Wczoraj mój Kaspersky znalazł niby jakiegoś wirusa lecz nie potrafił go usunąć. Odpaliłem więc Combofixa który chyba go sprzątnął. Przeprowadziłem skany Kasperskim oraz online mks_vir które nic nie znalazły. Lecz komp jest szaleńczo zamulony. Aha i dzisiaj przywracałem msconfig chociaż wczoraj jeszcze był. Przesyłam loga z HJThins:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:21, on 2009-07-01
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Ad-AwareAE(dobreprogramy.pl).exe
C:\DOCUME~1\User\USTAWI~1\Temp\mia16.tmp\Ad-AwareAE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (file missing)
O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233076416671
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/999999/defaults/activex/ips/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C78951B-54E1-49BD-B25E-630A7309A26A}: NameServer = 192.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3B8B986-8D0B-4D18-8F6A-64A6E1E1F6CC}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ArcaBit Tasks Service (AVTasks2) - Unknown owner - C:\Program Files\ArcaBit\Common\arcatasksservice.exe (file missing)
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8076 bytes
Oraz wczorajszy log wykonany 2 raz już PO niby zwalczeniu wirusa.
ComboFix 09-06-29.07 - User 2009-06-30 19:11.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.570 [GMT 2:00]
Uruchomiony z: C:\ComboFix.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-28 do 2009-06-30 )))))))))))))))))))))))))))))))
.
2099-04-17 13:20 . 2099-04-17 13:20 -------- d-----w- c:\program files\Alwil Software
2009-06-30 17:07 . 2009-06-30 17:08 3044714 ----a-r- C:\ComboFix.exe
2009-06-30 16:33 . 2009-06-30 16:33 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-06-30 16:33 . 2009-06-30 16:33 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-06-30 16:33 . 2009-06-30 16:33 -------- d-----w- c:\program files\Prevx
2009-06-30 16:32 . 2009-06-30 16:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\PrevxCSI
2009-06-30 11:07 . 2009-06-30 13:13 -------- d-----w- C:\zepsute przez serwer
2009-06-28 21:04 . 2009-06-28 21:04 54272 ----a-w- c:\documents and settings\User\Dane aplikacji\GanymedeNet\Online Games\Common\ielauncher.exe
2009-06-28 21:04 . 2009-06-28 21:04 4 ----a-w- c:\windows\system32\proc20744962.bin
2009-06-28 20:58 . 2009-06-28 21:52 -------- d-----w- c:\documents and settings\User\Dane aplikacji\GanymedeNet
2009-06-28 20:57 . 2009-06-28 20:57 -------- d-----w- c:\program files\Ganymede
2009-06-28 11:58 . 2009-06-28 11:58 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Notepad++
2009-06-28 11:58 . 2009-06-28 11:58 -------- d-----w- c:\program files\Notepad++
2009-06-28 11:54 . 2009-06-28 12:04 -------- d-----w- C:\Z pena webd
2009-06-27 18:12 . 2002-03-02 22:49 416256 ----a-w- c:\windows\system32\glide3x.dll
2009-06-27 08:43 . 2009-06-27 08:43 -------- d-----w- c:\program files\Valve
2009-06-26 16:19 . 2009-06-26 18:15 -------- d-----w- C:\Radiohead-Radiohead-(Boxset_Repack)-7CD-2007-EON
2009-06-26 10:36 . 2009-06-26 10:38 -------- d-----w- C:\newsys
2009-06-26 10:34 . 2009-06-26 10:42 -------- d-----w- C:\oldsys
2009-06-25 20:48 . 2009-06-25 20:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Age of Empires 3
2009-06-25 20:43 . 2008-06-16 13:28 714240 ----a-w- c:\windows\system32\ntdll.dll
2009-06-25 20:43 . 2008-06-16 13:28 714240 ----a-w- C:\NTDLL.DLL
2009-06-25 20:16 . 2009-06-30 17:00 -------- d-----w- c:\program files\Steam
2009-06-25 18:54 . 2009-06-25 18:54 -------- d-----w- c:\program files\Microsoft Games
2009-06-23 23:05 . 2009-06-23 23:05 -------- d-----w- C:\myD2
2009-06-23 23:05 . 2009-06-23 23:09 1305181 ----a-w- C:\myD2.zip
2009-06-23 23:01 . 2009-06-24 08:51 -------- d-----w- C:\Dupe1.12_By_QQ-Terozen
2009-06-23 10:31 . 2009-06-23 10:31 -------- d-----w- c:\program files\Ubisoft
2009-06-21 11:05 . 2009-06-21 11:07 -------- d-----w- C:\AOE III PL 3w1
2009-06-20 14:05 . 2009-06-20 14:05 32784 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-19 18:28 . 2009-06-19 18:31 -------- d-----w- C:\Hunter safe
2009-06-19 04:53 . 2009-01-22 22:32 33288 ----a-w- c:\windows\system32\drivers\abndis.sys
2009-06-18 22:51 . 2009-06-18 22:51 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS
2009-06-18 22:50 . 2009-06-18 22:50 -------- d-----w- C:\WhoLockMe200
2009-06-18 16:01 . 2009-06-24 22:19 -------- d-----w- C:\CS Source
2009-06-17 23:06 . 2008-06-15 21:08 35328 ----a-w- c:\windows\system32\rundll32.exe
2009-06-17 23:01 . 2009-06-17 23:01 -------- d-----w- C:\Win MX
2009-06-17 22:54 . 2008-06-16 01:28 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2009-06-17 22:54 . 2008-06-16 01:28 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2009-06-17 16:19 . 2009-06-17 15:56 2706432 ----a-w- C:\rmslt.exe
2009-06-17 14:21 . 2009-06-17 14:21 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Malwarebytes
2009-06-17 14:21 . 2009-06-17 14:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes
2009-06-16 22:21 . 2009-06-30 11:06 -------- d-----w- C:\lspfix
2009-06-16 22:17 . 2009-06-17 13:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy
2009-06-16 21:12 . 2009-06-16 21:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab Setup Files
2009-06-16 20:57 . 2009-06-17 22:08 -------- d-----w- c:\program files\Common Files\Softwin
2009-06-16 11:07 . 2009-06-16 11:07 -------- d-----w- c:\documents and settings\User\Dane aplikacji\ZipZag
2009-06-16 11:07 . 2009-06-16 22:48 -------- d-----w- c:\program files\ZipZag
2009-06-13 17:35 . 2007-03-31 21:00 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-06-13 17:35 . 2009-06-13 17:35 -------- d-----w- c:\program files\Common Files\SourceTec
2009-06-13 17:34 . 2009-06-20 09:44 -------- d-----w- c:\program files\SourceTec
2009-06-11 21:50 . 2009-06-27 17:09 -------- d-----w- C:\Temp
2009-06-11 15:43 . 2009-06-11 15:43 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-11 15:43 . 2009-06-11 15:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-11 15:43 . 2009-06-11 15:43 112640 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2009-06-11 15:42 . 2009-06-11 15:42 416 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-06-11 15:40 . 2009-06-11 15:41 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-06-11 15:40 . 2009-06-11 15:40 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-06-11 15:39 . 2009-06-11 15:39 -------- d-----w- c:\program files\Microsoft SDKs
2009-06-11 15:35 . 2009-06-11 20:52 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-11 15:26 . 2009-03-16 21:36 931672 ----a-w- c:\windows\system32\XAudioD2_4.dll
2009-06-11 15:26 . 2009-03-16 21:35 343368 ----a-w- c:\windows\system32\XactEngineD3_4.dll
2009-06-11 15:26 . 2009-03-16 21:35 125768 ----a-w- c:\windows\system32\XAPOFXD1_3.dll
2009-06-11 15:26 . 2009-03-16 21:35 428888 ----a-w- c:\windows\system32\XactEngineA3_4.dll
2009-06-11 15:26 . 2009-03-16 21:35 4280136 ----a-w- c:\windows\system32\D3dx9d_41.dll
2009-06-11 15:26 . 2009-03-16 21:35 358728 ----a-w- c:\windows\system32\dinput8d.dll
2009-06-11 15:26 . 2009-03-16 21:35 45384 ----a-w- c:\windows\system32\X3DAudioD1_6.dll
2009-06-11 15:26 . 2009-03-16 21:36 3795784 ----a-w- c:\windows\system32\d3dx9d_33.dll
2009-06-11 15:26 . 2009-03-16 21:36 3083592 ----a-w- c:\windows\system32\d3d9d.dll
2009-06-11 15:26 . 2009-03-16 21:35 348504 ----a-w- c:\windows\system32\d3dref9.dll
2009-06-11 15:26 . 2009-03-16 21:35 497480 ----a-w- c:\windows\system32\D3DX10d_41.dll
2009-06-11 15:23 . 2009-06-11 15:26 -------- d-----w- c:\program files\Microsoft DirectX SDK (March 2009)
2009-06-11 15:23 . 2009-06-11 15:24 -------- d-----w- c:\windows\Logs
2009-06-11 15:22 . 2009-06-11 15:22 118104 ----a-w- c:\windows\dxsdkuninst.exe
2009-06-11 13:16 . 2009-06-11 18:45 -------- d-----w- C:\Dev-Cpp
2009-06-11 12:45 . 2001-11-29 06:50 28672 ----a-w- c:\windows\system32\ibxml.dll
2009-06-11 12:45 . 2001-11-29 06:50 376832 ----a-w- c:\windows\system32\gds32.dll
2009-06-11 12:45 . 2001-11-29 06:50 177152 ----a-w- c:\windows\system32\ibinstall.dll
2009-06-11 12:44 . 2009-06-11 12:44 -------- d-----w- C:\Inprise
2009-06-11 12:38 . 2009-06-11 12:43 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-06-11 08:12 . 2009-06-11 08:12 1055498 ----a-w- c:\windows\system32\libodbc++.dll
2009-06-11 00:08 . 2009-06-11 00:08 -------- d-----w- C:\bgi
2009-06-11 00:04 . 2009-06-11 00:04 573440 ----a-w- c:\windows\system32\alleg42.dll
2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 15:32 . 2009-06-15 19:50 -------- d-----w- C:\winbgi
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-08 19:35 . 2009-06-08 19:35 -------- d-----w- C:\KOSTKA_pliki
2009-06-03 20:51 . 2009-06-03 20:51 129 ----a-w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2009-06-03 20:51 . 2009-06-03 20:51 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\ApplicationHistory
2009-06-03 20:49 . 2009-06-03 20:49 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2009-06-03 20:43 . 2009-06-03 20:43 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-02 17:30 . 2009-06-11 17:23 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Dev-Cpp
2009-06-02 17:23 . 2009-06-02 17:23 -------- d-----w- c:\windows\system32\&Logs
2009-06-02 17:16 . 2009-06-20 10:05 -------- d-----w- c:\program files\ArcaBit
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 17:08 . 2009-06-20 09:46 7512096 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-30 17:08 . 2009-06-20 09:46 60816 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-30 17:08 . 2009-06-20 09:46 639008 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-30 17:08 . 2009-06-20 09:46 4312 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-30 17:05 . 2008-11-23 14:46 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent
2009-06-30 17:00 . 2009-06-20 09:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab
2009-06-30 17:00 . 2008-04-15 20:06 -------- d-----w- c:\program files\AutoConnect
2009-06-27 17:33 . 2009-01-27 16:46 -------- d-----w- c:\documents and settings\User\Dane aplikacji\mIRC
2009-06-27 11:46 . 2009-01-08 21:42 -------- d-----w- c:\program files\LookDisk
2009-06-27 10:00 . 2009-01-27 16:46 -------- d-----w- c:\program files\mIRC
2009-06-26 16:40 . 2008-06-23 14:27 -------- d-----w- c:\program files\FlashGet
2009-06-26 15:03 . 2008-11-27 16:19 65752 ----a-w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-06-25 19:07 . 2008-04-15 19:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 11:06 . 2008-12-21 12:14 9694 ----a-w- c:\windows\irunin.dat
2009-06-21 11:06 . 2008-12-21 12:14 720896 ----a-w- c:\windows\iun6002.exe
2009-06-20 14:05 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-20 14:05 . 2009-06-20 14:05 227344 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-20 14:05 . 2009-06-20 14:05 206088 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-20 14:05 . 2009-06-20 09:46 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-20 14:05 . 2009-06-20 09:46 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-20 14:05 . 2009-06-20 14:05 33808 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-20 14:05 . 2009-06-20 14:05 206088 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-20 14:05 . 2009-06-20 14:05 226832 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-20 10:05 . 2008-08-15 14:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 09:46 . 2009-06-20 09:46 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-19 22:19 . 2008-12-18 17:12 107266 ----a-w- c:\windows\DIIUnin.dat
2009-06-18 19:23 . 2008-11-23 14:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help
2009-06-17 22:10 . 2008-12-03 17:04 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP
2009-06-17 21:56 . 2008-11-23 13:38 167376 ----a-w- c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\cib6129a.default\FlashGot.exe
2009-06-17 07:43 . 2008-12-28 00:42 45056 ----a-w- c:\documents and settings\User\Dane aplikacji\Microsoft\Installer\{72D14582-8FF9-4678-9099-A04C3ABFDD7E}\Shutd.exe_72D145828FF946789099A04C3ABFDD7E.exe
2009-06-17 07:43 . 2008-12-28 00:42 45056 ----a-w- c:\documents and settings\User\Dane aplikacji\Microsoft\Installer\{72D14582-8FF9-4678-9099-A04C3ABFDD7E}\Shutd.exe1_72D145828FF946789099A04C3ABFDD7E.exe
2009-06-17 07:43 . 2008-01-15 11:42 88576 ----a-w- c:\documents and settings\User\Dane aplikacji\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
2009-06-17 07:43 . 2008-06-23 12:42 161280 ----a-w- c:\documents and settings\Przemo.MASTER\Dane aplikacji\Mozilla\Firefox\Profiles\cib6129a.default\FlashGot.exe
2009-06-17 07:43 . 2008-07-29 09:51 45056 ----a-w- c:\documents and settings\Przemo.MASTER\Dane aplikacji\Mind Technologies\Visual Mind 10\vmweb\Extractor.exe
2009-06-17 07:43 . 2008-08-07 23:21 45056 ----a-w- c:\documents and settings\Przemo.MASTER\Dane aplikacji\Microsoft\Installer\{72D14582-8FF9-4678-9099-A04C3ABFDD7E}\Shutd.exe_72D145828FF946789099A04C3ABFDD7E.exe
2009-06-17 05:14 . 2008-06-28 09:45 -------- d-----w- c:\program files\Last.fm
2009-06-17 05:02 . 2008-11-17 21:22 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-17 05:02 . 2008-06-12 17:20 -------- d-----w- c:\program files\ClonyXXL PL
2009-06-17 04:55 . 2009-04-07 19:58 -------- d-----w- c:\program files\AutoIt3
2009-06-17 04:55 . 2008-04-17 21:27 -------- d-----w- c:\program files\ASUS WiFi-AP Solo
2009-06-16 21:52 . 2008-06-04 17:41 -------- d-----w- c:\program files\SlySoft
2009-06-13 16:07 . 2009-05-03 22:36 -------- d-----w- c:\program files\Cheat Engine
2009-06-11 15:34 . 2009-03-29 06:10 4316 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-11 12:45 . 2008-12-01 17:02 -------- d-----w- c:\program files\Borland
2009-06-10 16:33 . 2009-02-09 12:18 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2008-12-25 23:08 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2008-11-23 13:32 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 16:33 . 2006-06-01 09:22 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 16:33 . 2006-06-01 09:22 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2006-06-01 09:22 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 16:33 . 2006-06-01 09:22 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 16:33 . 2006-06-01 09:22 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 16:33 . 2006-06-01 09:22 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-08 10:46 . 2008-06-27 10:00 2704 ----a-w- c:\windows\unins000.dat
2009-06-04 14:39 . 2008-11-23 13:26 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-03 20:49 . 2008-06-30 12:03 -------- d-----w- c:\program files\Microsoft.NET
2009-06-02 18:02 . 2008-12-29 17:43 -------- d-----w- c:\program files\USDownloader
2009-06-01 17:55 . 2009-05-09 22:13 1360 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-05-24 21:26 . 2009-05-24 20:33 5 ----a-w- c:\windows\system32\SySmp3con.dat
2009-05-16 17:23 . 2009-05-16 17:23 -------- d-----w- c:\program files\RegDoctor
2009-05-16 16:35 . 2009-04-15 20:18 -------- d-----w- c:\program files\One-click Audio Converter
2009-05-16 16:27 . 2009-01-14 17:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\SpeedBit
2009-05-16 16:26 . 2008-12-23 11:40 -------- d-----w- c:\program files\MagicISO
2009-05-16 16:25 . 2008-12-29 21:40 -------- d-----w- c:\program files\StealthBot
2009-05-16 16:25 . 2009-03-17 17:48 -------- d-----w- c:\program files\Avira
2009-05-11 16:10 . 2009-05-11 16:10 311936 ----a-w- c:\documents and settings\User\Dane aplikacji\MobMapUpdater\MobMapUpdaterExternals.dll
2009-05-11 16:10 . 2009-05-11 16:10 -------- d-----w- c:\documents and settings\User\Dane aplikacji\MobMapUpdater
2009-05-11 13:36 . 2009-05-11 13:14 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-10 12:31 . 2009-05-10 12:31 -------- d-----w- c:\program files\Radmin Viewer 3
2009-05-09 07:49 . 2009-05-09 07:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Blizzard
2009-05-09 07:22 . 2009-05-09 07:22 -------- d-----w- c:\program files\Kongsoft
2009-05-08 20:44 . 2009-05-08 20:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\SlySoft
2009-04-05 15:52 . 2009-04-05 12:58 34 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2009-04-04 07:33 . 2008-12-17 19:48 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-04-04 07:33 . 2008-12-17 19:48 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-04-04 07:33 . 2008-12-17 19:48 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-04-04 07:21 . 2008-12-18 17:12 2829 ----a-w- c:\windows\DIIUnin.pif
2009-04-04 07:21 . 2008-12-18 17:12 106496 ----a-w- c:\windows\DIIUnin.exe
2008-12-16 16:52 . 2009-03-15 18:51 61440 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-03-03 10:27 . 2008-03-03 10:27 28672 ----a-w- c:\program files\mozilla firefox\components\FlashgetXpi.dll
2008-08-07 13:09 . 2008-08-07 13:08 24 --sha-w- c:\windows\SBA13C4C3.tmp
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-02 310784]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-22 270128]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-25 1217784]
"ctfmon.exe"="ctfmon.exe" - c:\windows\system32\CTFMON.EXE [2001-02-20 8192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-06-20 206088]
"CnxDslTaskBar"="c:\program files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [BU]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"Resume copy"="copyfstq.exe" - c:\windows\COPYFSTQ.EXE [2002-03-24 46080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
c:\documents and settings\User\Menu Start\Programy\Autostart\
Start Firewall.lnk - c:\windows\system32\net.exe [2008-6-16 42496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^ASUS WiFi-AP Solo.lnk]
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^CloneCD Updater.exe]
backup=c:\windows\pss\CloneCD Updater.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"d:\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\RivaTuner v2.24\\RivaTuner.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"50000:TCP"= 50000:TCP:ArcaVir CommunicationPort (A)
"50001:TCP"= 50001:TCP:ArcaVir CommunicationPort (S)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 AFPAnsi;G-DATA UkrywaczAnsi;c:\windows\system32\drivers\AFPAnsi.sys [2008-12-10 31776]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-06-30 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-06-30 27656]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-04-26 72624]
R2 csiscanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-06-30 4368952]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2008-06-16 14336]
R3 ABndisMP;ABndisMP;c:\windows\system32\drivers\abndis.sys [2009-06-19 33288]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2008-11-23 131072]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2008-11-23 618112]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [2008-11-23 52736]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S0 eubajow;eubajow; [x]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2009-04-12 4224]
S1 ABTDI;ABTDI;\??\c:\program files\ArcaBit\ArcaVir\ABTDI.sys --> c:\program files\ArcaBit\ArcaVir\ABTDI.sys [?]
S2 AVTasks2;ArcaBit Tasks Service;c:\program files\ArcaBit\Common\arcatasksservice.exe --> c:\program files\ArcaBit\Common\arcatasksservice.exe [?]
S2 SPF4;Sunbelt Personal Firewall 4; [x]
S3 ABndis;ABndis Service;c:\windows\system32\drivers\abndis.sys [2009-06-19 33288]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\User\USTAWI~1\Temp\ALSysIO.sys --> c:\docume~1\User\USTAWI~1\Temp\ALSysIO.sys [?]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-11-23 176128]
S3 SNXPCARD;Golden Series Multiport Adapter Driver;c:\windows\system32\drivers\snxpcard.sys [2008-11-23 17536]
S3 SNXPSERX;Golden Series Port Driver;c:\windows\system32\drivers\snxpserx.sys [2008-11-23 54912]
S3 sterownik;sterownik;\??\c:\documents and settings\User\Pulpit\SlySoft_CloneCD_5.3.1.4_full_by_Exody\SlySoft CloneCD 5.3.1.4 full By Exody\sterownik.sys --> c:\documents and settings\User\Pulpit\SlySoft_CloneCD_5.3.1.4_full_by_Exody\SlySoft CloneCD 5.3.1.4 full By Exody\sterownik.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - c:\program files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
TCP: {2C78951B-54E1-49BD-B25E-630A7309A26A} = 192.204.159.1,194.204.152.34
TCP: {A3B8B986-8D0B-4D18-8F6A-64A6E1E1F6CC} = 194.204.159.1 217.98.63.164
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 19:24
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'lsass.exe'(1168)
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\msi.dll
c:\windows2\system32\WPDShServiceObj.dll
c:\windows2\system32\PortableDeviceTypes.dll
c:\windows2\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2009-06-30 19:27
ComboFix-quarantined-files.txt 2009-06-30 17:27
ComboFix2.txt 2009-06-30 17:06
ComboFix3.txt 2009-06-20 09:28
ComboFix4.txt 2009-06-17 13:05
ComboFix5.txt 2009-06-30 17:09
Przed: 12 384 382 976 bajtów wolnych
Po: 12 373 643 264 bajtów wolnych
363