Witajcie!
Mam wielki problem. Otóż na moim komputerze pojawiła się infekcja z którą nie radzą sobie Kasperky, Acravir i inne programy antywirusowe, po prostu jej nie wykrywają. Problem polega na tym, że jak chcę otworzyć jakiś dysk poprzez prawoklik (praczy przycisk myszy) to zamiast Otwórz mam open(o). Dodatkowo za każdym jednym uruchomieniem komputera na pulpicie pojawiają mi się Moje Dokumenty. Próbowałem wywalić ten syf z rejestru i nadal jest. Proszę o pomoc.
Logi z Hijacka
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:29, on 2008-07-01
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe
C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
C:\Program Files\ArcaBit\Common\TaskScheduler.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
O4 - HKLM…\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup
O4 - HKLM…\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://arcaonline.arcabit.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow … eqlab2.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab
O23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
O23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe
O23 - Service: ArcaBit.TaskScheduler - ArcaBit - C:\Program Files\ArcaBit\Common\TaskScheduler.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 5939 bytes
Log z Combofixa:
ComboFix 08-06-20.4 - Levuss 2008-07-01 13:02:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.714 [GMT 2:00]
Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.
2008-06-30 18:44 . 2008-06-30 18:44
2008-06-30 18:37 . 2008-06-30 21:56
2008-06-30 18:29 . 2008-06-30 18:29
2008-06-30 18:28 . 2008-06-30 22:22
2008-06-30 18:27 . 2008-06-30 18:27
2008-06-25 18:36 . 2008-06-25 18:36
2008-06-24 13:02 . 2008-06-24 13:24
2008-06-24 13:02 . 2008-06-24 13:02
2008-06-23 13:55 . 2008-07-01 12:22
2008-06-23 13:54 . 2008-06-23 13:54
2008-06-14 15:12 . 2008-06-14 15:12 35,440 --a------ C:\WINDOWS\system32\sschk.trb
2008-06-14 14:08 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-14 14:04 . 2008-06-14 14:04
2008-06-14 14:04 . 2008-06-14 14:04
2008-06-14 14:04 . 2008-06-14 14:04
2008-06-14 14:04 . 2008-06-14 14:04
2008-06-14 14:03 . 2008-06-14 14:03
2008-06-14 13:59 . 2008-06-14 13:59
2008-06-14 13:36 . 2008-05-08 16:02 203,136 -----c— C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-14 13:30 . 2008-06-14 19:36 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 13:27 . 2004-08-04 00:35 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-14 13:15 . 2008-06-14 13:15
2008-06-14 11:31 . 2008-06-14 11:31
2008-06-14 11:30 . 2008-06-14 15:12 585,296 --a------ C:\WINDOWS\system32\trupd.trb
2008-06-14 11:26 . 2008-06-02 21:22 2,486,848 --a------ C:\WINDOWS\system32\rmt.trb
2008-06-14 11:26 . 2008-05-25 18:06 983,616 --a------ C:\WINDOWS\system32\Rmvtrjan.trb
2008-06-14 11:26 . 2008-06-14 15:12 878,672 --a------ C:\WINDOWS\system32\Trjscan.trb
2008-06-14 11:25 . 2008-06-30 23:01
2008-06-14 11:25 . 2008-06-14 11:25
2008-06-14 11:25 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-14 11:25 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-14 10:58 . 2008-06-14 11:31
2008-06-14 10:58 . 1999-07-17 02:21 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL
2008-06-14 10:58 . 1999-07-17 02:21 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL
2008-06-11 14:08 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-06-11 14:08 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-06-11 14:07 . 2008-06-11 14:07
2008-06-11 14:06 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 16:28 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\ArcaBit
2008-06-27 19:30 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-06-25 07:35 --------- d-----w C:\Program Files\English Translator 3
2008-06-23 11:54 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 13:18 --------- d-----w C:\Program Files\ArcaMicroScan
2008-06-01 20:52 --------- d-----w C:\Program Files\VAG-COM
2008-05-29 14:06 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-26 10:00 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-25 09:31 --------- d-----w C:\Documents and Settings\Levuss\Dane aplikacji\PC Tools
2008-05-21 09:25 --------- d-----w C:\Program Files\Panda Security
2008-05-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-11 12:58 17,608 ----a-w C:\Documents and Settings\Levuss\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-05-11 08:05 --------- d-----w C:\Program Files\Trend Micro
2008-05-10 16:21 --------- d-----w C:\Program Files\C-Media 6501 Sound
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 13:49 --------- d-----w C:\Program Files\BitComet
2008-04-21 11:09 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-21 06:44 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 17:22 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll
2008-04-14 17:22 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
2008-04-14 17:22 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 17:22 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:29 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 16:29 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 16:22 89,600 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 16:20 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 16:15 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 16:09 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 16:02 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 15:59 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:40 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:37 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:35 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-12-05 02:41 8523776]
“AvMenu”=“C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe” [2008-06-30 22:01 514568]
“ArcaCheck”=“C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe” [2008-06-30 22:01 637448]
“ABRegmon”=“C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe” [2007-10-23 11:41 348160]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 19:21 15360]
“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-11-07 17:35 1294336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= i263_32.drv
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C6501Sound]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
–a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
–a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“D:\TacticalOps\System\TacticalOps.exe”=
“C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”=
“C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe”=
“C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe”=
“C:\Program Files\Ares\Ares.exe”=
“C:\Program Files\BitComet\BitComet.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=
“D:\Pes6\PES6.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\WINDOWS\system32\mmc.exe”=
“D:\PES 2008\PES2008.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“10932:TCP”= 10932:TCP:BitComet 10932 TCP
“10932:UDP”= 10932:UDP:BitComet 10932 UDP
“8461:TCP”= 8461:TCP:GoD High Port
“8462:TCP”= 8462:TCP:GoD Low Port
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R1 ABTDI;ABTDI;C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2008-06-30 22:01]
R2 ABFileMon;ArcaBit FileMonitor;“C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe” [2008-06-30 22:01]
R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;“C:\Program Files\ArcaBit\Common\TaskScheduler.exe” [2007-10-25 05:20]
R2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe [2008-06-30 22:01]
R3 ABFLT;ArcaBit File Monitor Driver;C:\PROGRA~1\ArcaBit\ArcaVir\ABFLT.sys [2008-06-30 22:01]
R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;“C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe” [2008-06-30 22:22]
R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-07-11 14:05]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;“C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe” [2008-06-30 22:22]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 13:03:27
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-01 13:04:04
ComboFix-quarantined-files.txt 2008-07-01 11:03:58
Pre-Run: 1,769,222,144 bajtów wolnych
Post-Run: 1,797,799,936 bajtów wolnych
204 — E O F — 2008-06-25 16:36:32