Logi z Combofix:
ComboFix 09-04-19.05 - Ja 2009-04-19 13:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1014.640 [GMT 2:00]
Uruchomiony z: d:\documents and settings\heniek\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090418-0] *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\Administrator\Cookies[pc games] gta-grand theft auto- vice city- full version(3).exe
d:\documents and settings\Administrator\Cookies__technic.nfo
d:\documents and settings\Administrator\Cookies\ea games - (pc game) - need for speed underground {ea games}(2).exe
d:\documents and settings\Administrator\Cookies\ford racing 3(pc rip by bfg).exe
d:\documents and settings\Administrator\Cookies\grand theft auto-gta-liberty city stories umd-rip.exe
d:\documents and settings\Administrator\Cookies\gta-vc.exe
d:\documents and settings\Administrator\Cookies\gta esta entero.exe
d:\documents and settings\Administrator\Cookies\gta3.img
d:\documents and settings\Administrator\Cookies\l.exe
d:\documents and settings\Administrator\Cookies\Mss32.dll
d:\documents and settings\Administrator\Cookies\nfs carbon(2).exe
d:\documents and settings\Administrator\Cookies\p.exe
d:\documents and settings\Administrator\Cookies\readMe.txt
d:\documents and settings\Administrator\Cookies\TecAudio.bat
d:\documents and settings\Administrator\Cookies\Tecsetup.exe
d:\windows\hosts
d:\windows\system32\instsrv.exe
d:\windows\system32\pthreadGC2.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-19 do 2009-04-19 )))))))))))))))))))))))))))))))
.
2009-09-03 13:18 . 2007-01-16 11:52 17664 ----a-w d:\windows\system32\drivers\ZDPSp50.sys
2009-09-03 13:18 . 2007-01-16 11:52 20608 ----a-w d:\windows\system32\drivers\BRGSp50.sys
2009-09-03 13:18 . 2009-09-03 13:18 -------- d-----w d:\program files\SAGEM WiFi manager
2009-09-03 13:18 . 2009-09-03 13:18 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\InstallShield
2009-09-03 13:15 . 2007-01-10 08:14 450560 ----a-w d:\windows\system32\drivers\WlanBZXP.sys
2009-04-18 19:49 . 2009-04-18 19:50 -------- d-----w d:\program files\SubEdit-Player
2009-04-18 19:31 . 2009-04-18 19:31 -------- d-----w d:\program files\Trend Micro
2009-04-18 18:49 . 2009-04-18 18:49 -------- d-----w d:\program files\Keyboard Manager
2009-04-18 14:53 . 2008-07-30 19:09 38 ----a-w d:\windows\avisplitter.ini
2009-04-16 00:46 . 2009-04-18 16:05 54156 —ha-w d:\windows\QTFont.qfn
2009-04-16 00:46 . 2009-04-16 00:46 1409 ----a-w d:\windows\QTFont.for
2009-04-12 14:58 . 2009-04-12 14:58 -------- d-----w d:\program files\Alwil Software
2009-04-12 12:18 . 2009-04-17 15:03 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\gtk-2.0
2009-04-12 12:17 . 2009-04-12 12:17 -------- d-----w d:\documents and settings\heniek.thumbnails
2009-04-12 12:16 . 2009-04-17 15:08 -------- d-----w d:\documents and settings\heniek.gimp-2.6
2009-04-12 12:16 . 2009-04-12 12:16 -------- d-----w d:\documents and settings\heniek.gegl-0.0
2009-04-12 12:15 . 2009-04-12 12:15 -------- d-----w d:\program files\GIMP-2.0
2009-04-12 11:47 . 2009-04-12 12:01 -------- d-----w d:\program files\MiniFoto
2009-04-12 11:36 . 2009-04-12 11:36 -------- d-----w d:\program files\IrfanView
2009-04-12 11:23 . 2009-04-17 15:09 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\VSO
2009-04-12 11:23 . 2009-04-12 11:23 -------- d-----w d:\program files\VSO
2009-04-12 11:20 . 2009-04-12 11:22 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\GetRightToGo
2009-04-11 08:34 . 2009-04-11 08:34 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\Sony
2009-04-11 08:34 . 2009-04-11 08:34 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\Sony
2009-04-10 12:13 . 2009-04-10 12:13 -------- d-----w d:\documents and settings\heniek\DoctorWeb
2009-04-09 19:33 . 2009-04-13 18:53 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\ipla
2009-04-09 19:33 . 2009-04-09 19:33 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\ipla
2009-04-09 19:33 . 2009-04-09 19:33 -------- d-----w d:\program files\ipla
2009-04-09 15:17 . 2009-04-09 15:17 -------- d-----w d:\program files\AVIcodec
2009-04-09 15:09 . 2009-04-02 13:21 50688 ----a-w d:\windows\system32\ff_acm.acm
2009-04-09 10:58 . 2009-04-09 10:58 -------- d-----w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\Real
2009-04-09 10:58 . 2009-04-09 10:58 -------- d-----w d:\program files\Common Files\xing shared
2009-04-09 10:57 . 2009-04-09 10:57 -------- d-----w d:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
2009-04-09 10:43 . 2009-04-09 10:43 -------- d-----w d:\program files\AviSynth 2.5
2009-04-09 10:43 . 2009-04-18 12:30 -------- d-----w d:\program files\Avi2Dvd
2009-04-09 10:18 . 2009-04-09 10:18 230 ----a-w d:\windows\system32\spupdsvc.inf
2009-04-08 15:55 . 2009-04-08 15:55 -------- d-----w d:\program files\Photo!
2009-04-08 15:39 . 2009-04-08 15:39 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\Ashampoo
2009-04-08 15:39 . 2009-04-08 15:39 -------- d-----w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\ashampoo
2009-04-08 15:39 . 2009-04-08 15:39 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\ashampoo
2009-04-08 14:36 . 2009-04-11 08:34 -------- d-----w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\Sony
2009-04-08 14:32 . 2009-04-08 14:32 -------- d-----w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\Apple
2009-04-08 14:31 . 2006-10-04 14:06 764868 -c----w d:\windows\system32\dllcache\apph_sp.sdb
2009-04-08 14:31 . 2006-10-04 14:06 217118 -c----w d:\windows\system32\dllcache\apphelp.sdb
2009-04-08 14:31 . 2006-10-04 14:06 1197294 -c----w d:\windows\system32\dllcache\sysmain.sdb
2009-04-08 14:30 . 2009-04-08 14:42 -------- d-----w d:\windows\system32\drivers\UMDF
2009-04-08 14:30 . 2009-04-08 14:30 -------- d-----w d:\windows\system32\LogFiles
2009-04-08 14:27 . 2009-04-08 14:54 -------- d-----w d:\program files\PhotoFiltre
2009-04-08 12:22 . 2009-04-08 12:22 -------- d-----w d:\program files\Rockstar Games
2009-04-08 12:10 . 2009-04-08 12:10 -------- d-----w d:\program files\Gadwin Systems
2009-04-08 11:01 . 2009-04-08 11:01 -------- d-----w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\Prec
2009-04-08 10:58 . 2009-04-08 10:58 90864 ----a-w d:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-04-08 10:57 . 2009-04-08 10:57 -------- d-----w d:\program files\MSBuild
2009-04-08 10:57 . 2009-04-08 11:00 -------- d-----w d:\windows\system32\XPSViewer
2009-04-08 10:57 . 2009-04-08 10:57 -------- d-----w d:\program files\Reference Assemblies
2009-04-08 10:56 . 2006-06-29 11:07 14048 ------w d:\windows\system32\spmsg2.dll
2009-04-08 10:56 . 2009-04-08 10:56 -------- d-----w d:\program files\MSXML 6.0
2009-04-08 10:50 . 2009-04-08 12:57 -------- d-----w d:\program files\Prec
2009-04-07 12:19 . 2009-04-07 12:19 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\SpeedBit
2009-04-07 12:18 . 2009-04-07 12:19 -------- d-----w d:\program files\SpeedOptimizer
2009-04-06 18:02 . 2009-04-10 09:54 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\OpenOffice.org2
2009-04-06 16:12 . 2009-04-19 10:58 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\tor
2009-04-06 16:10 . 2009-04-19 10:58 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\Vidalia
2009-04-06 16:10 . 2009-04-06 16:10 -------- d-----w d:\program files\Vidalia Bundle
2009-04-06 11:00 . 2009-04-06 11:00 -------- d-----w d:\documents and settings\heniek.gstreamer-0.10
2009-04-06 10:57 . 2009-04-06 13:40 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\Nowe Gadu-Gadu
2009-04-06 10:56 . 2009-04-06 10:57 -------- d-----w d:\program files\Nowe Gadu-Gadu
2009-04-05 18:42 . 2009-04-05 18:51 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\DeepBurner
2009-04-05 18:41 . 2009-04-05 18:41 -------- d-----w d:\program files\Astonsoft
2009-04-05 18:39 . 2009-04-05 18:39 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\ImgBurn
2009-04-05 18:37 . 2009-04-05 18:38 -------- d-----w d:\program files\ImgBurn
2009-04-05 15:53 . 2009-04-05 15:54 -------- d-----w d:\program files\OpenOffice.org 2.4
2009-04-05 13:07 . 2009-04-05 13:07 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\Media Player Classic
2009-04-05 09:10 . 2009-04-05 09:11 -------- d-----w d:\program files\SpeedBit Video Accelerator
2009-04-05 09:10 . 2009-04-05 09:10 -------- d-----w d:\program files\AskSBar
2009-04-05 08:57 . 2009-04-05 09:20 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\SpeedBit
2009-04-05 08:57 . 2009-04-05 08:57 -------- d-----w d:\program files\SpeedBit Toolbar
2009-04-05 08:57 . 2009-04-05 08:57 172032 ----a-w d:\windows\system32\AniGIF.ocx
2009-04-05 08:57 . 2009-04-19 11:08 -------- d-----w d:\program files\DAP
2009-04-04 23:59 . 2009-04-07 23:59 -------- d-----w d:\program files\Budzik
2009-04-04 23:59 . 2003-05-17 13:08 140288 ----a-w d:\windows\system32\ComDlg32.ocx
2009-04-04 23:47 . 2009-04-04 23:47 -------- d-----w d:\program files\Merlin
2009-04-04 23:47 . 1996-07-18 11:06 297472 ----a-w d:\windows\uninst.exe
2009-04-04 20:47 . 2008-02-15 10:49 180224 ----a-w d:\windows\system32\igfxres.dll
2009-04-04 20:38 . 2008-03-07 10:56 920088 ----a-w d:\windows\system32\igxpun.exe
2009-04-04 20:38 . 2006-11-10 06:25 319456 ----a-w d:\windows\system32\difxapi.dll
2009-04-04 20:38 . 2009-04-04 20:38 -------- d-----w D:\Intel
2009-04-04 20:28 . 2009-04-16 11:26 1282767 ----a-w d:\windows\setupapi.log.2.old
2009-04-04 20:28 . 2006-04-14 14:45 69722 ----a-w d:\windows\system32\SynTPFcs.dll
2009-04-04 20:28 . 2006-04-14 14:45 90202 ----a-w d:\windows\system32\SynTPAPI.dll
2009-04-04 20:28 . 2006-04-14 14:45 81920 ----a-w d:\windows\system32\SynTPCo2.dll
2009-04-04 20:28 . 2006-04-14 14:45 191872 ----a-w d:\windows\system32\drivers\SynTP.sys
2009-04-04 20:28 . 2006-04-14 14:45 114688 ----a-w d:\windows\system32\SynCtrl.dll
2009-04-04 20:28 . 2006-04-14 14:45 82013 ----a-w d:\windows\system32\SynCOM.dll
2009-04-04 20:28 . 2009-04-04 20:28 -------- d-----w d:\program files\Synaptics
2009-04-04 20:27 . 2009-04-04 21:08 -------- d-----w d:\windows\system32\CatRoot_bak
2009-04-04 20:26 . 2008-06-14 18:01 273024 -c----w d:\windows\system32\dllcache\bthport.sys
2009-04-04 20:23 . 2008-05-01 14:33 331776 -c----w d:\windows\system32\dllcache\msadce.dll
2009-04-04 20:10 . 2006-07-20 18:58 208896 ----a-w d:\windows\system32\nvudisp.exe
2009-04-04 20:10 . 2006-07-20 21:21 208896 ----a-w d:\windows\system32\NVUNINST.EXE
2009-04-04 18:52 . 2009-04-04 19:27 -------- d-----w d:\program files\SystemRequirementsLab
2009-04-04 18:52 . 2009-04-04 19:27 -------- d-----w d:\documents and settings\heniek\SystemRequirementsLab
2009-04-04 18:28 . 2009-04-04 18:28 -------- d-----w d:\program files\SIW
2009-04-04 17:16 . 2009-04-10 11:18 1324 ----a-w d:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 10:59 . 2008-01-20 08:40 -------- d-----w d:\program files\Mozilla Firefox 3 Beta 2
2009-04-19 10:58 . 2008-01-18 19:30 -------- d—a-w d:\documents and settings\All Users\Dane aplikacji\TEMP
2009-04-18 18:49 . 2008-01-18 17:03 -------- d–h--w d:\program files\InstallShield Installation Information
2009-04-18 18:38 . 2008-01-19 13:14 -------- d-----w d:\program files\Google
2009-04-18 14:53 . 2009-04-05 13:03 -------- d-----w d:\program files\K-Lite Codec Pack
2009-04-14 19:07 . 2002-09-28 22:00 84208 ----a-w d:\windows\system32\perfc015.dat
2009-04-14 19:07 . 2002-09-28 22:00 491838 ----a-w d:\windows\system32\perfh015.dat
2009-04-11 08:41 . 2008-01-18 18:18 -------- d-----w d:\program files\City Interactive
2009-04-11 08:40 . 2008-01-26 20:30 -------- d-----w d:\program files\Sony Ericsson
2009-04-11 08:40 . 2008-01-26 20:30 -------- d-----w d:\program files\Common Files\Teleca Shared
2009-04-11 08:32 . 2008-02-19 21:34 -------- d-----w d:\program files\Anti Trojan Elite
2009-04-10 11:50 . 2008-03-08 14:13 -------- d-----w d:\program files\cFos
2009-04-09 20:33 . 2008-02-26 17:29 -------- d-----w d:\program files\Enigma Browser
2009-04-09 17:20 . 2008-01-21 05:52 -------- d-----w d:\program files\Ontrack
2009-04-09 10:58 . 2008-01-31 22:47 -------- d-----w d:\program files\Common Files\Real
2009-04-09 07:43 . 2008-03-08 09:48 -------- d-sh–w d:\documents and settings\All Users\Dane aplikacji\dtmcfg
2009-04-08 16:55 . 2009-04-11 14:30 188062 ----a-w d:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1045.dat
2009-04-08 14:33 . 2008-01-18 23:22 -------- d—a-w d:\program files\QuickTime
2009-04-08 14:33 . 2008-01-26 20:40 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-04-08 11:01 . 2008-02-03 16:47 34152 ----a-w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-07 20:29 . 2008-01-22 19:22 -------- d-----w d:\program files\Ahead
2009-04-07 20:29 . 2008-01-22 19:22 -------- d-----w d:\program files\Common Files\Ahead
2009-04-07 20:28 . 2008-02-12 18:30 -------- d-----w d:\program files\Java
2009-04-07 13:27 . 2008-01-26 08:39 -------- d-----w d:\program files\Shareaza
2009-04-07 13:26 . 2008-02-22 11:53 -------- d-----w d:\program files\Prawo Jazdy 2006
2009-04-05 13:01 . 2008-01-18 23:23 -------- d-----w d:\program files\DivX
2009-04-05 09:16 . 2008-02-18 22:03 -------- d-----w d:\program files\System Closer
2009-04-04 16:05 . 2008-01-18 19:17 -------- d-----w d:\program files\iPlus
2009-04-04 16:05 . 2008-01-18 19:17 -------- d-----w d:\documents and settings\heniek\Dane aplikacji\iPlus
2009-04-04 15:46 . 2008-01-18 19:44 -------- d-----w d:\program files\Ares
2009-04-04 15:44 . 2008-02-06 00:19 -------- d-----w d:\program files\Webroot
2009-04-04 15:44 . 2008-01-26 18:10 -------- d-----w d:\program files\01-mp3search
2009-04-02 13:21 . 2009-04-05 13:03 84480 ----a-w d:\windows\system32\ff_vfw.dll
2009-03-09 20:34 . 2009-03-09 16:24 -------- d-----w d:\program files\BearShare Applications
2009-03-09 18:58 . 2009-03-09 18:58 -------- d-----w d:\documents and settings\All Users\Dane aplikacji\72DE
2009-03-09 15:58 . 2008-01-18 17:04 -------- d-----w d:\program files\CONEXANT
2009-03-09 15:37 . 2008-01-18 17:03 -------- d-----w d:\program files\Realtek
2009-02-09 14:19 . 2002-09-28 22:00 1846528 ----a-w d:\windows\system32\win32k.sys
2008-03-08 12:35 . 2008-03-07 23:03 492 ----a-w d:\documents and settings\heniek\Dane aplikacji\regdatels.dat
2008-01-26 20:22 . 2008-01-26 20:22 131 ----a-w d:\documents and settings\heniek\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2003-05-10 03:16 . 2008-01-20 00:02 1438 ----a-w d:\documents and settings\heniek_Unpak.bat
2001-12-27 23:00 . 2008-01-20 00:02 100864 ----a-w d:\documents and settings\heniek\Tecuha.exe
.
------- Sigcheck -------
[-] 2002-09-28 22:00 12800 B3C95BFEEF6781A82A1C429F466A3A11 d:\windows$NtServicePackUninstall$\svchost.exe
[-] 2004-08-03 23:44 14336 BA98327E90022DBD6EE76490E0622E2E d:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 17:21 14336 8607D35D92528E2DF386F19A960D23CE d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\svchost.exe
[-] 2004-08-03 23:44 14336 BA98327E90022DBD6EE76490E0622E2E d:\windows\system32\svchost.exe
[-] 2002-09-28 22:00 75264 9B7D1C56CC12D806314B853BF52ECB4C d:\windows$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-03 23:44 82944 AB82237486B727DD7DAB36A76F38A3A2 d:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 17:20 82432 C0AA2AB856680C44739B41E01F5BD4E9 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ws2_32.dll
[-] 2004-08-03 23:44 82944 AB82237486B727DD7DAB36A76F38A3A2 d:\windows\system32\ws2_32.dll
[-] 2002-09-28 22:00 519168 8B6E6BB5D451F8BBC0621203B687D993 d:\windows$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-03 23:44 504832 0344407089B08548D4FEBA62BB0F32D0 d:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 17:21 510464 51FD2E13D723857B9CA239AE77150F48 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\winlogon.exe
[-] 2004-08-03 23:44 504832 0344407089B08548D4FEBA62BB0F32D0 d:\windows\system32\winlogon.exe
[-] 2002-09-28 22:00 167552 3B350E5A2A5E951453F3993275A4523A d:\windows$NtServicePackUninstall$\ndis.sys
[-] 2004-08-03 22:14 182912 558635D3AF1C7546D26067D5D9B6959E d:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ndis.sys
[-] 2004-08-03 22:14 182912 558635D3AF1C7546D26067D5D9B6959E d:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 22:00 29056 4448006B6BC60E6C027932CFC38D6855 d:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ip6fw.sys
[-] 2004-08-03 22:00 29056 4448006B6BC60E6C027932CFC38D6855 d:\windows\system32\drivers\ip6fw.sys
[-] 2002-09-28 22:00 101888 BF4CBEFDCE42A699389791647CB95CA2 d:\windows$NtServicePackUninstall$\services.exe
[-] 2004-08-03 23:44 108544 3DA8D964D2CC12EF8E8C342471A37917 d:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 17:21 109056 3E3AE424E27C4CEFE4CAB368C7B570EA d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\services.exe
[-] 2004-08-03 23:44 108544 3DA8D964D2CC12EF8E8C342471A37917 d:\windows\system32\services.exe
[-] 2002-09-28 22:00 11776 FA2C871F57352339F0A1802BB9AEA6E7 d:\windows$NtServicePackUninstall$\lsass.exe
[-] 2004-08-03 23:44 13312 F485FEFC8CC4FD29243D800BE5D275D1 d:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 17:21 13312 88296F7943F30A1EE3AF735440B92268 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\lsass.exe
[-] 2004-08-03 23:44 13312 F485FEFC8CC4FD29243D800BE5D275D1 d:\windows\system32\lsass.exe
[-] 2002-09-28 22:00 13312 0C4C012B0A8960F48A666C240A7BAA3D d:\windows$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-03 23:44 15360 CBFA30492D70CE3938D8A7783D0C0436 d:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 17:21 15360 1BD41EDA5B869AFC99895C39A8DE36E1 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\ctfmon.exe
[-] 2004-08-03 23:44 15360 CBFA30492D70CE3938D8A7783D0C0436 d:\windows\system32\ctfmon.exe
[-] 2002-09-28 22:00 22528 323D3FFCBF99C59B2D20B4C5A7ECE347 d:\windows$NtServicePackUninstall$\userinit.exe
[-] 2004-08-03 23:44 25088 BD768099B4C44AA631728CB74EB54396 d:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 17:21 26624 2A5B37D520508BE6570A3EA79695F5B5 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\userinit.exe
[-] 2004-08-03 23:44 25088 BD768099B4C44AA631728CB74EB54396 d:\windows\system32\userinit.exe
[-] 2002-09-28 22:00 201216 C4EE140F5EDCF2FC20099B56DDBE5445 d:\windows$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-03 23:44 296448 2C28157229925280916B3041CCC5FE4B d:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 17:20 296448 52E0505408EDD4AB5CCC7F83B67B4299 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\termsrv.dll
[-] 2004-08-03 23:44 296448 2C28157229925280916B3041CCC5FE4B d:\windows\system32\termsrv.dll
[-] 2002-09-28 22:00 14848 CF06FF4307712677DD2EA86921CCD52F d:\windows$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-03 23:44 17408 B20BB2A65349EF132FA7F2EB51A29E5C d:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 17:20 17408 414C17A2958AEDAC700BBAAFBF999F94 d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\powrprof.dll
[-] 2004-08-03 23:44 17408 B20BB2A65349EF132FA7F2EB51A29E5C d:\windows\system32\powrprof.dll
[-] 2002-09-28 22:00 103936 B85F29A061F7D554C8F8092ADE4EC107 d:\windows$NtServicePackUninstall$\imm32.dll
[-] 2004-08-03 23:44 110080 BDB679C04273B19BF46BD0D591FDEEC3 d:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 17:20 110080 2E9A03268E609917B83921EE16FD9CFB d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\imm32.dll
[-] 2004-08-03 23:44 110080 BDB679C04273B19BF46BD0D591FDEEC3 d:\windows\system32\imm32.dll
[-] 2002-09-28 22:00 1145856 E77F6154BF8E41D74B80603701C3B9AA d:\windows$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-03 23:44 1548288 F044A12CFFB8E58BC044A2605283A636 d:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 17:20 1571840 A9ED600F08A92143253C10EDB5651ECF d:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\sfcfiles.dll
[-] 2004-08-03 23:44 1548288 F044A12CFFB8E58BC044A2605283A636 d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-04-05 09:10 66912 ----a-w d:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w d:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}”= “d:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll” [2009-04-05 2598896]
[HKEY_CLASSES_ROOT\clsid{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“swg”=“d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-01-19 68856]
“KMRemote”=“c:\pulpit 2\KM Remote\kmremote.exe” [2007-10-16 262144]
“SpeedBitVideoAccelerator”=“d:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe” [2009-04-05 2823784]
“DownloadAccelerator”=“d:\program files\DAP\DAP.EXE” [2009-04-05 2811392]
“Gadwin PrintScreen”=“d:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe” [2008-12-09 495616]
“Vidalia”=“d:\program files\Vidalia Bundle\Vidalia\vidalia.exe” [2009-01-21 4033618]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ESB”=“d:\windows\System32\ESB.exe” [2006-05-29 266240]
“QuickTime Task”=“d:\program files\QuickTime\QTTask.exe” [2007-10-19 286720]
“SynTPEnh”=“d:\program files\Synaptics\SynTP\SynTPEnh.exe” [2006-04-14 737370]
“IgfxTray”=“d:\windows\system32\igfxtray.exe” [2008-02-15 135168]
“HotKeysCmds”=“d:\windows\system32\hkcmd.exe” [2008-02-15 159744]
“SunJavaUpdateSched”=“d:\program files\Java\jre1.6.0_04\bin\jusched.exe” [2007-12-14 144784]
“TkBellExe”=“d:\program files\Common Files\Real\Update_OB\realsched.exe” [2009-04-09 198160]
“Persistence”=“d:\windows\system32\igfxpers.exe” [2008-02-15 131072]
“avast!”=“d:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000]
“Keyboard Manager Utility”=“d:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe” [2006-06-25 1200128]
“RTHDCPL”=“RTHDCPL.EXE” - d:\windows\RTHDCPL.exe [2006-09-12 16264192]
“VTTimer”=“VTTimer.exe” - d:\windows\system32\VTTimer.exe [2005-03-07 53248]
“VTTrayp”=“VTtrayp.exe” - d:\windows\system32\VTTrayp.exe [2006-07-10 176128]
“High Definition Audio Property Page Shortcut”=“CHDAudPropShortcut.exe” - d:\windows\system32\CHDAudPropShortcut.exe [2006-03-30 61952]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“d:\windows\System32\CTFMON.EXE” [2004-08-03 15360]
d:\documents and settings\All Users\Menu Start\Programy\Autostart\
Privoxy.lnk - d:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - d:\program files\SAGEM WiFi manager\WLANUTL.exe [2009-9-3 950272]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“CTFMON.EXE”=d:\windows\system32\ctfmon.exe
“Expressivo”=“d:\program files\ivo\Expressivo\expressivo.exe” -t
“Gadu-Gadu”=“d:\program files\Gadu-Gadu\gg.exe” /tray
“IPLA!”=d:\program files\ipla\ipla.exe /autorun
“MSMSGS”=“d:\program files\Messenger\msmsgs.exe” /background
“Prec”=d:\program files\Prec\PrecStarter.exe
“Vidalia”=“d:\program files\Vidalia Bundle\Vidalia\vidalia.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“Alcmtr”=ALCMTR.EXE
“Anti Trojan Elite”=d:\program files\Anti Trojan Elite\TjEnder.exe :NO
“cFosDNT”=d:\program files\cFos\cFosDNT.exe
“Sony Ericsson PC Suite”=“d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
“SkyTel”=SkyTel.EXE
“System Closer”=d:\program files\System Closer\SC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“d:\Program Files\Gadu-Gadu\gg.exe”=
“d:\Program Files\Morpheus\Morpheus.exe”=
“d:\Program Files\Migajek Software\HateML\DbgListener\DbgListener.exe”=
“d:\WINDOWS\system32\java.exe”=
“d:\WINDOWS\system32\rserver30\rserver3.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“d:\WINDOWS\system32\dplaysvr.exe”=
“d:\gtawin\gtawin.exe”=
“d:\Program Files\GTA2\gta2.exe”=
“d:\Program Files\DAP\DAP.exe”=
“d:\Program Files\MiniFoto\minifoto.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“3389:TCP”= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 cFosNT;cFosNT;d:\windows\System32\Drivers\cFosNT.sys [2008-03-07 881368]
R3 ATE_PROCMON;ATE_PROCMON; [x]
R3 mirrorv3;mirrorv3;d:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2005-08-02 32512]
R3 NT_DIO;NT_DIO; [x]
R3 PCIUtil;PCI Utility; [x]
R3 se46bus;Sony Ericsson Device 070 driver (WDM);d:\windows\system32\DRIVERS\se46bus.sys [2006-11-30 61536]
R3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;d:\windows\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]
R3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;d:\windows\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]
R3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);d:\windows\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]
R3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;d:\windows\system32\DRIVERS\se46obex.sys [2006-11-30 86432]
R3 ZDCndis5;ZDCndis5 Protocol Driver; [x]
R4 sgSchedulerService;sgSchedulerService;d:\program files\SystemGuards.com\SystemGuards\sgScheduleService.exe [2007-09-04 28672]
S1 aswSP;avast! Self Protection; [x]
S1 nltdi;nltdi;d:\windows\System32\drivers\nltdi.sys [2007-04-23 82200]
S1 raddrvv3;raddrvv3;d:\windows\system32\rserver30\raddrvv3.sys [2007-10-31 45976]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 RServer3;Radmin Server V3;d:\windows\system32\rserver30\RServer3.exe [2007-10-31 1246536]
S2 VideoAcceleratorService;VideoAcceleratorService;d:\progra~1\SPEEDB~2\VideoAcceleratorService.exe [2009-04-05 288368]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
.
Zawartość folderu ‘Zaplanowane zadania’
2008-03-12 d:\windows\Tasks\Lomsel12032008_212116.job
- c:\pulpit 2\Lomsel Shutdown\Shutdown.exe [2008-03-07 21:57]
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
Notify-WgaLogon - (no file)
.
------- Skan uzupełniający -------
.
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - d:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - d:\program files\DAP\dapextie.htm
IE: Download &all with DAP - d:\program files\DAP\dapextie2.htm
LSP: d:\progra~1\SPEEDB~2\sblsp.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - d:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\heniek\Dane aplikacji\Mozilla\Firefox\Profiles\ky5y3kko.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/
FF - component: d:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: d:\program files\Mozilla Firefox 3 Beta 2\plugins\NPAskSBr.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 13:21
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ocl32]
“ImagePath”=“D:\WINDOWS/system32/srvany.exe”
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
d:\progra~1\SPEEDB~2\sblsp.dll
d:\program files\SpeedBit Video Accelerator\ConfigDB.dll
d:\program files\SpeedBit Video Accelerator\Accelerator.dll
d:\program files\SpeedBit Video Accelerator\CommPipe.dll
d:\program files\SpeedBit Video Accelerator\Collector.dll
.
Czas ukończenia: 2009-04-19 13:23
ComboFix-quarantined-files.txt 2009-04-19 11:23
Przed: 10 404 651 008 bajtów wolnych
Po: 11 714 506 752 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=“Microsoft Windows XP Professional” /fastdetect /NoExecute=OptIn
385 — E O F — 2009-04-17 14:27
Co dalej ?