Wyłączony regedit,menadzierz itp

radek14er · 8 Marzec 2010 21:00

Mam problem z menadzerem zadań i rejestrem.

Podejrzewam,że wskoczył mi wirus.

Log z Combo:

ComboFix 10-03-08.01 - Rad 2010-03-08 21:49:31.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3070.2681 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Rad\Pulpit\ComboFix.exe

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\windows\ALCMTR.EXE


.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_ABP470N5

-------\Service_abp470n5



((((((((((((((((((((((((( Pliki utworzone od 2010-02-08 do 2010-03-08 )))))))))))))))))))))))))))))))

.


2010-03-08 20:41 . 2010-03-08 20:46	--------	d-----w-	c:\program files\SkanerOnline

2010-03-08 20:39 . 2010-03-08 20:39	--------	d-----w-	C:\ERDNT

2010-03-08 20:39 . 2010-03-08 20:39	--------	d-----w-	c:\windows\ERUNT

2010-03-08 20:39 . 2010-03-08 20:39	--------	d-----w-	C:\!FixIEDef

2010-03-08 20:33 . 2010-03-08 20:33	--------	d-sh--w-	c:\documents and settings\Rad\PrivacIE

2010-03-08 20:21 . 2010-02-27 19:46	3691384	----a-w-	c:\documents and settings\Rad\Dane aplikacji\Simply Super Software\Trojan Remover\cic2.exe

2010-03-08 20:19 . 2006-06-19 11:01	69632	----a-w-	c:\windows\system32\ztvcabinet.dll

2010-03-08 20:19 . 2006-05-25 13:52	162304	----a-w-	c:\windows\system32\ztvunrar36.dll

2010-03-08 20:19 . 2005-08-25 23:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll

2010-03-08 20:19 . 2003-02-02 18:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll

2010-03-08 20:19 . 2002-03-05 23:00	75264	----a-w-	c:\windows\system32\unacev2.dll

2010-03-08 20:19 . 2010-03-08 20:19	--------	d-----w-	c:\documents and settings\Rad\Dane aplikacji\Simply Super Software

2010-03-08 20:19 . 2010-03-08 20:19	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Simply Super Software

2010-03-08 20:00 . 2010-03-08 20:00	--------	d-----w-	c:\documents and settings\Rad\Ustawienia lokalne\Dane aplikacji\ESET

2010-03-08 19:59 . 2010-03-08 19:59	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ESET

2010-03-08 17:19 . 2010-03-08 20:02	--------	d-----w-	c:\program files\DAEMON Tools Pro

2010-03-08 17:19 . 2010-03-08 17:20	--------	d-----w-	c:\documents and settings\Rad\Dane aplikacji\DAEMON Tools Pro

2010-03-08 17:19 . 2010-03-08 17:19	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro

2010-03-08 16:57 . 2010-03-08 16:57	--------	d-----w-	c:\documents and settings\Rad\Ustawienia lokalne\Dane aplikacji\Ahead

2010-03-08 16:48 . 2010-03-08 16:48	--------	d-----w-	c:\program files\Common Files\BioWare

2010-03-08 15:45 . 2010-03-08 15:45	--------	d-----w-	c:\documents and settings\Rad\Ustawienia lokalne\Dane aplikacji\AliensVsPredator

2010-03-08 15:03 . 2010-03-08 15:03	--------	d-----w-	c:\program files\Common Files\Nero

2010-03-08 14:51 . 2000-06-26 10:45	106496	----a-w-	c:\windows\system32\TwnLib20.dll

2010-03-08 14:51 . 2004-07-26 16:16	476320	------w-	c:\windows\system32\ImagXpr7.dll

2010-03-08 14:51 . 2004-07-26 16:16	471040	------w-	c:\windows\system32\ImagXRA7.dll

2010-03-08 14:51 . 2004-07-26 16:16	262144	------w-	c:\windows\system32\ImagXR7.dll

2010-03-08 14:51 . 2004-07-26 16:16	1568768	------w-	c:\windows\system32\ImagX7.dll

2010-03-08 14:51 . 2001-07-09 10:50	225280	----a-w-	c:\windows\system32\NeroCheck.exe

2010-03-08 14:51 . 2010-03-08 14:51	--------	d-----w-	c:\program files\Common Files\Ahead

2010-03-08 14:51 . 2010-03-08 14:51	--------	d-----w-	c:\program files\Ahead

2010-03-07 18:58 . 2010-03-08 20:24	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP

2010-03-07 14:27 . 2010-03-07 14:27	--------	d-sh--w-	c:\windows\ftpcache

2010-03-05 13:52 . 2010-03-05 13:52	--------	d-----w-	c:\documents and settings\Rad\Dane aplikacji\Ventrilo

2010-03-04 15:22 . 2010-03-04 15:22	--------	d-----w-	c:\program files\Ventrilo

2010-03-03 20:02 . 2008-03-02 04:40	742220	----a-w-	c:\windows\system32\xvidcore.dll

2010-03-03 20:02 . 2004-07-02 16:08	139264	----a-w-	c:\windows\system32\xvidvfw.dll

2010-03-03 20:02 . 2007-03-08 17:37	139264	----a-w-	c:\windows\system32\viscomqtde.dll

2010-03-03 20:02 . 2007-03-08 17:36	81920	----a-w-	c:\windows\system32\viscomwave.dll

2010-03-03 20:02 . 2010-03-03 20:02	--------	d-----w-	c:\program files\Plato Video Converter

2010-03-03 20:02 . 2010-03-08 19:42	--------	d-----w-	c:\documents and settings\Rad\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

2010-03-03 20:02 . 2010-03-08 20:52	--------	d-----w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

2010-03-03 20:02 . 2010-03-03 20:02	--------	d-----w-	c:\program files\LogMeIn Hamachi

2010-03-03 05:30 . 2010-03-08 18:55	60	----a-w-	c:\program files\Common Files\userInit.dll

2010-03-02 18:48 . 2008-04-14 21:50	26624	----a-w-	c:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-03-02 16:23 . 2010-03-02 16:24	--------	d-----w-	c:\program files\The KMPlayer

2010-03-02 15:59 . 2010-03-03 20:00	--------	d-----w-	c:\program files\audio-mp3-converter

2010-03-02 15:59 . 2001-08-26 11:20	671744	----a-w-	c:\windows\system32\DGVorbis.dll

2010-03-02 15:59 . 2000-10-03 16:16	765952	----a-w-	c:\windows\system32\tvqenc.dll

2010-03-02 15:59 . 2000-10-02 10:45	573440	----a-w-	c:\windows\system32\tvqdec.dll

2010-03-02 15:59 . 1999-09-17 09:56	118784	----a-w-	c:\windows\system32\mp3dec.dll

2010-03-02 10:48 . 2010-03-02 10:48	--------	d-----w-	c:\program files\Grupa IMAGE

2010-03-02 10:26 . 2010-03-08 18:53	137464	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys

2010-03-02 10:26 . 2010-03-08 18:53	214520	----a-w-	c:\windows\system32\PnkBstrB.exe

2010-03-02 10:26 . 2010-03-02 10:26	75064	----a-w-	c:\windows\system32\PnkBstrA.exe

2010-03-02 10:26 . 2010-03-02 10:26	--------	d-----w-	c:\documents and settings\Rad\Ustawienia lokalne\Dane aplikacji\PunkBuster

2010-03-02 08:45 . 2010-03-02 08:45	27958	----a-w-	c:\program files\Common Files\logonInit.dll

2010-03-02 08:44 . 2010-03-02 08:45	--------	d-----w-	c:\documents and settings\Rad\Dane aplikacji\Tibia

2010-03-01 18:00 . 2010-03-01 18:00	--------	d-----w-	c:\documents and settings\Rad\Dane aplikacji\HP

2010-03-01 15:13 . 2010-03-01 15:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\WEBREG

2010-03-01 15:12 . 2010-03-01 15:12	--------	d-----w-	c:\documents and settings\LocalService\Dane aplikacji\HP

2010-03-01 15:12 . 2010-03-01 15:12	--------	d-----r-	c:\documents and settings\LocalService\Ulubione

2010-03-01 15:12 . 2010-03-01 15:12	--------	d-----w-	c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\Microsoft

2010-03-01 15:11 . 2010-03-01 15:11	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\HP

2010-03-01 15:11 . 2010-03-01 15:11	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY

2010-03-01 15:10 . 2010-03-01 15:12	--------	d-----w-	c:\program files\Common Files\HP

2010-03-01 15:10 . 2010-03-01 15:10	--------	d-----w-	c:\program files\Hewlett-Packard

2010-03-01 15:10 . 2010-03-01 15:10	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard

2010-03-01 15:09 . 2010-03-01 15:12	--------	d-----w-	c:\program files\HP

2010-03-01 15:09 . 2008-04-13 23:15	26368	-c--a-w-	c:\windows\system32\dllcache\usbstor.sys

2010-03-01 15:07 . 2006-12-06 06:02	16496	----a-r-	c:\windows\system32\drivers\HPZipr12.sys

2010-03-01 15:07 . 2006-12-06 06:02	49920	----a-r-	c:\windows\system32\drivers\HPZid412.sys

2010-03-01 15:07 . 2010-03-01 15:07	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard

2010-03-01 15:07 . 2010-03-01 15:13	141251	----a-w-	c:\windows\hpoins12.dat

2010-03-01 15:07 . 2007-01-22 16:05	1470	------w-	c:\windows\hpomdl12.dat

2010-03-01 15:07 . 2010-03-01 15:07	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache

2010-03-01 15:07 . 2006-12-15 16:04	258048	----a-r-	c:\windows\system32\hpzids01.dll

2010-03-01 15:07 . 2006-12-30 14:49	117760	----a-w-	c:\windows\system32\hpzll4v2.dll

2010-03-01 15:07 . 2006-12-29 08:57	273920	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4v2.dll

2010-03-01 15:07 . 2006-12-06 06:02	21568	----a-r-	c:\windows\system32\drivers\HPZius12.sys

2010-03-01 15:07 . 2008-04-13 23:17	25856	-c--a-w-	c:\windows\system32\dllcache\usbprint.sys

2010-03-01 15:07 . 2008-04-13 23:17	25856	----a-w-	c:\windows\system32\drivers\usbprint.sys

2010-03-01 15:06 . 2006-12-06 06:02	364544	----a-r-	c:\windows\system32\hppldcoi.dll

2010-03-01 15:06 . 2006-12-06 06:02	309760	----a-r-	c:\windows\system32\difxapi.dll

2010-03-01 15:06 . 2006-12-06 06:00	294912	----a-r-	c:\windows\system32\hpovst10.dll

2010-03-01 15:06 . 2006-12-06 06:00	675840	----a-r-	c:\windows\system32\hpowiax3.dll

2010-03-01 15:06 . 2006-12-06 06:00	569344	----a-r-	c:\windows\system32\hpotscl3.dll

2010-03-01 15:06 . 2008-04-13 23:15	15104	-c--a-w-	c:\windows\system32\dllcache\usbscan.sys

2010-03-01 15:06 . 2008-04-13 23:15	15104	----a-w-	c:\windows\system32\drivers\usbscan.sys

2010-03-01 15:05 . 2008-04-13 23:15	32128	-c--a-w-	c:\windows\system32\dllcache\usbccgp.sys

2010-03-01 15:05 . 2008-04-13 23:15	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys

2010-03-01 15:01 . 2010-03-07 10:07	--------	d-----w-	c:\documents and settings\Rad\Ustawienia lokalne\Dane aplikacji\Adobe

2010-02-28 18:10 . 2010-02-28 18:10	--------	d-----w-	c:\documents and settings\Rad\Dane aplikacji\Leadertech

2010-02-28 18:06 . 2010-03-03 20:02	--------	d-----w-	c:\documents and settings\Rad\Dane aplikacji\Hamachi

2010-02-28 18:06 . 2009-09-23 08:41	26176	---ha-w-	c:\windows\system32\drivers\hamachi.sys

2010-02-28 17:58 . 2010-03-08 20:02	--------	d-----w-	C:\Fraps

2010-02-28 17:58 . 2010-02-28 17:58	691696	----a-w-	c:\windows\system32\drivers\sptd.sys

2010-02-28 17:58 . 2010-02-28 18:02	--------	d-----w-	c:\documents and settings\Rad\Dane aplikacji\DAEMON Tools Lite

2010-02-28 17:58 . 2010-02-28 17:58	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite

2010-02-28 17:55 . 2010-02-04 09:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll

2010-02-28 17:55 . 2010-02-04 09:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll

2010-02-28 17:55 . 2010-02-04 09:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll

2010-02-28 17:55 . 2010-02-04 09:01	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll

2010-02-28 17:53 . 2010-02-28 17:53	--------	d-----w-	c:\windows\Logs

2010-02-28 17:51 . 2010-02-28 17:51	503808	----a-w-	c:\documents and settings\Rad\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-578c4920-n\msvcp71.dll

2010-02-28 17:51 . 2010-02-28 17:51	499712	----a-w-	c:\documents and settings\Rad\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-578c4920-n\jmc.dll

2010-02-28 17:51 . 2010-02-28 17:51	348160	----a-w-	c:\documents and settings\Rad\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-578c4920-n\msvcr71.dll

2010-02-28 17:51 . 2010-02-28 17:51	61440	----a-w-	c:\documents and settings\Rad\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1b8e1c20-n\decora-sse.dll

2010-02-28 17:51 . 2010-02-28 17:51	12800	----a-w-	c:\documents and settings\Rad\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1b8e1c20-n\decora-d3d.dll

2010-02-28 17:48 . 2010-02-28 17:48	--------	d-----w-	c:\documents and settings\Rad\Ustawienia lokalne\Dane aplikacji\cache

2010-02-28 17:47 . 2010-03-08 19:04	--------	d-----w-	c:\program files\Nowe Gadu-Gadu

2010-02-28 17:42 . 2006-10-26 18:56	33104	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2010-02-28 17:42 . 2006-10-26 18:56	32592	----a-w-	c:\windows\system32\msonpmon.dll

2010-02-28 17:42 . 2010-02-28 17:48	--------	d-----w-	c:\documents and settings\Rad\Dane aplikacji\Nowe Gadu-Gadu

2010-02-28 17:42 . 2010-02-28 17:42	--------	d-----w-	c:\program files\Microsoft Works

2010-02-28 17:41 . 2010-02-28 17:41	--------	d-----w-	c:\program files\Microsoft.NET

2010-02-28 17:39 . 2010-02-28 17:39	--------	d-----w-	c:\program files\Microsoft Visual Studio 8

2010-02-28 17:39 . 2010-02-28 17:39	--------	d-----w-	c:\windows\SHELLNEW

2010-02-28 17:39 . 2010-02-28 17:39	--------	d-----w-	c:\documents and settings\Rad\Ustawienia lokalne\Dane aplikacji\Microsoft Help

2010-02-28 17:39 . 2010-02-28 17:43	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2010-02-28 17:38 . 2010-02-28 17:38	--------	d-----r-	C:\MSOCache

2010-02-28 17:36 . 2010-02-28 17:36	--------	d-----w-	c:\windows\system32\Lang

2010-02-28 17:36 . 2010-02-28 17:36	--------	d-sh--w-	c:\documents and settings\Rad\IETldCache

2010-02-28 17:30 . 2010-02-28 17:30	--------	d-----w-	c:\program files\Common Files\Adobe

2010-02-28 17:27 . 2010-02-28 17:27	--------	d-----w-	c:\documents and settings\NetworkService\Dane aplikacji\Xfire

2010-02-28 17:27 . 2010-02-28 17:27	664	----a-w-	c:\windows\system32\d3d9caps.dat


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-08 20:52 . 2010-02-28 16:07	16608	----a-w-	c:\windows\gdrv.sys

2010-03-08 19:55 . 2010-03-08 19:55	69232	----a-w-	c:\documents and settings\radziu\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2010-03-07 14:28 . 2010-02-28 16:08	--------	d-----w-	c:\program files\Common Files\InstallShield

2010-03-07 10:09 . 2010-02-28 16:29	69232	----a-w-	c:\documents and settings\Rad\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2010-02-28 17:36 . 2010-02-28 16:41	--------	d-----w-	c:\program files\Windows Desktop Search

2010-02-28 17:10 . 2003-04-16 12:00	88838	----a-w-	c:\windows\system32\perfc015.dat

2010-02-28 17:10 . 2003-04-16 12:00	500302	----a-w-	c:\windows\system32\perfh015.dat

2010-02-28 17:02 . 2010-02-28 17:02	23558	----a-r-	c:\documents and settings\Rad\Dane aplikacji\Microsoft\Installer\{83073C45-3003-4671-9A86-243AAADD915A}\_294823.exe

2010-02-28 17:02 . 2010-02-28 17:02	23558	----a-r-	c:\documents and settings\Rad\Dane aplikacji\Microsoft\Installer\{83073C45-3003-4671-9A86-243AAADD915A}\_18be6784.exe

2010-02-28 17:02 . 2010-02-28 17:02	--------	d-----w-	c:\program files\Microsoft Calculator Plus

2010-02-28 17:02 . 2010-02-28 17:02	912	----a-w-	c:\windows\unins000.dat

2010-02-28 17:02 . 2010-02-28 17:02	635337	----a-w-	c:\windows\unins000.exe

2010-02-28 17:02 . 2010-02-28 17:02	9454	----a-r-	c:\documents and settings\Rad\Dane aplikacji\Microsoft\Installer\{B5688129-7595-4E5B-9990-CEF981A31264}\_6FEFF9B68218417F98F549.exe

2010-02-28 17:02 . 2010-02-28 17:02	9454	----a-r-	c:\documents and settings\Rad\Dane aplikacji\Microsoft\Installer\{B5688129-7595-4E5B-9990-CEF981A31264}\_137869EA3A73403ED70C47.exe

2010-02-28 17:02 . 2010-02-28 17:02	25214	----a-r-	c:\documents and settings\Rad\Dane aplikacji\Microsoft\Installer\{CE378F36-E404-4244-A33F-F50A2A6D31BD}\ARPPRODUCTICON.exe

2010-02-28 17:02 . 2010-02-28 17:02	--------	d-----w-	c:\program files\Pro Imaging Powertoys

2010-02-28 17:02 . 2010-02-28 17:02	9062	----a-r-	c:\documents and settings\Rad\Dane aplikacji\Microsoft\Installer\{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}\ARPPRODUCTICON.exe

2010-02-28 17:02 . 2010-02-28 17:02	128	----a-w-	c:\documents and settings\Rad\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

2010-02-28 17:02 . 2010-02-28 17:02	--------	d-----w-	c:\program files\Common Files\Nikon

2010-02-28 16:39 . 2010-02-28 16:39	--------	d-----w-	c:\program files\Windows Media Connect 2

2010-02-28 16:35 . 2010-02-28 16:35	--------	d-----w-	c:\program files\MSBuild

2010-02-28 16:35 . 2010-02-28 16:35	--------	d-----w-	c:\program files\Reference Assemblies

2010-02-28 16:29 . 2010-02-28 16:29	--------	d-----w-	c:\program files\SGJ

2010-02-28 16:25 . 2010-02-28 16:03	86327	----a-w-	c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat

2010-02-28 16:12 . 2010-02-28 16:10	--------	d-----w-	c:\program files\Realtek

2010-02-28 16:12 . 2010-02-28 16:08	--------	d--h--w-	c:\program files\InstallShield Installation Information

2010-02-28 16:12 . 2010-02-28 16:12	--------	d-----w-	c:\documents and settings\Rad\Dane aplikacji\InstallShield

2010-02-28 16:10 . 2010-02-28 16:10	315392	----a-w-	c:\windows\HideWin.exe

2010-02-28 16:08 . 2010-02-28 16:08	--------	d-----w-	c:\program files\Intel

2010-02-28 16:08 . 2010-02-28 16:08	--------	d-----w-	c:\program files\Browser Configuration Utility

2010-02-28 16:08 . 2010-02-28 16:08	--------	d-----w-	c:\program files\Gigabyte

2010-02-28 16:04 . 2010-02-28 16:04	--------	d-----w-	c:\program files\microsoft frontpage

2010-02-28 16:02 . 2010-02-28 16:02	21856	----a-w-	c:\windows\system32\emptyregdb.dat

2010-02-28 16:02 . 2010-02-28 16:02	--------	d-----w-	c:\program files\Usługi online

2010-02-11 10:42 . 2010-02-11 10:42	86016	----a-w-	c:\windows\system32\frapsvid.dll

2010-01-12 04:03 . 2010-02-28 16:23	6359168	----a-w-	c:\windows\system32\nv4_disp.dll

2010-01-12 04:03 . 2010-02-28 16:22	10276768	----a-w-	c:\windows\system32\drivers\nv4_mini.sys

2009-12-31 16:50 . 2003-04-16 12:00	353792	----a-w-	c:\windows\system32\drivers\srv.sys

2009-12-17 07:42 . 2010-02-28 16:01	345088	----a-w-	c:\windows\system32\mspaint.exe

2009-12-14 07:10 . 2003-04-16 12:00	33280	----a-w-	c:\windows\system32\csrsrv.dll

2009-12-09 10:11 . 2003-04-16 12:00	2146816	----a-w-	c:\windows\system32\ntoskrnl.exe

2009-12-09 10:11 . 2002-09-20 17:12	2025472	----a-w-	c:\windows\system32\ntkrnlpa.exe

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 505152]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"WinampAgent"="e:\programy\Winamp\winampa.exe" [2009-12-18 39424]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 113584]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 225280]

"TrojanScanner"="d:\trojan remover\Trjscan.exe" [2010-02-27 1165192]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"e:\\Programy\\Xfire\\Xfire.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Gry\\badcompany2\\BFBC2Updater.exe"=

"c:\\WINDOWS\\system32\\taskswitch.exe"=

"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"e:\\Programy\\fire\\firefox.exe"=

"c:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart.exe"=

"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=

"d:\\Gry\\fifaa\\FIFA10.exe"=

"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=

"c:\\WINDOWS\\system32\\NeroCheck.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"=


R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-28 691696]

R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2010-02-28 80392]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc

.

- - - - USUNIĘTO PUSTE WPISY - - - -


HKLM-Run-GEST - (no file)

HKLM-Run-nwiz - nwiz.exe




**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-08 21:52

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net


device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spbq.sys >>UNKNOWN [0x8A2FC938]<< 

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28

\Driver\ACPI -> ACPI.sys @ 0xb7e73cb8

\Driver\atapi -> atapi.sys @ 0xb7e08b40

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d11bb0

 PacketIndicateHandler -> NDIS.sys @ 0xb7d1ea21

 SendHandler -> NDIS.sys @ 0xb7cfc87b

user & kernel MBR OK 


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'explorer.exe'(2096)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\CRawViewerExtension.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\program files\WinRAR\rarext.dll

d:\trojan~1\Trshlex.dll

c:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\wscntfy.exe

c:\windows\System32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Czas ukończenia: 2010-03-08 21:54:00 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2010-03-08 20:53


Przed: 32 336 703 488 bajtów wolnych

Po: 32 362 475 520 bajtów wolnych


WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn


- - End Of File - - 93F1332F3F74BD07A36DE7389E72AFBC

Jak ktoś się na tym zna i mógłby pomóc, byłbym wdzięczny.

Z góry dzięki.

deFco247 · 8 Marzec 2010 21:20

Zawartość logów wklejasz na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz link.

post2400382.html#p2400382