ComboFix 09-01-05.02 - Mefisto 2009-01-05 19:33:54.1 - FAT32 x86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.511.139 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Mefisto\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\mfc45.dll
D:\resycled
d:\resycled\boot.com
E:\resycled
e:\resycled\boot.com
F:\resycled
f:\resycled\boot.com
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Pliki utworzone od 2008-12-05 do 2009-01-05 )))))))))))))))))))))))))))))))
.
2009-01-05 18:24 . 2009-01-05 18:24
2009-01-05 18:20 . 2009-01-05 18:20 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-01-05 18:19 . 2009-01-05 18:19
2009-01-05 18:19 . 2008-12-22 12:55 936,288 --a------ c:\windows\system32\Incinerator.dll
2009-01-05 18:19 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2009-01-05 18:19 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe
2009-01-05 18:15 . 2009-01-05 18:16
2009-01-05 18:15 . 2009-01-05 18:16
2009-01-04 16:40 . 2009-01-04 16:40
2009-01-02 19:47 . 2009-01-02 19:47
2009-01-02 19:47 . 2009-01-02 19:47
2009-01-02 19:41 . 2009-01-02 19:41 685,816 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-02 12:14 . 2009-01-02 12:14
2009-01-01 12:34 . 2009-01-01 12:34
2009-01-01 12:34 . 2008-11-24 14:01 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-01-01 10:00 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-01 09:59 . 2009-01-01 09:59
2009-01-01 09:59 . 2009-01-01 09:59
2009-01-01 09:53 . 2009-01-01 09:53
2009-01-01 09:51 . 2009-01-01 09:51
2008-12-31 19:06 . 2009-01-01 10:04 507 --a------ c:\windows\ATICIM.INI
2008-12-31 19:02 . 2008-12-31 19:02
2008-12-31 19:02 . 2006-05-03 11:57 520,192 --------- c:\windows\system32\ati2sgag.exe
2008-12-31 19:01 . 2008-12-31 19:01
2008-12-31 13:36 . 2008-12-31 13:36
2008-12-28 21:00 . 2008-12-28 21:00
2008-12-28 13:28 . 2009-01-05 19:37 3,208,035 --a------ c:\windows{00000000-00000000-0000000C-00001102-00000004-00521102}.BAK
2008-12-23 21:50 . 2008-12-23 21:50
2008-12-23 16:38 . 2008-12-23 16:38
2008-12-23 16:35 . 2008-12-23 16:35
2008-12-23 16:35 . 2008-12-23 16:35
2008-12-23 16:18 . 2008-12-23 16:18
2008-12-22 21:48 . 2008-12-22 21:48
2008-12-22 20:18 . 2008-12-22 20:18
2008-12-22 17:49 . 2008-12-22 17:49
2008-12-21 20:30 . 2008-12-21 20:30
2008-12-20 19:32 . 2008-12-20 19:33 304,160 --a------ C:\PA207.DAT
2008-12-19 18:43 . 2008-12-19 18:43
2008-12-19 14:57 . 2008-12-19 14:57
2008-12-19 14:57 . 2008-12-19 14:57 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-19 14:55 . 2008-12-19 14:55
2008-12-19 14:55 . 2008-12-19 14:55
2008-12-19 14:55 . 2008-12-19 14:55
2008-12-19 14:55 . 2008-12-19 14:55
2008-12-19 14:28 . 2008-04-14 22:51 91,648 --a------ c:\windows\system32\kswdmcap.ax
2008-12-19 14:28 . 2008-04-14 22:51 91,648 --a------ c:\windows\system32\dllcache\kswdmcap.ax
2008-12-19 14:28 . 2008-04-14 22:51 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-12-19 14:28 . 2008-04-14 22:51 61,952 --a------ c:\windows\system32\dllcache\kstvtune.ax
2008-12-19 14:28 . 2008-04-14 22:50 54,784 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-19 14:28 . 2008-04-14 22:50 54,784 --a------ c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-19 14:28 . 2008-04-14 22:51 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-12-19 14:28 . 2008-04-14 22:51 43,008 --a------ c:\windows\system32\dllcache\ksxbar.ax
2008-12-19 14:26 . 2008-12-19 14:26
2008-12-19 14:26 . 2008-12-19 14:26
2008-12-19 14:26 . 2008-12-19 14:26
2008-12-19 14:26 . 2006-11-03 10:59 48,128 --a------ c:\windows\system32\Remove.exe
2008-12-19 14:26 . 2007-01-04 01:20 314 --a------ c:\windows\system32\Remover.ini
2008-12-17 19:31 . 2008-12-17 19:31
2008-12-17 19:31 . 2008-12-17 19:31
2008-12-14 17:01 . 2008-12-14 17:01
2008-12-13 17:51 . 2008-12-13 17:51
2008-12-13 17:40 . 2008-12-13 17:40
2008-12-13 17:24 . 2008-12-01 18:56
2008-12-13 17:24 . 2008-12-01 18:56
2008-12-13 17:24 . 2008-12-01 18:56
2008-12-13 17:24 . 2008-12-01 18:56
2008-12-13 17:24 . 2008-12-01 18:56
2008-12-13 17:24 . 2008-12-01 18:56
2008-12-13 17:24 . 2008-12-01 18:56
2008-12-13 17:24 . 2008-12-13 17:24
2008-12-13 16:15 . 2008-12-13 16:15
2008-12-11 20:12 . 2008-12-11 20:12 2,359,350 --a------ c:\windows\BricoPack Wallpaper.bmp
2008-12-11 20:12 . 2008-12-11 20:12 65,011 --a------ c:\windows\BricoPackUninst.cmd
2008-12-11 20:10 . 2008-12-11 20:12 6,118 --a------ c:\windows\BricoPackFoldersDelete.cmd
2008-12-11 20:09 . 2008-12-11 20:09
2008-12-11 20:02 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-11 19:44 . 2008-12-11 19:44
2008-12-11 19:42 . 2008-12-11 19:42
2008-12-11 19:42 . 2008-12-11 19:42
2008-12-10 21:32 . 2008-12-10 21:32
2008-12-10 21:30 . 2008-12-10 21:30
2008-12-10 21:30 . 2003-07-01 21:42 27,904 -ra------ c:\windows\system32\drivers\VIAAGP1.SYS
2008-12-10 19:55 . 2008-12-11 16:02 70,656 --a------ c:\windows\ScUnin.exe
2008-12-10 19:55 . 2008-12-11 16:02 967 --a------ c:\windows\ScUnin.pif
2008-12-10 19:40 . 2004-08-22 16:31 155,136 --a------ c:\windows\system32\drivers\d347bus.sys
2008-12-10 19:40 . 2004-08-22 16:31 5,248 --a------ c:\windows\system32\drivers\d347prt.sys
2008-12-10 19:39 . 2008-12-10 19:39
2008-12-09 15:31 . 2008-12-11 16:03 59,916 --a------ c:\windows\scunin.dat
2008-12-09 10:45 . 2008-12-09 10:45
2008-12-09 10:43 . 2008-07-25 09:34 683,520 --a------ c:\windows\system32\divx.dll
2008-12-09 10:43 . 2008-06-12 19:36 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-12-09 10:43 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-12-08 11:08 . 2008-12-08 11:08
2008-12-07 20:34 . 2008-12-07 20:34
2008-12-07 20:34 . 2008-12-07 20:34
2008-12-05 21:16 . 2004-01-12 00:00 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-12-05 15:08 . 2008-12-05 15:08
2008-12-05 15:07 . 2008-12-05 15:07
2008-12-05 15:06 . 2006-04-13 01:04 49,664 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-12-05 15:06 . 2006-04-13 01:04 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-05 15:05 . 2006-01-04 10:12 77,824 -ra------ c:\windows\system32\HPZIDS01.dll
2008-12-05 15:05 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll
2008-12-05 15:05 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-05 15:05 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-12-05 15:04 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2008-12-05 15:04 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-12-05 15:04 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-12-05 15:04 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-12-05 15:04 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2008-12-05 15:04 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-12-05 14:59 . 2008-12-05 15:09 119,523 --a------ c:\windows\hpoins11.dat
2008-12-05 14:55 . 2008-12-05 14:55
2008-12-05 14:54 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-05 14:54 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 19:12 219,648 ----a-w c:\windows\system32\uxtheme.dll
2008-12-03 15:56 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\InterAction studios
2008-12-02 16:43 --------- d-----w c:\program files\Java
2008-12-02 15:20 --------- d-----w c:\documents and settings\Mefisto\Dane aplikacji\Creative
2008-12-02 15:12 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Creative
2008-12-02 15:11 --------- d–h--w c:\program files\InstallShield Installation Information
2008-12-02 15:11 --------- d-----w c:\program files\Creative
2008-12-02 15:11 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-01 18:41 --------- d-----w c:\documents and settings\Mefisto\Dane aplikacji\Thunderbird
2008-12-01 18:41 --------- d-----w c:\documents and settings\Mefisto\Dane aplikacji\Talkback
2008-12-01 18:33 --------- d-----w c:\documents and settings\Mefisto\Dane aplikacji\Nowe Gadu-Gadu
2008-12-01 18:30 --------- d-----w c:\documents and settings\Mefisto\Dane aplikacji\BitTorrent
2008-12-01 18:26 --------- d-----w c:\program files\NAPI-PROJEKT
2008-12-01 18:22 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ESET
2008-12-01 18:06 --------- d-----w c:\program files\microsoft frontpage
2008-12-01 18:04 --------- d-----w c:\program files\Usługi online
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“Nowe Gadu-Gadu”=“e:\gadu-gadu\Nowe Gadu-Gadu\gg.exe” [2008-12-22 8966760]
“TaskTray”=“c:\program files\Creative\SBAudigy\TaskBar\CTLTray.exe” [2001-06-29 163840]
“TaskBar”=“c:\program files\Creative\SBAudigy\TaskBar\CTLTask.exe” [2002-05-08 122880]
“RocketDock”=“c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe” [2007-03-18 630784]
“BitTorrent DNA”=“c:\program files\DNA\btdna.exe” [2008-12-17 342848]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-11-07 21633320]
“DAEMON Tools Pro Agent”=“e:\daemon tools pro\DTProAgent.exe” [2007-09-06 136136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“egui”=“e:\eset\ESET NOD32 Antivirus\egui.exe” [2008-07-01 1447168]
“UpdReg”=“c:\windows\UpdReg.EXE” [2000-05-11 90112]
“Jet Detection”=“c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe” [2001-11-29 28672]
“CTStartup”=“c:\program files\Creative\Splash Screen\CTEaxSpl.EXE” [2001-12-20 28672]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-11-10 136600]
“VisualTooltip”=“c:\documents and settings\Mefisto\Moje dokumenty\Visual tooltip\VisualToolTip.exe” [2007-04-25 956928]
“Monitor”=“c:\windows\PixArt\PAC207\Monitor.exe” [2006-11-03 319488]
“DefragTaskBar”=“e:\ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe” [2007-08-28 169312]
“DrvIcon”=“c:\program files\Vista Drive Icon\DrvIcon.exe” [2008-04-13 49152]
“Google Desktop Search”=“c:\program files\Google\Google Desktop Search\GoogleDesktop.exe” [2008-12-21 30192]
“Adobe Reader Speed Launcher”=“e:\adobe\Reader 9.0\Reader\Reader_sl.exe” [2008-06-12 34672]
“GrooveMonitor”=“e:\microsoft office\Office12\GrooveMonitor.exe” [2006-10-27 31016]
“WINDVDPatch”=“CTHELPER.EXE” [2002-07-02 c:\windows\system32\CTHELPER.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
c:\documents and settings\Mefisto\Menu Start\Programy\Autostart\
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
Y’z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.ctmp3”= c:\windows\system32\ctmp3.acm
“msacm.l3fhg”= mp3fhg.acm
“msacm.divxa32”= divxa32.acm
“VIDC.X264”= x264vfw.dll
“VIDC.HFYU”= huffyuv.dll
“vidc.i263”= i263_32.drv
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“e:\BitTorrent\bittorrent.exe”=
“e:\Metin2_PL\metin2.bin”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“e:\HP\Digital Imaging\bin\hpofxm08.exe”=
“e:\HP\Digital Imaging\bin\hposfx08.exe”=
“e:\HP\Digital Imaging\bin\hposid01.exe”=
“e:\HP\Digital Imaging\bin\hpqscnvw.exe”=
“e:\HP\Digital Imaging\bin\hpqkygrp.exe”=
“e:\HP\Digital Imaging\bin\hpqCopy.exe”=
“e:\HP\Digital Imaging\bin\hpzwiz01.exe”=
“e:\HP\Digital Imaging\bin\hpoews01.exe”=
“e:\HP\Digital Imaging\bin\hpqnrs08.exe”=
“e:\Gadu-Gadu\Nowe Gadu-Gadu\gg.exe”=
“c:\Program Files\DNA\btdna.exe”=
“d:\Battlefield Vietnam\bfvietnam.exe”=
“d:\Dawn of war - Dark crusade\DarkCrusade.exe”=
“e:\Microsoft Office\Office12\OUTLOOK.EXE”=
“e:\Microsoft Office\Office12\GROOVE.EXE”=
“e:\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\Program Files\Skype\Phone\Skype.exe”=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2008-12-01 26752]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [2007-05-14 508288]
R4 ekrn;Eset Service;e:\eset\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-05 596336]
R4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-05 596336]
S3 GoogleDesktopManager-092308-165331;Menedżer Google Desktop 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-21 30192]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cb0d7c7e-c14f-11dd-91da-001fc6344a91}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cb0d7c7f-c14f-11dd-91da-001fc6344a91}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e32e93da-c094-11dd-91d8-001fc6344a91}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e32e93db-c094-11dd-91d8-001fc6344a91}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-TrueTransparency - c:\documents and settings\Mefisto\Pulpit\TrueTransparency\TrueTransparency.exe
HKLM-Run-DAEMON Tools-1033 - e:\daemon\daemon.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.vista-inspirat.net/en/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksportuj do programu Microsoft Excel - e:\micros~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mefisto\Dane aplikacji\Mozilla\Firefox\Profiles\yhlwxdbj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vista-inspirat.net/en/
FF - component: e:\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: e:\mozilla firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: e:\adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: e:\mozilla firefox\plugins\npbittorrent.dll
.
.
------- Skojarzenia plików -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 19:38:08
Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???s???w? ?w???w???w4???.??w4???4???TA?s4???$???L:8??? ??? ???5?7~e?7~???h}??????C@?\???\??????s$???\??????s\???0:8?A??s0:8??C@?x???
|?w???@
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\scecli.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
e:\ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
e:\ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\HPZIPM12.EXE
c:\windows\SYSTEM32\MSPMSPSV.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-05 19:39:27 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-01-05 18:39:22
Przed: 395 759 616 bajtów wolnych
Po: 290,635,776 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
311