56CC12D806314B853BF52ECB4C d:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2004-08-03 23:44 82944 AB82237486B727DD7DAB36A76F38A3A2 d:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2008-04-14 17:20 82432 C0AA2AB856680C44739B41E01F5BD4E9 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ws2_32.dll

[-] 2004-08-03 23:44 82944 AB82237486B727DD7DAB36A76F38A3A2 d:\windows\system32\ws2_32.dll

[-] 2002-09-28 22:00 519168 8B6E6BB5D451F8BBC0621203B687D993 d:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2004-08-03 23:44 504832 0344407089B08548D4FEBA62BB0F32D0 d:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 17:21 510464 51FD2E13D723857B9CA239AE77150F48 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\winlogon.exe

[-] 2004-08-03 23:44 504832 0344407089B08548D4FEBA62BB0F32D0 d:\windows\system32\winlogon.exe

[-] 2002-09-28 22:00 167552 3B350E5A2A5E951453F3993275A4523A d:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2004-08-03 22:14 182912 558635D3AF1C7546D26067D5D9B6959E d:\windows\ServicePackFiles\i386\ndis.sys

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ndis.sys

[-] 2004-08-03 22:14 182912 558635D3AF1C7546D26067D5D9B6959E d:\windows\system32\drivers\ndis.sys

[-] 2004-08-03 22:00 29056 4448006B6BC60E6C027932CFC38D6855 d:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ip6fw.sys

[-] 2004-08-03 22:00 29056 4448006B6BC60E6C027932CFC38D6855 d:\windows\system32\drivers\ip6fw.sys

[-] 2002-09-28 22:00 101888 BF4CBEFDCE42A699389791647CB95CA2 d:\windows\$NtServicePackUninstall$\services.exe

[-] 2004-08-03 23:44 108544 3DA8D964D2CC12EF8E8C342471A37917 d:\windows\ServicePackFiles\i386\services.exe

[-] 2008-04-14 17:21 109056 3E3AE424E27C4CEFE4CAB368C7B570EA d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\services.exe

[-] 2004-08-03 23:44 108544 3DA8D964D2CC12EF8E8C342471A37917 d:\windows\system32\services.exe

[-] 2002-09-28 22:00 11776 FA2C871F57352339F0A1802BB9AEA6E7 d:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2004-08-03 23:44 13312 F485FEFC8CC4FD29243D800BE5D275D1 d:\windows\ServicePackFiles\i386\lsass.exe

[-] 2008-04-14 17:21 13312 88296F7943F30A1EE3AF735440B92268 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\lsass.exe

[-] 2004-08-03 23:44 13312 F485FEFC8CC4FD29243D800BE5D275D1 d:\windows\system32\lsass.exe

[-] 2002-09-28 22:00 13312 0C4C012B0A8960F48A666C240A7BAA3D d:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2004-08-03 23:44 15360 CBFA30492D70CE3938D8A7783D0C0436 d:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 17:21 15360 1BD41EDA5B869AFC99895C39A8DE36E1 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ctfmon.exe

[-] 2004-08-03 23:44 15360 CBFA30492D70CE3938D8A7783D0C0436 d:\windows\system32\ctfmon.exe

[-] 2002-09-28 22:00 22528 323D3FFCBF99C59B2D20B4C5A7ECE347 d:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2004-08-03 23:44 25088 BD768099B4C44AA631728CB74EB54396 d:\windows\ServicePackFiles\i386\userinit.exe

[-] 2008-04-14 17:21 26624 2A5B37D520508BE6570A3EA79695F5B5 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\userinit.exe

[-] 2004-08-03 23:44 25088 BD768099B4C44AA631728CB74EB54396 d:\windows\system32\userinit.exe

[-] 2002-09-28 22:00 201216 C4EE140F5EDCF2FC20099B56DDBE5445 d:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-03 23:44 296448 2C28157229925280916B3041CCC5FE4B d:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2008-04-14 17:20 296448 52E0505408EDD4AB5CCC7F83B67B4299 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\termsrv.dll

[-] 2004-08-03 23:44 296448 2C28157229925280916B3041CCC5FE4B d:\windows\system32\termsrv.dll

[-] 2002-09-28 22:00 14848 CF06FF4307712677DD2EA86921CCD52F d:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2004-08-03 23:44 17408 B20BB2A65349EF132FA7F2EB51A29E5C d:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2008-04-14 17:20 17408 414C17A2958AEDAC700BBAAFBF999F94 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\powrprof.dll

[-] 2004-08-03 23:44 17408 B20BB2A65349EF132FA7F2EB51A29E5C d:\windows\system32\powrprof.dll

[-] 2002-09-28 22:00 103936 B85F29A061F7D554C8F8092ADE4EC107 d:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2004-08-03 23:44 110080 BDB679C04273B19BF46BD0D591FDEEC3 d:\windows\ServicePackFiles\i386\imm32.dll

[-] 2008-04-14 17:20 110080 2E9A03268E609917B83921EE16FD9CFB d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\imm32.dll

[-] 2004-08-03 23:44 110080 BDB679C04273B19BF46BD0D591FDEEC3 d:\windows\system32\imm32.dll

[-] 2002-09-28 22:00 1145856 E77F6154BF8E41D74B80603701C3B9AA d:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2004-08-03 23:44 1548288 F044A12CFFB8E58BC044A2605283A636 d:\windows\ServicePackFiles\i386\sfcfiles.dll

[-] 2008-04-14 17:20 1571840 A9ED600F08A92143253C10EDB5651ECF d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\sfcfiles.dll

[-] 2004-08-03 23:44 1548288 F044A12CFFB8E58BC044A2605283A636 d:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2009-04-05 09:10 66912 ----a-w d:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2008-09-02 14:05 398776 ----a-w d:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "d:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-04-05 2598896]

[HKEY_CLASSES_ROOT\clsid{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]

[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]

[HKEY_CLASSES_ROOT\TypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-19 68856]

"KMRemote"="c:\pulpit 2\KM Remote\kmremote.exe" [2007-10-16 262144]

"SpeedBitVideoAccelerator"="d:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-04-05 2823784]

"DownloadAccelerator"="d:\program files\DAP\DAP.EXE" [2009-04-05 2811392]

"Gadwin PrintScreen"="d:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"Vidalia"="d:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2009-01-21 4033618]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ESB"="d:\windows\System32\ESB.exe" [2006-05-29 266240]

"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]

"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-14 737370]

"IgfxTray"="d:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]

"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-09 198160]

"Persistence"="d:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"Keyboard Manager Utility"="d:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2006-06-25 1200128]

"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-09-12 16264192]

"VTTimer"="VTTimer.exe" - d:\windows\system32\VTTimer.exe [2005-03-07 53248]

"VTTrayp"="VTtrayp.exe" - d:\windows\system32\VTTrayp.exe [2006-07-10 176128]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - d:\windows\system32\CHDAudPropShortcut.exe [2006-03-30 61952]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

d:\documents and settings\All Users\Menu Start\Programy\Autostart\

Privoxy.lnk - d:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - d:\program files\SAGEM WiFi manager\WLANUTL.exe [2009-9-3 950272]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"CTFMON.EXE"=d:\windows\system32\ctfmon.exe

"Expressivo"="d:\program files\ivo\Expressivo\expressivo.exe" -t

"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" /tray

"IPLA!"=d:\program files\ipla\ipla.exe /autorun

"MSMSGS"="d:\program files\Messenger\msmsgs.exe" /background

"Prec"=d:\program files\Prec\PrecStarter.exe

"Vidalia"="d:\program files\Vidalia Bundle\Vidalia\vidalia.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Alcmtr"=ALCMTR.EXE

"Anti Trojan Elite"=d:\program files\Anti Trojan Elite\TjEnder.exe :NO

"cFosDNT"=d:\program files\cFos\cFosDNT.exe

"Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

"SkyTel"=SkyTel.EXE

"System Closer"=d:\program files\System Closer\SC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"d:\Program Files\Gadu-Gadu\gg.exe"=

"d:\Program Files\Morpheus\Morpheus.exe"=

"d:\Program Files\Migajek Software\HateML\DbgListener\DbgListener.exe"=

"d:\WINDOWS\system32\java.exe"=

"d:\WINDOWS\system32\rserver30\rserver3.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"d:\WINDOWS\system32\dplaysvr.exe"=

"d:\gtawin\gtawin.exe"=

"d:\Program Files\GTA2\gta2.exe"=

"d:\Program Files\DAP\DAP.exe"=

"d:\Program Files\MiniFoto\minifoto.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 cFosNT;cFosNT;d:\windows\System32\Drivers\cFosNT.sys [2008-03-07 881368]

R3 ATE_PROCMON;ATE_PROCMON; [x]

R3 mirrorv3;mirrorv3;d:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]

R3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2005-08-02 32512]

R3 NT_DIO;NT_DIO; [x]

R3 PCIUtil;PCI Utility; [x]

R3 se46bus;Sony Ericsson Device 070 driver (WDM);d:\windows\system32\DRIVERS\se46bus.sys [2006-11-30 61536]

R3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;d:\windows\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]

R3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;d:\windows\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]

R3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);d:\windows\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]

R3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;d:\windows\system32\DRIVERS\se46obex.sys [2006-11-30 86432]

R3 ZDCndis5;ZDCndis5 Protocol Driver; [x]

R4 sgSchedulerService;sgSchedulerService;d:\program files\SystemGuards.com\SystemGuards\sgScheduleService.exe [2007-09-04 28672]

S1 aswSP;avast! Self Protection; [x]

S1 nltdi;nltdi;d:\windows\System32\drivers\nltdi.sys [2007-04-23 82200]

S1 raddrvv3;raddrvv3;d:\windows\system32\rserver30\raddrvv3.sys [2007-10-31 45976]

S2 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

S2 RServer3;Radmin Server V3;d:\windows\system32\rserver30\RServer3.exe [2007-10-31 1246536]

S2 VideoAcceleratorService;VideoAcceleratorService;d:\progra~1\SPEEDB~2\VideoAcceleratorService.exe [2009-04-05 288368]

S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]

.

Zawartość folderu 'Zaplanowane zadania'

2008-03-12 d:\windows\Tasks\Lomsel12032008_212116.job

  • c:\pulpit 2\Lomsel Shutdown\Shutdown.exe [2008-03-07 21:57]

.

  • USUNIĘTO PUSTE WPISY - - - -

Notify-WgaLogon - (no file)

.

------- Skan uzupełniający -------

.

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

mWindow Title = Microsoft Internet Explorer

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Clean Traces - d:\program files\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - d:\program files\DAP\dapextie.htm

IE: Download &all with DAP - d:\program files\DAP\dapextie2.htm

LSP: d:\progra~1\SPEEDB~2\sblsp.dll

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - d:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab

FF - ProfilePath - d:\documents and settings\heniek\Dane aplikacji\Mozilla\Firefox\Profiles\ky5y3kko.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/

FF - component: d:\program files\DAP\DAPFireFox\components\DAPFireFox.dll

FF - plugin: d:\program files\Mozilla Firefox 3 Beta 2\plugins\NPAskSBr.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-19 13:21

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ocl32]

"ImagePath"="D:\WINDOWS/system32/srvany.exe"

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • > 'lsass.exe'(1328)

d:\progra~1\SPEEDB~2\sblsp.dll

d:\program files\SpeedBit Video Accelerator\ConfigDB.dll

d:\program files\SpeedBit Video Accelerator\Accelerator.dll

d:\program files\SpeedBit Video Accelerator\CommPipe.dll

d:\program files\SpeedBit Video Accelerator\Collector.dll

.

Czas ukończenia: 2009-04-19 13:23

ComboFix-quarantined-files.txt 2009-04-19 11:23

Przed: 10 404 651 008 bajtów wolnych

Po: 11 714 506 752 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

385 --- E O F --- 2009-04-17 14:27

Co dalej ?


(Leon$) #4

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile: