ComboFix 08-10-19.04 - Łukasz 2008-10-20 12:22:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2629 [GMT 2:00] Uruchomiony z: E:\Documents and Settings\Łukasz\Pulpit\Downloady\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\Program Files\akl E:\Program Files\akl\akl.dll E:\Program Files\akl\akl.exe E:\Program Files\akl\uninstall.exe E:\Program Files\akl\unsetup.exe E:\Program Files\Inet Delivery E:\Program Files\Inet Delivery\inetdl.exe E:\Program Files\Inet Delivery\intdel.exe E:\WINDOWS\a.bat E:\WINDOWS\base64.tmp E:\WINDOWS\bdn.com E:\WINDOWS\FVProtect.exe E:\WINDOWS\iTunesMusic.exe E:\WINDOWS\mslagent E:\WINDOWS\mslagent\2_mslagent.dll E:\WINDOWS\mslagent\mslagent.exe E:\WINDOWS\mslagent\uninstall.exe E:\WINDOWS\mssecu.exe E:\WINDOWS\system32\akttzn.exe E:\WINDOWS\system32\anticipator.dll E:\WINDOWS\system32\awtoolb.dll E:\WINDOWS\system32\bdn.com E:\WINDOWS\system32\bsva-egihsg52.exe E:\WINDOWS\system32\dpcproxy.exe E:\WINDOWS\system32\emesx.dll E:\WINDOWS\system32\h@tkeysh@@k.dll E:\WINDOWS\system32\hoproxy.dll E:\WINDOWS\system32\hxiwlgpm.dat E:\WINDOWS\system32\hxiwlgpm.exe E:\WINDOWS\system32\medup012.dll E:\WINDOWS\system32\medup020.dll E:\WINDOWS\system32\msgp.exe E:\WINDOWS\system32\msnbho.dll E:\WINDOWS\system32\mssecu.exe E:\WINDOWS\system32\msvchost.exe E:\WINDOWS\system32\mtr2.exe E:\WINDOWS\system32\mwin32.exe E:\WINDOWS\system32\netode.exe E:\WINDOWS\system32\newsd32.exe E:\WINDOWS\system32\ps1.exe E:\WINDOWS\system32\psof1.exe E:\WINDOWS\system32\psoft1.exe E:\WINDOWS\system32\regc64.dll E:\WINDOWS\system32\regm64.dll E:\WINDOWS\system32\Rundl1.exe E:\WINDOWS\system32\smp E:\WINDOWS\system32\smp\msrc.exe E:\WINDOWS\system32\sncntr.exe E:\WINDOWS\system32\ssurf022.dll E:\WINDOWS\system32\ssvchost.com E:\WINDOWS\system32\ssvchost.exe E:\WINDOWS\system32\sysreq.exe E:\WINDOWS\system32\taack.dat E:\WINDOWS\system32\taack.exe E:\WINDOWS\system32\temp#01.exe E:\WINDOWS\system32\thun.dll E:\WINDOWS\system32\thun32.dll E:\WINDOWS\system32\VBIEWER.OCX E:\WINDOWS\system32\vbsys2.dll E:\WINDOWS\system32\vcatchpi.dll E:\WINDOWS\system32\winlogonpc.exe E:\WINDOWS\system32\winsystem.exe E:\WINDOWS\system32\WINWGPX.EXE E:\WINDOWS\userconfig9x.dll E:\WINDOWS\winsystem.exe E:\WINDOWS\zip1.tmp E:\WINDOWS\zip2.tmp E:\WINDOWS\zip3.tmp E:\WINDOWS\zipped.tmp . ((((((((((((((((((((((((( Pliki utworzone od 2008-09-20 do 2008-10-20 ))))))))))))))))))))))))))))))) . 2008-10-19 22:01 . 2008-10-19 22:01 2008-10-19 21:17 . 2008-10-19 21:17 2008-10-19 20:12 . 2008-10-19 20:12 2008-10-19 20:12 . 2008-10-19 20:12 2008-10-19 20:12 . 2008-10-19 20:12 2008-10-19 20:12 . 2008-10-19 20:12 2008-10-19 20:12 . 2008-10-19 20:12 2008-10-19 20:12 . 2008-10-19 20:13 2008-10-19 20:12 . 2008-10-19 20:12 2008-10-19 20:12 . 2008-10-19 20:12 2008-10-19 20:12 . 2008-10-19 20:12 124,464 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-10-19 20:12 . 2008-10-19 20:12 60,808 --a------ E:\WINDOWS\system32\S32EVNT1.DLL 2008-10-19 20:12 . 2008-10-19 20:12 35,888 -ra------ E:\WINDOWS\system32\drivers\SymIM.sys 2008-10-19 20:12 . 2008-10-19 20:12 10,635 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-10-19 20:12 . 2008-10-19 20:12 806 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-10-19 17:04 . 2008-10-19 20:56 2008-10-18 13:00 . 2008-10-18 15:24 2008-10-18 13:00 . 2008-10-18 13:00 2,560 --a------ E:\WINDOWS\system32\bitcometres.dll 2008-10-18 12:18 . 2008-10-18 12:18 2008-10-17 22:06 . 2008-10-17 22:06 2008-10-17 11:28 . 2008-10-17 11:28 2008-10-17 11:28 . 2008-10-17 11:28 2008-10-17 11:27 . 2008-10-17 11:27 2008-10-17 11:27 . 2008-02-22 02:33 69,632 --a------ E:\WINDOWS\system32\javacpl.cpl 2008-10-17 11:24 . 2008-10-17 11:24 2008-10-16 20:10 . 2008-10-16 20:10 107,888 --a------ E:\WINDOWS\system32\CmdLineExt.dll 2008-10-16 20:08 . 2008-10-16 20:08 2008-10-16 20:08 . 2008-10-16 20:08 2008-10-16 20:07 . 2008-10-16 20:07 1,108 --a------ E:\WINDOWS\system32\ealregsnapshot1.reg 2008-10-16 20:02 . 2008-03-05 15:56 3,786,760 --a------ E:\WINDOWS\system32\D3DX9_37.dll 2008-10-16 20:02 . 2007-07-19 18:14 3,727,720 --a------ E:\WINDOWS\system32\d3dx9_35.dll 2008-10-16 20:02 . 2007-05-16 16:45 3,497,832 --a------ E:\WINDOWS\system32\d3dx9_34.dll 2008-10-16 20:02 . 2007-03-12 16:42 3,495,784 --a------ E:\WINDOWS\system32\d3dx9_33.dll 2008-10-16 20:02 . 2006-11-29 13:06 3,426,072 --a------ E:\WINDOWS\system32\d3dx9_32.dll 2008-10-16 20:02 . 2006-09-28 16:05 2,414,360 --a------ E:\WINDOWS\system32\d3dx9_31.dll 2008-10-16 20:02 . 2007-04-04 18:53 81,768 --a------ E:\WINDOWS\system32\xinput1_3.dll 2008-10-16 19:54 . 2008-10-16 19:54 171,623 —h----- E:\treeinfo.wc 2008-10-16 19:43 . 2008-10-18 20:11 2008-10-16 19:41 . 2008-10-16 19:42 2008-10-16 19:41 . 2008-10-16 20:00 617 --a------ E:\WINDOWS\wincmd.ini 2008-10-16 19:41 . 2008-08-08 07:04 545 --a------ E:\WINDOWS\UC.PIF 2008-10-16 19:41 . 2008-08-08 07:04 545 --a------ E:\WINDOWS\RAR.PIF 2008-10-16 19:41 . 2008-08-08 07:04 545 --a------ E:\WINDOWS\PKZIP.PIF 2008-10-16 19:41 . 2008-08-08 07:04 545 --a------ E:\WINDOWS\PKUNZIP.PIF 2008-10-16 19:41 . 2008-08-08 07:04 545 --a------ E:\WINDOWS\NOCLOSE.PIF 2008-10-16 19:41 . 2008-08-08 07:04 545 --a------ E:\WINDOWS\LHA.PIF 2008-10-16 19:41 . 2008-08-08 07:04 545 --a------ E:\WINDOWS\ARJ.PIF 2008-10-16 19:13 . 2008-10-16 19:13 2008-10-16 17:07 . 2008-10-16 17:07 2008-10-16 17:07 . 2008-10-16 17:07 940,794 --a------ E:\WINDOWS\system32\LoopyMusic.wav 2008-10-16 17:07 . 2008-10-16 17:07 146,650 --a------ E:\WINDOWS\system32\BuzzingBee.wav 2008-10-16 16:11 . 2008-10-16 16:11 56 --ah----- E:\WINDOWS\system32\ezsidmv.dat 2008-10-16 15:23 . 2008-10-16 15:23 2008-10-16 13:44 . 2008-10-16 13:44 1,172 --a------ E:\WINDOWS\mozver.dat 2008-10-16 13:35 . 2007-03-21 16:49 16,126,464 -r------- E:\WINDOWS\RTHDCPL.exe 2008-10-16 13:35 . 2007-03-23 21:19 9,715,200 -r------- E:\WINDOWS\RTLCPL.exe 2008-10-16 13:35 . 2007-03-26 21:21 4,395,008 -r------- E:\WINDOWS\system32\drivers\RtkHDAud.sys 2008-10-16 13:35 . 2006-05-04 18:26 2,808,832 -r------- E:\WINDOWS\alcwzrd.exe 2008-10-16 13:35 . 2006-10-11 19:42 2,157,568 -r------- E:\WINDOWS\MicCal.exe 2008-10-16 13:35 . 2005-09-21 12:25 299,008 -r------- E:\WINDOWS\system32\ALSndMgr.cpl 2008-10-16 13:35 . 2006-07-21 18:14 86,016 -r------- E:\WINDOWS\SoundMan.exe 2008-10-16 13:35 . 2005-05-03 20:43 69,632 -r------- E:\WINDOWS\Alcmtr.exe 2008-10-16 13:35 . 2006-08-01 17:02 49,152 -r------- E:\WINDOWS\system32\ChCfg.exe 2008-10-16 13:34 . 2008-10-16 13:34 2008-10-16 13:34 . 2007-01-12 18:54 520,192 -r------- E:\WINDOWS\RtlExUpd.dll 2008-10-16 13:17 . 2008-10-16 13:17 2008-10-15 23:26 . 2008-10-15 23:26 2008-10-15 22:19 . 2008-10-15 22:19 2008-10-15 20:19 . 2008-10-15 20:19 2008-10-15 20:19 . 2008-10-15 20:19 2008-10-15 20:19 . 2008-10-15 20:19 2008-10-15 20:19 . 2008-10-15 20:19 2008-10-15 20:17 . 2008-10-18 12:17 2008-10-15 20:17 . 2008-10-18 12:17 2008-10-15 20:17 . 2008-10-15 21:25 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-19 15:30 2008-10-15 20:17 . 2008-10-19 16:03 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:17 . 2008-10-15 20:17 2008-10-15 20:16 . 2008-10-20 12:27 2008-10-15 20:16 . 2008-10-20 12:27 2008-10-15 20:16 . 2008-10-15 20:19 2008-10-15 20:16 . 2008-10-15 20:19 2008-10-15 20:16 . 2008-10-15 19:45 2008-10-15 20:16 . 2008-10-15 19:45 2008-10-15 20:16 . 2008-10-19 21:17 2008-10-15 20:16 . 2008-10-19 21:17 2008-10-15 20:16 . 2008-10-16 20:11 2008-10-15 20:16 . 2008-10-16 20:11 2008-10-15 20:16 . 2008-10-15 21:35 2008-10-15 20:16 . 2008-10-15 21:35 2008-10-15 20:16 . 2008-10-18 12:18 2008-10-15 20:16 . 2008-10-18 12:18 2008-10-15 20:12 . 2008-10-15 20:12 2008-10-15 20:12 . 2008-03-25 16:35 92,064 --a------ E:\Documents and Settings\Gosia\mqdmmdm.sys 2008-10-15 20:12 . 2008-03-25 16:35 79,328 --a------ E:\Documents and Settings\Gosia\mqdmserd.sys 2008-10-15 20:12 . 2008-03-25 16:35 66,656 --a------ E:\Documents and Settings\Gosia\mqdmbus.sys 2008-10-15 20:12 . 2008-03-25 16:35 22,768 --a------ E:\Documents and Settings\Gosia\usbsermpt.sys 2008-10-15 20:12 . 2008-03-25 16:35 9,232 --a------ E:\Documents and Settings\Gosia\mqdmmdfl.sys 2008-10-15 20:12 . 2008-03-25 16:35 6,208 --a------ E:\Documents and Settings\Gosia\mqdmcmnt.sys 2008-10-15 20:12 . 2008-03-25 16:35 5,936 --a------ E:\Documents and Settings\Gosia\mqdmwhnt.sys 2008-10-15 20:12 . 2008-03-25 16:35 4,048 --a------ E:\Documents and Settings\Gosia\mqdmcr.sys 2008-10-15 20:11 . 2008-10-15 20:11 2008-10-15 20:09 . 2008-10-15 20:09 2008-10-15 20:09 . 2008-10-15 20:09 2008-10-15 20:09 . 2008-10-15 20:09 2008-10-15 20:09 . 2008-10-15 20:09 2008-10-15 20:09 . 2008-10-15 20:09 2008-10-15 20:09 . 2008-10-15 20:09 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-19 18:22 --------- d-----w E:\Program Files\Winamp 2008-10-19 18:13 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\Symantec 2008-10-19 14:02 --------- d-----w E:\Program Files\SlySoft 2008-10-18 18:11 --------- d–h--w E:\Program Files\InstallShield Installation Information 2008-10-18 13:24 --------- d-----w E:\Program Files\BitComet 2008-10-16 17:12 196,608 ----a-w E:\WINDOWS\system32\drivers\nStandard.bin 2008-10-15 19:38 --------- d-----w E:\Program Files\K-Lite Codec Pack 2008-10-15 19:38 --------- d-----w E:\Program Files\BearShare 2008-10-15 19:35 --------- d-----w E:\Program Files\Skype 2008-10-15 19:35 --------- d-----w E:\Program Files\mp3DirectCut 2008-10-15 19:35 --------- d-----w E:\Program Files\ICEOWS 2008-10-15 19:35 --------- d-----w E:\Program Files\Common Files\Skype 2008-10-15 19:34 716,272 ----a-w E:\WINDOWS\system32\drivers\sptd.sys 2008-10-15 19:34 --------- d-----w E:\Program Files\FreeRIP3 2008-10-15 19:33 --------- d-----w E:\Program Files\Common Files\Adobe 2008-10-15 19:32 --------- d-----w E:\Program Files\VENTRILOMIX 2008-10-15 19:07 12,288 ----a-w E:\WINDOWS\system32\drivers\EIO64_xp.sys 2008-10-15 19:07 --------- d-----w E:\Program Files\ASUS 2008-10-15 19:03 --------- d-----w E:\Program Files\My Company Name 2008-10-15 19:03 --------- d-----w E:\Program Files\Common Files\Wise Installation Wizard 2008-10-15 19:03 --------- d-----w E:\Program Files\AGEIA Technologies 2008-10-15 19:01 --------- d-----w E:\Program Files\Common Files\InstallShield 2008-10-15 18:53 315,392 ----a-w E:\WINDOWS\HideWin.exe 2008-10-15 18:48 --------- d-----w E:\Program Files\Atheros Communications Inc 2008-10-15 18:34 --------- d-----w E:\Program Files\Marvell 2008-10-15 18:24 --------- d-----w E:\Program Files\Intel 2008-10-15 18:00 --------- d–h--w E:\Documents and Settings\All Users\Dane aplikacji{6AF0EFC6-B937-4704-A430-319EB93F4C12} 2008-10-15 18:00 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\Teleca 2008-10-15 18:00 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com 2008-10-15 18:00 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-10-15 18:00 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2008-10-15 18:00 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-10-15 18:00 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\ScanSoft 2008-10-15 18:00 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\NFS Underground 2008-10-15 18:00 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\InstallShield 2008-10-15 18:00 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\FreeRIP 2008-10-15 18:00 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\Brother 2008-10-15 17:48 --------- d-----w E:\Program Files\microsoft frontpage 2008-10-15 17:47 --------- d-----w E:\Program Files\Usługi online 2008-09-30 06:46 292,309 —ha-r E:\Program Files\Norton2009Reset.exe 2008-07-25 08:34 81,920 ----a-w E:\WINDOWS\system32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w E:\WINDOWS\system32\divx.dll 2008-07-23 16:50 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll 2008-02-27 17:09 32 ----a-w E:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2006-06-23 14:48 32,768 ----a-r E:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“E:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“E:\WINDOWS\system32\NvCpl.dll” [2008-06-16 13533184] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“E:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “vidc.asv2”= asusasv2.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap] --a------ 2008-01-28 12:55 1413120 E:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] --a------ 2007-02-28 14:18 2351864 E:\PROGRA~1\WapSter\AQQ\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Energy Saving] --a------ 2008-01-28 10:42 1352704 E:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD] --a------ 2008-05-28 15:36 380928 E:\Program Files\ASUS\GamerOSD\GamerOSD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help] --a------ 2007-11-30 20:03 881152 E:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPU Power Monitor] --a------ 2008-01-09 10:17 627200 E:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] --a------ 2008-07-22 12:34 2772992 E:\Program Files\Electronic Arts\EADM\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-06-16 11:57 13533184 E:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-06-16 11:57 86016 E:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-08-12 17:13 21741864 E:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 20:43 69632 E:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE] --a------ 2004-08-04 00:44 1033728 E:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-06-16 11:57 1657376 E:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-03-21 16:49 16126464 E:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “wuauserv”=2 (0x2) “wscsvc”=2 (0x2) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “E:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe”= “E:\Program Files\WapSter\AQQ\AQQ.exe”= “E:\PROGRA~1\WapSter\AQQ\AQQ.exe”= “E:\Program Files\ASUS\GamerOSD\SBS.exe”= “E:\Program Files\Electronic Arts\EADM\Core.exe”= “E:\Program Files\Gadu-Gadu\gg.exe”= “E:\Program Files\BitComet\BitComet.exe”= “E:\Program Files\Skype\Phone\Skype.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “7580:TCP”= 7580:TCP:BitComet 7580 TCP “7580:UDP”= 7580:UDP:BitComet 7580 UDP R0 mv61xx;mv61xx;E:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-06-15 143256] R0 SymEFA;Symantec Extended File Attributes;E:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMEFA.SYS [2008-10-19 309296] R1 BHDrvx86;Symantec Heuristics Driver;E:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2008-10-19 254512] R1 ccHP;Symantec Hash Provider;E:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2008-10-19 362544] R1 EIO_XP;EIO_XP;E:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 12288] R1 IDSxpx86;IDSxpx86;E:\Documents and Settings\All Users\Dane aplikacji\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081015.001\IDSxpx86.sys [2008-10-19 274808] R2 MRUWebService;MRU Web Service;E:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe [2007-05-23 20539] R2 Norton AntiVirus;Norton AntiVirus;E:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe /s Norton AntiVirus /m E:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll [] R3 asusgsb;ASUS Virtual Video Capture Device Driver;E:\WINDOWS\system32\drivers\asusgsb.sys [2008-05-28 12416] R3 ASUSVRC;ASUSTeK Virtual Capture Device;E:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;E:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864] R3 Video3D;ASUS Video3D Service;E:\WINDOWS\system32\Drivers\Video3D32.sys [2008-05-28 10752] S2 .norton2009Reset;Norton2009 Reset;E:\Program Files\Norton2009Reset.exe [2008-09-30 292309] S3 Marvell RAID;Marvell RAID Event Agent;E:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [2007-06-12 61440] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{08343760-83dc-11dd-9f94-00eeb1054be3}] \Shell\AutoRun\command - D:\EXPLORER.EXE \Shell\explore\Command - D:\EXPLORER.EXE \Shell\open\Command - D:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2eb270a2-7a78-11dc-8eeb-00eeb1054be3}] \Shell\AutoRun\command - H:\EXPLORER.EXE \Shell\explore\Command - H:\EXPLORER.EXE \Shell\open\Command - H:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4c4f8f59-3393-11dc-8dc4-00eeb1054be3}] \Shell\AutoRun\command - H:\EXPLORER.EXE \Shell\explore\Command - H:\EXPLORER.EXE \Shell\open\Command - H:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5a68a611-4cff-11dd-8f24-806d6172696f}] \Shell\AutoRun\command - E:_AUTORUN\AUTORUN.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6651a1b3-8177-11dd-9f8f-00eeb1054be3}] \Shell\AutoRun\command - D:\EXPLORER.EXE \Shell\explore\Command - D:\EXPLORER.EXE \Shell\open\Command - D:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6651a1c5-8177-11dd-9f8f-00eeb1054be3}] \Shell\AutoRun\command - D:\EXPLORER.EXE \Shell\explore\Command - D:\EXPLORER.EXE \Shell\open\Command - D:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{681b1e4b-95c2-11dc-8f6b-00eeb1054be3}] \shell\AutoRun\command - H:\EXPLORER.EXE \shell\explore\Command - H:\EXPLORER.EXE \shell\open\Command - H:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{68738504-d64e-11dc-bcad-00eeb1054be3}] \Shell\AutoRun\command - I:\EXPLORER.EXE \Shell\explore\Command - I:\EXPLORER.EXE \Shell\open\Command - I:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{821e5068-75bb-11dd-a13c-00eeb1054be3}] \Shell\AutoRun\command - D:\EXPLORER.EXE \Shell\explore\Command - D:\EXPLORER.EXE \Shell\open\Command - D:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{96f884a2-7eb2-11dd-b475-00eeb1054be3}] \Shell\AutoRun\command - D:\setup\rsrc\Autorun.exe \Shell\dinstall\command - D:\Directx\dxsetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{97b28ad2-76a0-11dd-a13d-00eeb1054be3}] \Shell\AutoRun\command - D:\EXPLORER.EXE \Shell\explore\Command - D:\EXPLORER.EXE \Shell\open\Command - D:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{97b28ad3-76a0-11dd-a13d-00eeb1054be3}] \Shell\AutoRun\command - D:\EXPLORER.EXE \Shell\explore\Command - D:\EXPLORER.EXE \Shell\open\Command - D:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a2503918-dcba-11dc-bcc8-00eeb1054be3}] \Shell\AutoRun\command - H:\EXPLORER.EXE \Shell\explore\Command - H:\EXPLORER.EXE \Shell\open\Command - H:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a3f69ad1-6ed5-11dd-854a-806d6172696f}] \Shell\AutoRun\command - E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a5941b34-b4f1-11db-8b42-00eeb1054be3}] \Shell\AutoRun\command - H:\EXPLORER.EXE \Shell\explore\Command - H:\EXPLORER.EXE \Shell\open\Command - H:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ab044cf0-1b85-11dd-bdba-00eeb1054be3}] \Shell\AutoRun\command - H:\EXPLORER.EXE \Shell\explore\Command - H:\EXPLORER.EXE \Shell\open\Command - H:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b3a81e24-a29b-11dc-9c49-00eeb1054be3}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - H:\ \Shell\open\Command - H:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d5390260-f3f3-11db-8c78-00eeb1054be3}] \Shell\AutoRun\command - H:\EXPLORER.EXE \Shell\explore\Command - H:\EXPLORER.EXE \Shell\open\Command - H:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d8e49045-5a72-11dd-b26e-00eeb1054be3}] \Shell\AutoRun\command - H:\EXPLORER.EXE \Shell\explore\Command - H:\EXPLORER.EXE \Shell\open\Command - H:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e06ec030-2113-11dd-bdd0-00eeb1054be3}] \Shell\AutoRun\command - H:\EXPLORER.EXE \Shell\explore\Command - \Shell\open\Command - [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f67c9d91-533f-11dd-9cbe-00eeb1054be3}] \Shell\AutoRun\command - G:\EXPLORER.EXE \Shell\explore\Command - G:\EXPLORER.EXE \Shell\open\Command - G:\EXPLORER.EXE *Newly Created Service* - PROCEXP90 . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-ASUS SmartDoctor - C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe MSConfigStartUp-CloneCDTray - E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe MSConfigStartUp-ctfmon - C:\WINDOWS\WINDOWS2\system32\ctfmon.exe MSConfigStartUp-wsctf - wsctf.exe . ------- Skan uzupełniający ------- . FireFox -: Profile - E:\Documents and Settings\Łukasz\Dane aplikacji\Mozilla\Firefox\Profiles\83s1jj5j.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.Google.pl . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-20 12:27:49 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton AntiVirus] “ImagePath”="“E:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe” /s “Norton AntiVirus” /m “E:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll” /prefetch:1" . Czas ukończenia: 2008-10-20 12:28:37 ComboFix-quarantined-files.txt 2008-10-20 10:28:33 Przed: 608 378 224 640 bajtów wolnych Po: 609,674,448,896 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] E:\CMDCONS\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect 446