jak na tą chwilę problem na kompie istnieje. przesyłam raporty ComboFix i HijackThis, może ktoś coś z nich wywnioskuje.
ComboFix 08-09-24.01 - Admin 2008-09-25 19:34:23.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1572 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-25 do 2008-09-25 )))))))))))))))))))))))))))))))
.
2008-09-25 08:30 . 2008-09-25 19:32
2008-09-25 07:08 . 2008-09-25 07:08
2008-09-25 01:00 . 2008-09-25 01:00
2008-09-25 01:00 . 2008-09-25 01:39
2008-09-25 01:00 . 2008-09-25 05:19
2008-09-24 16:18 . 2008-09-24 16:19
2008-09-24 07:18 . 2008-09-25 07:19
2008-09-23 21:56 . 2008-09-23 21:56 519,100 --a------ C:\WINDOWS\system32\prfh0415.dat
2008-09-23 21:56 . 2008-09-23 21:56 97,542 --a------ C:\WINDOWS\system32\prfc0415.dat
2008-09-23 09:52 . 2008-06-23 11:20 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-23 08:25 . 2008-09-23 08:35
2008-09-23 08:05 . 2008-09-23 08:05
2008-09-23 07:56 . 2008-06-23 18:42 6,066,176 --a–c— C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-23 07:56 . 2007-04-17 11:32 2,455,488 --a–c— C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-23 07:56 . 2007-03-08 07:11 1,036,288 --a–c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-23 07:56 . 2008-06-23 18:42 459,264 --a–c— C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-23 07:56 . 2008-06-23 18:42 383,488 --a–c— C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-23 07:56 . 2008-06-23 18:42 267,776 --a–c— C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-23 07:56 . 2008-04-14 22:50 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-09-23 07:56 . 2008-04-14 22:50 81,920 --a------ C:\WINDOWS\system32\dllcache\ieencode.dll
2008-09-23 07:56 . 2008-06-23 18:42 63,488 --a–c— C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-23 07:56 . 2008-06-23 18:42 52,224 --a–c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-23 06:38 . 2001-10-26 17:29 66,048 --a–c— C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-09-22 19:53 . 2008-09-22 19:53
2008-09-22 17:55 . 2001-08-17 21:28 765,884 --a–c— C:\WINDOWS\system32\dllcache\usrti.sys
2008-09-22 17:54 . 2001-08-17 21:28 794,654 --a–c— C:\WINDOWS\system32\dllcache\usr1801.sys
2008-09-22 17:53 . 2001-10-26 17:29 525,568 --a–c— C:\WINDOWS\system32\dllcache\tridxp.dll
2008-09-22 17:52 . 2001-10-26 16:47 286,272 --a–c— C:\WINDOWS\system32\dllcache\stlnata.sys
2008-09-22 17:51 . 2001-10-26 17:29 147,200 --a–c— C:\WINDOWS\system32\dllcache\smidispb.dll
2008-09-22 17:50 . 2001-10-26 17:29 386,560 --a–c— C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-09-22 17:49 . 2001-10-26 17:28 495,616 --a–c— C:\WINDOWS\system32\dllcache\sblfx.dll
2008-09-22 17:48 . 2001-10-26 17:01 899,530 --a–c— C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-22 17:47 . 2008-04-14 22:47 259,328 --a–c— C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-09-22 17:46 . 2008-04-14 21:59 2,067,200 --a–c— C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-09-22 17:45 . 2008-04-14 21:56 132,695 --a–c— C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-09-22 17:44 . 2001-10-26 16:56 320,384 --a–c— C:\WINDOWS\system32\dllcache\mgaum.sys
2008-09-22 17:43 . 2001-08-17 21:28 802,683 --a–c— C:\WINDOWS\system32\dllcache\ltsm.sys
2008-09-22 17:42 . 2001-10-26 16:50 26,666 --a–c— C:\WINDOWS\system32\dllcache\lanepic5.sys
2008-09-22 17:40 . 2008-04-14 22:50 702,845 --a–c— C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-09-22 17:39 . 2001-08-17 21:28 542,879 --a–c— C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-09-22 17:38 . 2001-10-26 17:29 1,733,120 --a–c— C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-22 17:37 . 2001-10-26 16:57 630,016 --a–c— C:\WINDOWS\system32\dllcache\eqn.sys
2008-09-22 17:36 . 2001-08-17 20:14 952,007 --a–c— C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-22 17:35 . 2001-10-26 17:29 421,917 --a–c— C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-09-22 17:34 . 2001-10-26 16:57 980,034 --a–c— C:\WINDOWS\system32\dllcache\cicap.sys
2008-09-22 17:33 . 2001-08-17 21:28 871,388 --a–c— C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-22 17:29 . 2008-04-14 22:00 2,190,336 --a–c— C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-09-21 01:13 . 2008-09-21 01:13
2008-09-21 00:31 . 2008-09-21 00:31 194,208 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-09-20 23:35 . 2008-09-20 23:35
2008-09-20 23:35 . 2008-09-20 23:35
2008-09-20 23:35 . 2008-09-20 23:35
2008-09-20 23:15 . 2008-09-20 23:15
2008-09-20 23:10 . 2008-09-20 23:10
2008-09-18 21:23 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-16 19:36 . 2008-09-16 19:36
2008-09-16 16:10 . 2008-09-16 16:10
2008-09-12 16:21 . 2008-09-12 16:21
2008-09-12 16:20 . 2008-09-12 16:20
2008-09-12 16:19 . 2008-09-12 16:19
2008-09-12 16:18 . 2008-09-12 16:56
2008-09-12 16:16 . 2008-09-12 16:16
2008-09-12 16:15 . 2008-09-13 01:06
2008-09-11 18:57 . 2008-09-11 18:57
2008-09-10 21:58 . 2008-09-10 23:03 634 --a------ C:\WINDOWS\system32\MAPISVC.INF
2008-09-10 20:53 . 2008-09-10 23:03
2008-09-10 20:50 . 2008-09-13 04:58
2008-09-08 23:50 . 2008-09-08 23:50
2008-09-08 23:32 . 2008-06-04 18:42 1,081,616 --a------ C:\WINDOWS\system32\mscomctl.ocx
2008-09-08 23:32 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-09-08 21:00 . 2008-09-10 22:28
2008-09-08 21:00 . 2007-02-19 17:55 49,152 --a------ C:\WINDOWS\system32\OctaneARM.dll
2008-09-07 16:07 . 2008-09-07 16:11
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-03 17:27 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-09-03 17:27 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-09-03 16:52 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-03 16:52 . 2001-10-26 16:57 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys
2008-09-03 16:47 . 2008-04-14 00:15 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-09-03 16:47 . 2008-04-14 00:15 10,368 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys
2008-09-02 18:10 . 2008-09-02 18:10 128 --a------ C:\WINDOWS\ODBC.INI
2008-09-02 17:08 . 2008-09-02 17:08
2008-09-02 16:59 . 2008-09-03 17:46
2008-09-02 15:59 . 2008-09-02 15:59 335 --a------ C:\WINDOWS\mozregistry.dat
2008-09-02 15:21 . 2008-09-02 15:22
2008-09-02 15:17 . 2008-09-02 15:17
2008-09-02 04:03 . 2008-09-02 04:03
2008-09-02 01:45 . 2008-09-02 01:45
2008-09-02 00:02 . 2008-09-02 00:02
2008-09-02 00:01 . 2007-04-02 23:56 19,456 --a–c— C:\WINDOWS\system32\dllcache\agt0404.dll
2008-09-02 00:01 . 2008-04-14 22:39 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbd106n.dll
2008-09-02 00:00 . 2007-04-02 23:56 19,456 --a–c— C:\WINDOWS\system32\dllcache\agt0804.dll
2008-09-02 00:00 . 2008-04-14 22:34 7,168 --a–c— C:\WINDOWS\system32\dllcache\f3ahvoas.dll
2008-09-02 00:00 . 2008-04-14 22:39 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbd101.dll
2008-09-01 23:59 . 2007-04-02 23:56 19,456 --a–c— C:\WINDOWS\system32\dllcache\agt0412.dll
2008-09-01 23:59 . 2007-04-02 23:56 19,456 --a–c— C:\WINDOWS\system32\dllcache\agt0401.dll
2008-09-01 23:59 . 2008-04-14 22:39 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbdlk41j.dll
2008-09-01 23:58 . 2008-04-14 22:51 119,808 --a–c— C:\WINDOWS\system32\dllcache\mtstocom.exe
2008-09-01 23:58 . 2008-04-14 22:50 28,160 --a–c— C:\WINDOWS\system32\dllcache\rw001ext.dll
2008-09-01 23:58 . 2007-04-02 23:56 19,456 --a–c— C:\WINDOWS\system32\dllcache\agt040d.dll
2008-09-01 23:58 . 2008-04-14 22:39 7,168 --a–c— C:\WINDOWS\system32\dllcache\kbdibm02.dll
2008-09-01 23:58 . 2008-04-14 22:39 6,656 --a–c— C:\WINDOWS\system32\dllcache\kbdlk41a.dll
2008-09-01 23:57 . 2008-04-14 22:50 218,112 --a–c— C:\WINDOWS\system32\dllcache\c_g18030.dll
2008-09-01 23:57 . 2008-04-14 22:50 29,184 --a–c— C:\WINDOWS\system32\dllcache\rw330ext.dll
2008-09-01 23:56 . 2008-04-14 22:39 6,144 --a–c— C:\WINDOWS\system32\dllcache\kbdax2.dll
2008-09-01 23:51 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-01 23:08 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-09-01 23:08 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-09-01 23:08 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-01 23:08 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-09-01 23:08 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-09-01 23:08 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-09-01 23:08 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-09-01 23:08 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-09-01 23:08 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-09-01 23:05 . 2008-09-01 23:08
2008-09-01 23:05 . 2008-09-01 23:05
2008-09-01 21:17 . 2008-09-21 00:24
2008-09-01 21:06 . 2008-09-01 21:26
2008-09-01 19:52 . 2008-09-01 19:54
2008-08-31 12:35 . 2008-08-31 12:35
2008-08-31 12:26 . 2008-08-31 12:35
2008-08-30 13:27 . 2008-09-16 11:44
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 05:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Google Updater
2008-09-25 05:15 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-09-25 05:13 --------- d-----w C:\Program Files\Free FLV Converter
2008-09-25 05:03 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-25 03:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-23 21:17 --------- d-----w C:\Program Files\Winamp Toolbar
2008-09-23 21:17 --------- d-----w C:\Program Files\Google
2008-09-21 00:01 --------- d-----w C:\Program Files\Microsoft Games
2008-09-20 22:29 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Apple Computer
2008-09-20 22:15 --------- d-----w C:\Program Files\Apple Software Update
2008-09-20 21:34 --------- d-----w C:\Program Files\QuickTime
2008-09-20 21:34 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-13 02:30 266,240 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2008-09-12 14:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-01 23:48 --------- d-----w C:\Program Files\Windows Desktop Search
2008-09-01 23:45 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Windows Desktop Search
2008-08-30 12:10 --------- d-----w C:\Program Files\Java
2008-08-25 09:26 --------- d-----w C:\Program Files\Yahoo!
2008-08-25 09:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Yahoo!
2008-08-22 00:48 29,600 ----a-w C:\WINDOWS\system32\mxntdfg.exe
2008-08-18 08:13 --------- d-----w C:\Program Files\Unlocker
2008-08-18 07:04 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-18 07:04 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-18 07:04 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-18 07:04 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-18 06:49 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Desktopicon
2008-08-15 10:28 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Winamp
2008-08-15 10:26 --------- d-----w C:\Program Files\Winamp
2008-08-15 10:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-08-13 06:42 --------- d-----w C:\Program Files\VS Revo Group
2008-08-11 02:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-11 02:38 --------- d-----w C:\Program Files\QT Lite
2008-08-10 22:09 97,288 ----a-w C:\WINDOWS\DSETUP.dll
2008-08-10 22:09 528,392 ----a-w C:\WINDOWS\DXSETUP.exe
2008-08-10 22:09 1,694,728 ----a-w C:\WINDOWS\dsetup32.dll
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 09:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-20 13:54 5,112 ----a-w C:\WINDOWS\GPCIDrv.sys
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 12:06 575,488 ----a-w C:\WINDOWS\system32\xpsshhdr.dll
2008-07-06 12:06 117,760 ----a-w C:\WINDOWS\system32\prntvpt.dll
2008-07-06 12:06 1,676,288 ----a-w C:\WINDOWS\system32\xpssvcs.dll
2008-06-26 14:29 47,360 ----a-w C:\Documents and Settings\Admin\Dane aplikacji\pcouffin.sys
2008-05-12 14:46 30,601 ----a-w C:\Documents and Settings\Admin\x.exe
2008-04-14 06:33 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-17 22:19 769,536 ----a-w C:\Documents and Settings\Admin\Dane aplikacji\sfdnwin.dll
.
((((((((((((((((((((((((((((( snapshot_2008-09-25_19.24.07.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-25 17:32:46 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_690.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]
“RegistryMechanic”=“C:\Program Files\Registry Mechanic\RegMech.exe” [2008-07-08 2828184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-10-04 8491008]
“ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2006-03-20 213936]
“AppleSyncNotifier”=“C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2008-09-03 111936]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 15360]
C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\AutorunsDisabled
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [2008-06-16 663552]
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutorunsDisabled
Aktualizator Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-25 125624]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 123904]
Wyszukiwanie z pulpitu systemu Windows.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableRegedit”= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoViewOnDrive”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.avis”= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UpdatesDisableNotify”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Magentic\bin\Magentic.exe”=
“C:\Program Files\Magentic\bin\MgApp.exe”=
“C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe”=
“C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe”=
“C:\Program Files\Microsoft Games\Age of Empires II The Conquerors Expansion Trial\age2_x1t.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\Bonjour\mDNSResponder.exe”=
“C:\Program Files\iTunes\iTunes.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“1723:TCP”= 1723:TCP:@xpsp2res.dll,-22015
“1701:UDP”= 1701:UDP:@xpsp2res.dll,-22016
“500:UDP”= 500:UDP:@xpsp2res.dll,-22017
R2 WebTool;WebTool;C:\PROGRA~1\MI4F93~1\webtool.exe [2000-02-04 705024]
R3 KFilter;KFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys [2008-08-22 54865]
R3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys [2008-08-26 20464]
R3 TFilter;TFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys [2008-08-21 20225]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
S3 GoogleDesktopManager-051608-133132;Menedżer Google Desktop 5.7.805.16405;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-23 29744]
S3 GPCIDrv;GPCIDrv;C:\WINDOWS\GPCIDrv.sys [2008-07-20 5112]
S3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-07-20 17962]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
*Newly Created Service* - MAILSCAN
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”
.
Zawartość folderu ‘Zaplanowane zadania’
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yyibo5ln.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/ig?ct=1056755551
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1111.1511\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 19:36:34
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-09-25 19:38:08
ComboFix-quarantined-files.txt 2008-09-25 17:37:23
ComboFix2.txt 2008-09-23 22:58:29
Przed: 76˙890˙316˙800 bajt˘w wolnych
Po: 76,869,271,552 bajt˘w wolnych
306 — E O F — 2008-09-24 04:50:11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:21, on 2008-09-25
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\MI4F93~1\webtool.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\SSuite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ … .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 87.206.37.216
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -scheduler
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: FreshDownload - {445D352A-E74C-4152-A6B9-FFB821D93612} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ … 0295594859
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f … wflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Menedżer Google Desktop 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SystemSuite Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
–
End of file - 6577 bytes