log z combofixa:
ComboFix 09-05-14.02 - User 2009-05-14 20:33.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.3326.2308 [GMT 2:00]
Uruchomiony z: c:\users\User\Downloads\ComboFix.exe
Użyto następujących komend :: c:\users\User\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bHRBayay.ini
c:\windows\system32\bHRBayay.ini2
c:\windows\system32\bwhgrxwr.ini
c:\windows\system32\cbXNGaWN.dll
c:\windows\system32\cplxvpug.ini
c:\windows\system32\djrylnav.ini
c:\windows\system32\hgGyyvss.dll
c:\windows\system32\hoekaxit.ini
c:\windows\system32\iifDSjGy.dll
c:\windows\system32\kmewkisc.ini
c:\windows\System32\llnTvyay.ini
c:\windows\system32\llnTvyay.ini2
c:\windows\system32\mkyjwpju.ini
c:\windows\system32\mnvxiqwm.ini
c:\windows\system32\pmnkJbCR.dll
c:\windows\System32\pruvvGgh.ini
c:\windows\system32\pruvvGgh.ini2
c:\windows\system32\ssvyyGgh.ini
c:\windows\system32\ssvyyGgh.ini2
c:\windows\system32\tauepwyv.ini
c:\windows\system32\tbbeflfp.ini
c:\windows\system32\tsAKRqru.ini
c:\windows\system32\tsAKRqru.ini2
c:\windows\system32\viuhbquu.ini
c:\windows\System32\wDfOYcfe.ini
c:\windows\system32\wDfOYcfe.ini2
c:\windows\system32\wvUlkJCT.dll
c:\windows\system32\xwmfqjsd.ini
c:\windows\system32\yGjSDfii.ini
c:\windows\System32\yGjSDfii.ini2
c:\windows\System32\yyJiPqru.ini
c:\windows\system32\yyJiPqru.ini2
.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-14 do 2009-05-14 )))))))))))))))))))))))))))))))
.
2009-05-14 17:13 . 2009-05-14 17:13 -------- d-----w c:\program files\Trend Micro
2009-05-12 18:02 . 2009-05-12 18:02 -------- d-----w c:\programdata\Electronic Arts
2009-05-12 18:02 . 2009-05-12 18:02 -------- d-----w c:\users\All Users\Electronic Arts
2009-05-12 18:00 . 2009-05-12 18:00 -------- d-----w c:\users\User\AppData\Local\Downloaded Installations
2009-05-12 17:58 . 2008-10-10 02:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2009-05-12 17:58 . 2008-10-10 02:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll
2009-05-12 17:58 . 2008-10-10 02:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll
2009-05-12 17:58 . 2008-10-27 08:04 70992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2009-05-12 17:58 . 2008-10-27 08:04 514384 ----a-w c:\windows\system32\XAudio2_3.dll
2009-05-12 17:58 . 2008-10-27 08:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll
2009-05-12 17:58 . 2008-10-27 08:04 23376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2009-05-06 19:48 . 2009-05-06 19:48 -------- d-----w c:\windows\Corel
2009-05-04 21:38 . 2009-05-04 21:38 -------- d-----w c:\program files\Activision
2009-05-04 21:34 . 2009-05-04 21:34 -------- d-sh–w c:\windows\ftpcache
2009-05-04 21:34 . 2009-05-04 21:34 -------- d-----w c:\program files\advantage
2009-05-04 21:34 . 2009-05-14 17:07 -------- d-----w c:\users\User\AppData\Roaming\advantage
2009-05-04 21:33 . 2009-05-04 21:33 -------- d-----w c:\users\User\AppData\Roaming\DAEMON Tools
2009-05-04 21:33 . 2009-05-04 21:34 -------- d-----w c:\program files\DAEMON Tools Lite
2009-05-03 08:35 . 2009-05-03 08:35 -------- d-----w c:\users\User\AppData\Roaming\Kaspersky_Key_Finder_(KKF
2009-05-01 13:30 . 2009-05-01 13:30 278728 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-05-01 13:30 . 2009-05-01 13:30 25416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-05-01 13:10 . 2009-05-01 13:10 -------- d-----w c:\windows\system32\AGEIA
2009-05-01 13:10 . 2009-05-01 13:10 -------- d-----w c:\program files\AGEIA Technologies
2009-05-01 13:10 . 2009-05-01 13:10 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-01 13:06 . 2009-05-01 13:06 -------- d-----w c:\program files\Xvid
2009-04-30 21:49 . 2009-04-30 21:49 -------- d-----w c:\users\User\AppData\Local\Real
2009-04-30 21:49 . 2009-04-30 21:49 -------- d-----w c:\program files\Common Files\xing shared
2009-04-30 21:49 . 2009-04-30 21:49 -------- d-----w c:\program files\Real
2009-04-30 21:49 . 2009-04-30 21:49 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-30 21:49 . 2009-04-30 21:49 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-30 21:49 . 2009-04-30 21:49 -------- d-----w c:\program files\Common Files\Real
2009-04-18 18:16 . 2009-04-18 18:16 -------- d-----w c:\users\User\AppData\Roaming\OpenFM
2009-04-18 17:24 . 2009-04-19 15:23 -------- d-----w c:\users\User\AppData\Roaming\Nowe Gadu-Gadu
2009-04-15 07:27 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 07:27 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 07:27 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 18:36 . 2009-03-19 17:53 -------- d-----w c:\program files\lg_fwupdate
2009-05-14 18:35 . 2009-03-22 09:05 507936 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-14 18:35 . 2009-03-22 09:05 4912 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-14 18:35 . 2009-03-22 09:05 3401248 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-14 18:35 . 2009-03-22 09:05 29748 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-14 18:21 . 2008-01-21 06:24 664722 ----a-w c:\windows\system32\perfh015.dat
2009-05-14 18:21 . 2008-01-21 06:24 127546 ----a-w c:\windows\system32\perfc015.dat
2009-05-12 18:01 . 2009-05-12 18:01 1196 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-05-07 15:34 . 2009-03-19 13:13 128352 ----a-w c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-06 19:49 . 2009-03-19 13:20 -------- d–h--w c:\program files\InstallShield Installation Information
2009-05-05 21:29 . 2009-03-22 09:22 -------- d-----w c:\program files\Vuze
2009-05-05 21:28 . 2009-03-19 22:53 -------- d-----w c:\program files\AVS4YOU
2009-05-05 21:28 . 2009-03-19 22:53 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-30 21:49 . 2009-03-20 16:36 -------- d-----w c:\program files\Google
2009-04-22 06:41 . 2009-03-22 10:06 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-15 14:03 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-11 19:54 . 2009-04-11 19:54 -------- d-----w c:\program files\uTorrent
2009-04-10 18:13 . 2009-04-10 18:13 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-10 18:13 . 2009-04-10 18:13 -------- d-----w c:\program files\Java
2009-03-28 10:23 . 2009-03-19 13:19 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-27 21:04 . 2009-03-27 21:04 -------- d-----w c:\program files\Microsoft Works
2009-03-27 21:04 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-03-27 21:03 . 2009-03-27 21:03 -------- d-----w c:\program files\Microsoft.NET
2009-03-27 21:02 . 2009-03-27 21:02 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-27 15:17 . 2009-03-19 17:12 -------- d-----w c:\program files\Common Files\Adobe
2009-03-22 10:09 . 2009-03-22 10:09 -------- d-----w c:\program files\Alcohol Soft
2009-03-22 09:22 . 2009-03-22 09:22 -------- d-----w c:\program files\Common Files\i4j_jres
2009-03-22 09:12 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-22 09:11 . 2009-03-22 09:05 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-22 09:11 . 2009-03-22 09:05 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-22 09:05 . 2009-03-22 09:05 -------- d-----w c:\program files\Kaspersky Lab
2009-03-21 07:57 . 2009-03-21 07:57 -------- d-----w c:\program files\MSXML 4.0
2009-03-20 16:42 . 2009-03-20 16:42 0 ----a-w c:\windows\nsreg.dat
2009-03-20 16:37 . 2009-03-20 16:37 56 —ha-w c:\windows\system32\ezsidmv.dat
2009-03-20 16:17 . 2009-03-20 16:17 -------- d-----w c:\program files\Sweex
2009-03-20 16:17 . 2009-03-20 16:17 20747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-19 18:14 . 2009-03-19 16:08 -------- d-----w c:\program files\RALINK
2009-03-19 17:50 . 2009-03-19 17:50 -------- d-----w c:\program files\Common Files\Ahead
2009-03-19 17:50 . 2009-03-19 17:50 -------- d-----w c:\program files\Nero
2009-03-19 17:48 . 2009-03-19 17:48 -------- d-----w c:\program files\CyberLink
2009-03-19 17:15 . 2009-03-19 17:15 -------- d-----w c:\program files\Adobe Media Player
2009-03-19 17:14 . 2009-03-19 17:14 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-19 17:13 . 2009-03-19 17:13 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-19 15:58 . 2009-03-19 15:58 0 —ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-19 13:26 . 2009-03-19 13:12 680 ----a-w c:\users\User\AppData\Local\d3d9caps.dat
2009-03-19 13:22 . 2009-03-19 13:18 -------- d-----w c:\program files\Intel
2009-03-19 13:21 . 2009-03-19 13:20 -------- d-----w c:\program files\Realtek
2009-03-19 13:21 . 2009-03-19 13:17 16608 ----a-w c:\windows\gdrv.sys
2009-03-19 13:20 . 2009-03-19 13:20 319456 ----a-w c:\windows\DIFxAPI.dll
2009-03-19 13:20 . 2009-03-19 13:20 315392 ----a-w c:\windows\HideWin.exe
2009-03-17 03:38 . 2009-04-15 07:26 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 07:26 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-15 07:26 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 07:26 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 07:26 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 07:26 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 07:26 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 07:26 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 07:26 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 07:26 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 07:26 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 07:26 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 07:26 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 07:26 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 07:26 26624 ----a-w c:\windows\system32\ieUnatt.exe
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2008-01-21 1233920]
“ISUSPM Startup”=“c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe” [2004-04-17 196608]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-03-20 39408]
“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe” [2009-04-02 203928]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-21 202240]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2007-12-29 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2008-05-07 178712]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-08-02 13576736]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-08-02 92704]
“ISUSScheduler”=“c:\program files\Common Files\InstallShield\UpdateService\issch.exe” [2004-04-13 69632]
“AdobeCS4ServiceManager”=“c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe” [2008-08-14 611712]
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2008-07-14 570664]
“LGODDFU”=“c:\program files\lg_fwupdate\fwupdate.exe” [2006-08-17 249856]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2009-03-22 206088]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 31016]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-04-10 148888]
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” [2009-04-30 198160]
“RtHDVCpl”=“RtHDVCpl.exe” - c:\windows\RtHDVCpl.exe [2008-06-27 6295552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sweex WiFi Utility.lnk - c:\program files\Sweex\Installer\Win2k\SWU.exe [2009-3-20 598016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2781820961-2937774440-250285186-1000]
“EnableNotificationsRef”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{6C21E8EA-F2F6-4066-B375-CF884FCD4D53}”= UDP:5353:Adobe CSI CS4
“{EE111DC6-EF6B-4467-83AB-7B8497DC51E3}”= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
“{126388F3-791E-4788-8DB5-533CB3BEFE8C}”= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
“{5A917EEE-E267-4EA1-BC9E-686137518A89}”= c:\program files\Skype\Phone\Skype.exe:Skype
“TCP Query User{85EAC141-92ED-480A-9583-E4FE67D5C549}c:\program files\mozilla firefox\firefox.exe”= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
“UDP Query User{1C5DAACD-513F-4F48-A75C-53AD3AE41795}c:\program files\mozilla firefox\firefox.exe”= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
“{48BCC38A-76F8-4B2F-9C52-BAF14F5F55D4}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{484DF64E-4F45-4905-9E16-345F51891881}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{316272E6-637B-4D65-8A4A-2279C0D10F52}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{EA611071-A3BD-466F-9B0F-744F44C8ED03}”= UDP:d:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
“{86DD30E4-8B09-40CC-92E0-5031CB14325A}”= TCP:d:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
“{F7CB71D4-3A5A-4242-9C36-7A14CFCE1C3B}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{7E9B2A50-1646-45E5-A768-841CE54BB2BF}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{B8819970-C37F-4C92-B454-3C5E0AA34300}”= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“{0E5D0630-0483-400E-BCBF-5A4B1A94BCD8}”= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{5DE2A26D-9A00-4AC6-9D5B-2CBEAC08C8A7}”= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{39FE6816-319B-455A-A139-9ED53C02CCD1}”= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{D84A5A20-BBA3-477C-870A-DE97D341FE69}”= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{1A2B2A04-8042-466F-AB42-C5197827D47D}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{B8D4216A-5D39-4070-A055-7007B84C8251}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{74818DB4-F729-4FD8-9B34-F21C3D55080A}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{96338A93-3CF1-4891-9D42-CE2DDF3B9288}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{E89B1C31-591A-43F6-A222-5BC0C838D193}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{FD9AA0B9-13B5-434D-ABAE-CE719A54D813}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{4F0FB541-64DB-48A3-915C-88AF683D0120}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{A199E1FB-13E8-4791-A697-7E948F86943D}”= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
“{6FEF34D4-67FE-4827-8C97-AC53A2C17AB4}”= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
“{125D2B90-880D-443E-B4A4-F75914A38583}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{9DBFCE87-CD7B-47D3-A030-96F0E1E32A7C}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{FE5F061E-A873-42D1-867C-F862B618F647}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{C40304F4-F76E-46F8-8422-4C950CF2454F}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{100D89A7-5FE8-40A9-A80E-1525402F6407}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{EF184491-F428-476F-B6DF-49728717F5D1}”= UDP:D:\utorrent.exe:µTorrent (TCP-In)
“{35B2BA3B-4607-4E22-A1A6-89705005F81B}”= TCP:D:\utorrent.exe:µTorrent (UDP-In)
“{BBA9CAA4-05ED-4292-A472-3E2D0A980330}”= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
“{6E0AECC3-2E17-40F7-8745-02EDB16C8D10}”= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
“{34BD3E3F-655F-4318-A057-59C878139C91}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{FFE0882E-3993-4F5B-8DA1-BDBD30CBBC77}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{1FB736D2-2687-43B9-85D0-2F930A7BD33A}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{00C28B71-91C6-4E77-8338-78934DADE923}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{50306727-C937-453F-B9CC-7B08FBAB02A8}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{7410F933-B0CA-4055-B214-3FAD1749DE54}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{05FD7723-B39D-433F-94D1-F8FD4B0924EB}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{D47B2061-52C8-4FA1-BFFC-B3187BC1B9E8}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{1408BCB6-BA26-4E48-A739-971861F9190F}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{3C032CFE-C1C7-4827-9F6C-784400EED702}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{8D566522-70B3-402C-AD20-41B8E8C4F57F}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{21E6AF34-B9E7-479D-B914-C977479FA218}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{C37A381B-A133-494C-89D7-2628C004BA70}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{4636F934-BD1C-487E-80A4-8008B0E15436}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{42B99656-831C-4024-AE23-49281699BD16}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{4FB4919B-A65C-4895-911E-ED42DA70B158}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{347FB153-DBFE-4D9F-ADCF-595855AE243C}”= UDP:e:\cod 4 mw\iw3mp.exe:Call of Duty® 4 - Modern Warfare
“{DD060219-8916-4F19-9966-D624D4C4F9FC}”= TCP:e:\cod 4 mw\iw3mp.exe:Call of Duty® 4 - Modern Warfare
“{10E29050-6020-45A5-AFC0-2D4B178687B2}”= UDP:e:\burnout paradise\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box
“{D965A5A7-049E-4093-9900-725113FA846B}”= TCP:e:\burnout paradise\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box
“{78F73BB5-1F42-422A-A335-55E8EF6DD699}”= UDP:e:\burnout paradise\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box
“{D792A154-BB14-44DA-A5D4-35167EEF82E8}”= TCP:e:\burnout paradise\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box
“{16B484DE-4253-43CE-87EA-F6E3DED25B2B}”= UDP:e:\burnout paradise\BurnoutParadise.exe:Burnout Paradise The Ultimate Box
“{095C8B4A-3BA1-40EC-89B9-DC0D7ABB01B5}”= TCP:e:\burnout paradise\BurnoutParadise.exe:Burnout Paradise The Ultimate Box
[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]
S2 gupdate1c9c9dd8b9e0899;Usługa Google Update (gupdate1c9c9dd8b9e0899);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 133104]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2009-03-19 255488]
— Inne Usługi/Sterowniki w Pamięci —
*Deregistered* - sptd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4b0ecac6-38d4-11de-995a-00160a14548e}]
\shell\AutoRun\command - n:\setup\rsrc\Autorun.exe
\shell\dinstall\command - n:\directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{64ad74c6-16c9-11de-afe9-00160a14548e}]
\shell\AutoRun\command - K:\SETUP.EXE
\shell\configure\command - K:\SETUP.EXE
\shell\install\command - K:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ab0bc0ed-1486-11de-94b5-806e6f6e6963}]
\shell\AutoRun\command - F:\Run.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c3ef4927-2f08-11de-9cad-00160a14548e}]
\shell\AutoRun\command - K:\INTRO.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d4377bd8-3e57-11de-ba38-00160a14548e}]
\shell\AutoRun\command - O:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{dc264cd7-1b7e-11de-b753-00160a14548e}]
\shell\AutoRun\command - L:\nba2k9setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{dc264cd9-1b7e-11de-b753-00160a14548e}]
\shell\AutoRun\command - M:\INTRO.EXE
.
Zawartość folderu ‘Zaplanowane zadania’
2009-05-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 21:49]
2009-05-13 c:\windows\Tasks\User_Feed_Synchronization-{2A8CF9A7-A308-485C-9C4A-1C351872E202}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
BHO-{00DAF676-7CF5-438B-9546-ACBD444C014B} - c:\windows\system32\hgGyyvss.dll
BHO-{85D9E5F6-DE69-4B59-BF3E-17DE25CBCE96} - c:\windows\system32\urqPiJyy.dll
BHO-{88F790FE-EB6E-4C2B-82F3-F0989071CC4B} - c:\windows\system32\efcYOfDw.dll
BHO-{BF3A7547-6B96-421A-8392-541AC579B835} - c:\windows\system32\urqRKAst.dll
BHO-{E4D44C5D-17E8-4CE0-A0C4-8278422DA934} - c:\windows\system32\yayvTnll.dll
HKCU-Run-AdobeBridge - (no file)
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8j73ix5m.default\
FF - prefs.js: browser.startup.homepage - google.pl
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8j73ix5m.default\extensions{f6bf92e0-b190-11dd-ad8b-0800200c9a67}\components\AdVComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 20:37
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\conime.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\UI0Detect.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-14 20:39 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-05-14 18:39
Przed: 19 123 204 096 bajtów wolnych
Po: 19 036 401 664 bajtów wolnych
340 — E O F — 2009-05-01 01:00
– Dodane 14.05.2009 (Cz) 20:43 –
Co dalej kolego? zrobić teraz to ->
??
mam Viste, więc http://support.microsoft.com/kb/310405/pl mnie, “zielonemu” nic tu chyba nie da