Liczba postów: 4
Liczba wątków: 1
Dołączył: 12.05.2008
Reputacja:
0
Witam
Po tym jak usunalem wkurzajacego nortona 2005, natknalem sie na na AntiVir''a, bo wypadaloby miec jakiegos antywirusa. Wszystko byloby fajnie gdyby nie fakt, ze skanujac system, w kazdym jakby folderze znajduje mi tego trojana TR/Crypt.XPACK.Gen, wyslalem sporo rzeczy do kwarantanny z C, az wkoncu przerwalem, bo stwierdzilem ze cos tu chyba jest nie tak, tylko ze nie wiem co. Prosze wiec o pomoc, bo mam juz dosyc tych problemow z antywirusami :/.
Jak juz pisze to przy okazji zadam jeszcze kilka pytan  .
1. Czym moze byc spowodowane to, ze klikajac na niektore foldery mija troche czasu zanim sie zaznacza?
2. Czasem chcac otworzyc stronke operze czy IE w nowej karcie, te przegladarki potrafia sie zaciac i trzeba uzyc alt+ctrl+del :/
Nie wiem czy to dobry dział, jesli nie to przepraszam i prosze o przeniesienie.
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Na początek zapoznaj się z [Aby zobaczyć linki, zarejestruj się tutaj] tematem oraz daj logi z hijacka i [Aby zobaczyć linki, zarejestruj się tutaj]
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Liczba postów: 4
Liczba wątków: 1
Dołączył: 12.05.2008
Reputacja:
0
Kod: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:45, on 2008-05-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesWinampwinampa.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesNikonPictureProjectNkbMonitor.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32notepad.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesTrend MicroHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [Sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ''USŁUGA LOKALNA'')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ''USŁUGA SIECIOWA'')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ''Default user'')
O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe
O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra ''Tools'' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra ''Tools'' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:Program FilesAreschatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
--
End of file - 7395 bytes
Kod: ComboFix 08-05-12.1 - Bartek W 2008-05-13 16:46:52.1 - NTFSx86
Microsoft Windows XP Professional5.1.2600.2.1250.1.1045.18.557 [GMT 2:00]
Running from: C:DownloadsComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:windowssystem32DriversEik58.sys
C:WINDOWSsystem32WLCtrl32.dl_
C:WINDOWSsystem32WLCtrl32.dll
C:WINDOWSsystem32wsnpoemaudio.dll
C:WINDOWSsystem32wsnpoemvideo.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------Legacy_EIK58
-------Service_Eik58
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13)))))))))))))))))))))))))))))))
.
2008-05-10 12:06 . 2006-11-07 09:42 88,560 -ra------ C:WINDOWSsystem32driversw200mgmt.sys
2008-05-10 12:05 . 2006-11-07 09:42 86,368 -ra------ C:WINDOWSsystem32driversw200obex.sys
2008-05-09 23:26 . 2008-05-09 23:26 <DIR> d-------- C:Program FilesAvira
2008-05-09 23:26 . 2008-05-09 23:26 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiAvira
2008-05-07 00:31 . 2008-05-07 00:31 <DIR> d-------- C:WINDOWSsystem32pl-pl
2008-05-07 00:27 . 2008-05-07 00:27 <DIR> d--h----- C:WINDOWS$hf_mig$
2008-05-04 12:16 . 2008-05-13 16:42 <DIR> d-------- C:Downloads
2008-05-02 11:02 . 2008-05-02 11:02 221 --a------ C:WINDOWSNCLogConfig.ini
2008-04-30 16:51 . 2008-04-30 16:51 <DIR> d-------- C:Program FilesXvid
2008-04-30 16:51 . 2007-06-28 18:55 77,824 --a------ C:WINDOWSsystem32xvid.ax
2008-04-29 17:22 . 2008-04-29 17:22 38 --a------ C:WINDOWSavisplitter.INI
2008-04-29 15:25 . 2008-04-29 15:25 <DIR> d-------- C:Program FilesTortun
2008-04-28 18:59 . 2008-04-28 18:59 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiImage Zone Express
2008-04-28 14:17 . 2008-05-11 11:30 173 --a------ C:WINDOWSfunsol.ini
2008-04-26 22:03 . 2008-04-26 22:03 249,856 --------- C:WINDOWSSetup1.exe
2008-04-26 22:03 . 2008-04-26 22:03 73,216 --a------ C:WINDOWSST6UNST.EXE
2008-04-26 15:53 . 2008-04-26 15:53 43,520 --a------ C:WINDOWSsystem32CmdLineExt03.dll
2008-04-26 15:30 . 2008-04-26 15:30 21,840 --a------ C:WINDOWSsystem32SIntfNT.dll
2008-04-26 15:30 . 2008-04-26 15:30 17,212 --a------ C:WINDOWSsystem32SIntf32.dll
2008-04-26 15:30 . 2008-04-26 15:30 12,067 --a------ C:WINDOWSsystem32SIntf16.dll
2008-04-26 15:21 . 2008-04-26 15:21 106,496 --a------ C:WINDOWSDIIUnin.exe
2008-04-26 15:21 . 2008-04-26 15:37 36,032 --a------ C:WINDOWSDIIUnin.dat
2008-04-26 15:21 . 2008-04-26 15:21 2,829 --a------ C:WINDOWSDIIUnin.pif
2008-04-25 22:26 . 2004-08-04 00:44 25,088 --a------ C:WINDOWSsystem32userini.exe
2008-04-24 15:52 . 2008-05-12 21:26 <DIR> d-------- C:Documents and SettingsBartek WWINDOWS
2008-04-24 15:52 . 1997-06-04 16:29 271,248 --a------ C:WINDOWSISUN16.EXE
2008-04-24 15:52 . 1995-07-13 17:43 26,768 --a------ C:WINDOWSsystemCTL3D.DLL
2008-04-24 12:40 . 2008-04-25 13:21 <DIR> d-------- C:Program FilesGoogle
2008-04-24 12:40 . 2008-05-10 22:41 11,270 --ahs---- C:WINDOWSsystem32KGyGaAvL.sys
2008-04-24 12:40 . 2008-05-10 22:41 56 -r-hs---- C:WINDOWSsystem322E08BA0E51.sys
2008-04-24 12:39 . 2008-04-24 12:40 <DIR> d-------- C:Program FilesDivX
2008-04-23 21:14 . 2008-05-12 21:10 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiApple Computer
2008-04-23 21:14 . 2008-04-23 21:14 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiNVIDIA
2008-04-23 00:14 . 2006-11-07 09:42 97,056 -ra------ C:WINDOWSsystem32driversw200mdm.sys
2008-04-23 00:14 . 2006-11-07 09:42 9,328 -ra------ C:WINDOWSsystem32driversw200mdfl.sys
2008-04-23 00:14 . 2006-11-07 09:42 6,208 -ra------ C:WINDOWSsystem32driversw200cmnt.sys
2008-04-23 00:14 . 2006-11-07 09:42 6,208 -ra------ C:WINDOWSsystem32driversw200cm.sys
2008-04-22 23:57 . 2006-11-07 09:42 61,504 -ra------ C:WINDOWSsystem32driversw200bus.sys
2008-04-22 23:57 . 2006-11-07 09:42 5,840 -ra------ C:WINDOWSsystem32driversw200whnt.sys
2008-04-22 23:57 . 2006-11-07 09:42 5,840 -ra------ C:WINDOWSsystem32driversw200wh.sys
2008-04-22 23:17 . 2008-04-22 23:27 <DIR> d-------- C:Program FilesQuickTime
2008-04-22 23:16 . 2008-05-12 21:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiApple Computer
2008-04-22 23:14 . 2008-05-12 21:12 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiTeleca
2008-04-22 23:14 . 2008-05-12 21:12 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiSony Ericsson
2008-04-22 23:10 . 2008-04-22 23:13 <DIR> d----c--- C:WINDOWSsystem32DRVSTORE
2008-04-22 23:09 . 2008-04-22 23:09 <DIR> d-------- C:Program FilesSony Ericsson
2008-04-22 23:09 . 2008-04-22 23:09 <DIR> d-------- C:Program FilesCommon FilesTeleca Shared
2008-04-22 23:09 . 2008-05-12 21:09 <DIR> d-------- C:Documents and SettingsAll UsersDocuments
2008-04-22 23:09 . 2008-05-12 21:09 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiTeleca
2008-04-22 23:09 . 2008-05-12 21:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiSony Ericsson
2008-04-22 23:08 . 2008-04-22 23:09 <DIR> d-------- C:WINDOWSDownloaded Installations
2008-04-22 23:06 . 2008-04-22 23:06 <DIR> d-------- C:Program FilesDisc2Phone
2008-04-22 22:56 . 2008-04-22 22:58 <DIR> d-------- C:WINDOWSsystem32URTTemp
2008-04-21 21:07 . 2008-04-21 21:07 <DIR> d-------- C:Program FilesMarBit
2008-04-21 20:34 . 2008-05-12 21:35 <DIR> d-------- C:Program FilesCommon FilesDirectX
2008-04-21 20:31 . 2008-05-12 21:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiAdobe Systems
2008-04-21 20:30 . 2008-05-12 21:35 <DIR> d-------- C:Program FilesCommon FilesAdobe Systems Shared
2008-04-21 19:13 . 2008-05-12 21:11 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiNikon
2008-04-21 19:12 . 2008-04-21 19:13 <DIR> d-------- C:Program FilesNikon
2008-04-21 19:12 . 2001-10-09 10:02 434,176 --a------ C:WINDOWSsystem32DC120V15_32.DLL
2008-04-21 19:11 . 2008-05-06 23:44 <DIR> d-------- C:Program FilesCommon FilesNikon
2008-04-21 19:11 . 2008-04-21 19:11 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiQuickTime
2008-04-20 16:56 . 2008-05-12 21:10 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiGadu-Gadu
2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:Program FilesK-Lite Codec Pack
2008-04-20 11:18 . 2007-11-29 23:30 3,596,288 --a------ C:WINDOWSsystem32qt-dx331.dll
2008-04-20 11:18 . 2007-06-28 18:52 765,952 --a------ C:WINDOWSsystem32xvidcore.dll
2008-04-20 11:18 . 2006-09-24 16:11 389,120 --a------ C:WINDOWSsystem32lameACM.acm
2008-04-20 11:18 . 2004-01-25 17:18 217,088 --a------ C:WINDOWSsystem32yv12vfw.dll
2008-04-20 11:18 . 2007-06-28 18:54 180,224 --a------ C:WINDOWSsystem32xvidvfw.dll
2008-04-20 11:18 . 2007-09-04 17:56 164,352 --a------ C:WINDOWSsystem32unrar.dll
2008-04-20 11:18 . 2007-09-21 01:52 118,784 --a------ C:WINDOWSsystem32ac3acm.acm
2008-04-20 11:18 . 2007-11-29 23:28 81,920 --a------ C:WINDOWSsystem32dpl100.dll
2008-04-20 11:18 . 2007-12-24 13:49 7,680 --a------ C:WINDOWSsystem32ff_vfw.dll
2008-04-20 11:18 . 2007-07-10 17:10 547 --a------ C:WINDOWSsystem32ff_vfw.dll.manifest
2008-04-20 11:18 . 2007-10-03 16:03 414 --a------ C:WINDOWSsystem32lame_acm.xml
2008-04-20 00:14 . 2008-04-20 00:14 <DIR> d-------- C:WINDOWSsystem32Kaspersky Lab
2008-04-20 00:14 . 2008-05-12 21:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiKaspersky Lab
2008-04-19 17:16 . 2008-05-12 21:15 <DIR> d--hs---- C:Documents and SettingsBartek WUserData
2008-04-19 17:16 . 2008-05-12 21:10 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiHP
2008-04-19 17:08 . 2008-05-12 21:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiHP
2008-04-19 16:57 . 2008-05-12 21:35 <DIR> d-------- C:Program FilesCommon FilesHP
2008-04-19 16:52 . 2008-04-19 16:54 <DIR> d-------- C:Program FilesHewlett-Packard
2008-04-19 16:51 . 2008-05-12 21:35 <DIR> d-------- C:Program FilesCommon FilesHewlett-Packard
2008-04-19 16:49 . 2006-04-12 12:04 49,664 -ra------ C:WINDOWSsystem32driversHPZid412.sys
2008-04-19 16:49 . 2006-04-12 12:04 16,496 -ra------ C:WINDOWSsystem32driversHPZipr12.sys
2008-04-19 16:48 . 2006-01-03 19:12 77,824 -ra------ C:WINDOWSsystem32HPZIDS01.dll
2008-04-19 16:48 . 2006-04-10 14:03 48,128 --a------ C:WINDOWSsystem32hpzll054.dll
2008-04-19 16:48 . 2004-08-03 22:58 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys
2008-04-19 16:48 . 2004-08-03 22:58 15,104 --a--c--- C:WINDOWSsystem32dllcacheusbscan.sys
2008-04-19 16:47 . 2006-03-03 21:03 282,680 --a------ C:WINDOWSsystem32HPZidr12.dll
2008-04-19 16:47 . 2006-03-03 21:02 204,800 --a------ C:WINDOWSsystem32HPZipr12.dll
2008-04-19 16:47 . 2006-03-03 21:02 94,208 --a------ C:WINDOWSsystem32HPZipt12.dll
2008-04-19 16:47 . 2007-08-09 09:27 73,728 --a------ C:WINDOWSsystem32HPZipm12.exe
2008-04-19 16:47 . 2006-03-03 21:03 65,536 --a------ C:WINDOWSsystem32HPZinw12.exe
2008-04-19 16:47 . 2006-03-03 21:02 57,344 --a------ C:WINDOWSsystem32HPZisn12.dll
2008-04-19 16:45 . 2008-04-19 17:01 <DIR> d-------- C:Program FilesHP
2008-04-19 16:44 . 2004-08-03 23:08 31,616 --a------ C:WINDOWSsystem32driversusbccgp.sys
2008-04-19 16:44 . 2004-08-03 23:08 31,616 --a--c--- C:WINDOWSsystem32dllcacheusbccgp.sys
2008-04-19 16:44 . 2004-08-03 23:08 26,496 --a--c--- C:WINDOWSsystem32dllcacheusbstor.sys
2008-04-19 16:44 . 2004-08-03 23:01 25,856 --a------ C:WINDOWSsystem32driversusbprint.sys
2008-04-19 16:44 . 2004-08-03 23:01 25,856 --a--c--- C:WINDOWSsystem32dllcacheusbprint.sys
2008-04-19 16:43 . 2008-04-19 17:16 120,253 --a------ C:WINDOWShpoins11.dat
2008-04-19 15:17 . 2008-04-19 15:17 <DIR> d-------- C:Program Filesdirectx
2008-04-19 15:07 . 2008-04-19 15:07 <DIR> d-------- C:Program FilesDAEMON Tools
2008-04-19 15:04 . 2008-04-19 15:04 639,224 --a------ C:WINDOWSsystem32driverssptd.sys
2008-04-19 13:42 . 2004-08-04 00:35 58,624 --a------ C:WINDOWSsystem32driversredbook.sys
2008-04-19 13:42 . 2001-08-17 22:59 3,072 --a------ C:WINDOWSsystem32driversaudstub.sys
2008-04-19 13:41 . 2004-08-04 00:44 77,312 --a------ C:WINDOWSsystem32usbui.dll
2008-04-19 13:41 . 2004-08-03 22:31 20,992 --a------ C:WINDOWSsystem32driversrtl8139.sys
2008-04-19 13:40 . 2008-05-13 16:44 <DIR> d-------- C:Program FilesFlashGet
2008-04-19 13:40 . 2008-05-12 21:34 <DIR> d-------- C:Program FilesAres
2008-04-19 13:39 . 2008-05-12 21:42 <DIR> d-------- C:WINDOWSsystem32CatRoot2
2008-04-19 13:39 . 2008-04-19 13:40 <DIR> d-------- C:Program FilesWinamp
2008-04-19 13:39 . 2008-05-12 21:26 <DIR> dr-h----- C:Documents and SettingsDefault UserUstawienia lokalne
2008-04-19 13:39 . 2008-04-19 13:39 <DIR> d-------- C:Documents and SettingsDefault UserUlubione
2008-04-19 13:39 . 2008-04-19 12:45 <DIR> d--h----- C:Documents and SettingsDefault UserSzablony
2008-04-19 13:39 . 2008-04-19 13:39 <DIR> d-------- C:Documents and SettingsDefault UserPulpit
2008-04-19 13:39 . 2008-04-19 13:39 <DIR> d-------- C:Documents and SettingsDefault UserMoje dokumenty
2008-04-19 13:39 . 2008-05-12 21:26 <DIR> dr------- C:Documents and SettingsDefault UserMenu Start
2008-04-19 13:39 . 2008-05-12 21:26 <DIR> dr-h----- C:Documents and SettingsDefault UserDane aplikacji
2008-04-19 13:39 . 2008-04-19 13:39 <DIR> d-------- C:Documents and SettingsAll UsersUlubione
2008-04-19 13:39 . 2008-04-19 13:39 <DIR> d--h----- C:Documents and SettingsAll UsersSzablony
2008-04-19 13:39 . 2008-05-07 12:46 <DIR> d-------- C:Documents and SettingsAll UsersPulpit
2008-04-19 13:39 . 2008-05-12 21:09 <DIR> dr------- C:Documents and SettingsAll UsersMenu Start
2008-04-19 13:39 . 2008-05-12 21:09 <DIR> dr------- C:Documents and SettingsAll UsersDokumenty
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 19:35 --------- d-----w C:Program FilesCommon FilesInstallShield
2008-04-19 12:59 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiMicrosoft Help
2008-04-19 12:56 --------- d-----w C:Program FilesMicrosoft Works
2008-04-19 10:59 --------- d-----w C:Program FilesNVIDIA
2008-04-19 10:50 --------- d-----w C:Program Filesmicrosoft frontpage
2008-04-19 10:46 --------- d-----w C:Program FilesUsługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="C:WINDOWSSystem32NvCpl.dll" [2006-08-11 21:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:WINDOWSsystem32nwiz.exe]
"NvMediaCenter"="C:WINDOWSSystem32NvMcTray.dll" [2006-08-11 21:43 86016]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:WINDOWSSOUNDMAN.EXE]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 11:50 155648]
"WinampAgent"="C:Program FilesWinampwinampa.exe" [2006-11-21 19:38 35328]
"DAEMON Tools"="C:Program FilesDAEMON Toolsdaemon.exe" [2006-11-12 12:48 157592]
"HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2006-02-19 02:41 49152]
"Sony Ericsson PC Suite"="C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [2008-04-22 23:17 155648]
"avgnt"="C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSSystem32CTFMON.EXE" [2004-08-04 00:44 15360]
C:Documents and SettingsBartek WMenu StartProgramyAutostart
Adobe Gamma.lnk - C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
C:Documents and SettingsAll UsersMenu StartProgramyAutostart
HP Digital Imaging Monitor.lnk - C:Program FilesHPDigital Imagingbinhpqtra08.exe [2006-02-19 04:21:22 288472]
NkbMonitor.exe.lnk - C:Program FilesNikonPictureProjectNkbMonitor.exe [2008-04-21 19:13:39 118784]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalCfi13.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalDgj68.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalEik24.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalEik58.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalGkn25.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalIlo46.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalJnq25.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalNrv02.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalOtw71.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPsv82.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalRvx57.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSwa58.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalXce02.sys]
@="Driver"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=
"C:\Program Files\Ares\Ares.exe"=
"C:\Program Files\Gadu-Gadu\gg.exe"=
S0 Cfi13;Cfi13;C:WINDOWSsystem32DriversCfi13.sys []
S0 Dgj68;Dgj68;C:WINDOWSsystem32DriversDgj68.sys []
S0 Eik24;Eik24;C:WINDOWSsystem32DriversEik24.sys []
S0 Gkn25;Gkn25;C:WINDOWSsystem32DriversGkn25.sys []
S0 Ilo46;Ilo46;C:WINDOWSsystem32DriversIlo46.sys []
S0 Jnq25;Jnq25;C:WINDOWSsystem32DriversJnq25.sys []
S0 Nrv02;Nrv02;C:WINDOWSsystem32DriversNrv02.sys []
S0 Otw71;Otw71;C:WINDOWSsystem32DriversOtw71.sys []
S0 Psv82;Psv82;C:WINDOWSsystem32DriversPsv82.sys []
S0 Rvx57;Rvx57;C:WINDOWSsystem32DriversRvx57.sys []
S0 Swa58;Swa58;C:WINDOWSsystem32DriversSwa58.sys []
S0 Xce02;Xce02;C:WINDOWSsystem32DriversXce02.sys []
S3 w200bus;Sony Ericsson W200 driver (WDM);C:WINDOWSsystem32DRIVERSw200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:WINDOWSsystem32DRIVERSw200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:WINDOWSsystem32DRIVERSw200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:WINDOWSsystem32DRIVERSw200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:WINDOWSsystem32DRIVERSw200obex.sys [2006-11-07 09:42]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 16:54:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:WINDOWSsystem32ntos.exe 443904 bytes executable
C:WINDOWSsystem32wsnpoem
scan completed successfully
hidden files: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesHPDigital Imagingbinhpqste08.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
.
**************************************************************************
.
Completion time: 2008-05-13 16:57:16 - machine was rebooted
ComboFix-quarantined-files.txt2008-05-13 14:56:48
Pre-Run: 3,101,339,648 bajtów wolnych
Post-Run: 3,440,709,632 bajt˘w wolnych
280
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Pobierz program [Aby zobaczyć linki, zarejestruj się tutaj]
* Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:SDFix)
* Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)
* Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
* Wciśnij Ynastąpi proces usuwania.
* Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
* Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
* Pokaż Report.txt znajdujący się w folderze SDFix.
Po zabiegach dajesz nowe logi z hijacka, Combofix oraz raport z SDFix
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Liczba postów: 4
Liczba wątków: 1
Dołączył: 12.05.2008
Reputacja:
0
Prosze 
Hijack
Kod: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:52, on 2008-05-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesWinampwinampa.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:WINDOWSsystem32notepad.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesTrend MicroHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [Sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ''USŁUGA LOKALNA'')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ''USŁUGA SIECIOWA'')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User ''Default user'')
O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe
O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra ''Tools'' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra ''Tools'' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:Program FilesAreschatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
--
End of file - 7231 bytes
ComboFix
Kod: ComboFix 08-05-12.1 - Bartek W 2008-05-13 18:20:27.2 - NTFSx86
Microsoft Windows XP Professional5.1.2600.2.1250.1.1045.18.610 [GMT 2:00]
Running from: C:DownloadsComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13)))))))))))))))))))))))))))))))
.
2008-05-13 17:53 . 2008-05-13 17:53 <DIR> d-------- C:WINDOWSERUNT
2008-05-13 17:45 . 2008-05-13 17:45 <DIR> d-------- C:SDFix
2008-05-13 16:58 . 2008-05-13 16:58 <DIR> d-------- C:Program FilesTrend Micro
2008-05-10 12:06 . 2006-11-07 09:42 88,560 -ra------ C:WINDOWSsystem32driversw200mgmt.sys
2008-05-10 12:05 . 2006-11-07 09:42 86,368 -ra------ C:WINDOWSsystem32driversw200obex.sys
2008-05-09 23:26 . 2008-05-09 23:26 <DIR> d-------- C:Program FilesAvira
2008-05-09 23:26 . 2008-05-09 23:26 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiAvira
2008-05-07 00:31 . 2008-05-07 00:31 <DIR> d-------- C:WINDOWSsystem32pl-pl
2008-05-07 00:27 . 2008-05-07 00:27 <DIR> d--h----- C:WINDOWS$hf_mig$
2008-05-04 12:16 . 2008-05-13 17:44 <DIR> d-------- C:Downloads
2008-05-02 11:02 . 2008-05-02 11:02 221 --a------ C:WINDOWSNCLogConfig.ini
2008-04-30 16:51 . 2008-04-30 16:51 <DIR> d-------- C:Program FilesXvid
2008-04-30 16:51 . 2007-06-28 18:55 77,824 --a------ C:WINDOWSsystem32xvid.ax
2008-04-29 17:22 . 2008-04-29 17:22 38 --a------ C:WINDOWSavisplitter.INI
2008-04-29 15:25 . 2008-04-29 15:25 <DIR> d-------- C:Program FilesTortun
2008-04-28 18:59 . 2008-04-28 18:59 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiImage Zone Express
2008-04-28 14:17 . 2008-05-11 11:30 173 --a------ C:WINDOWSfunsol.ini
2008-04-26 22:03 . 2008-04-26 22:03 249,856 --------- C:WINDOWSSetup1.exe
2008-04-26 22:03 . 2008-04-26 22:03 73,216 --a------ C:WINDOWSST6UNST.EXE
2008-04-26 15:53 . 2008-04-26 15:53 43,520 --a------ C:WINDOWSsystem32CmdLineExt03.dll
2008-04-26 15:30 . 2008-04-26 15:30 21,840 --a------ C:WINDOWSsystem32SIntfNT.dll
2008-04-26 15:30 . 2008-04-26 15:30 17,212 --a------ C:WINDOWSsystem32SIntf32.dll
2008-04-26 15:30 . 2008-04-26 15:30 12,067 --a------ C:WINDOWSsystem32SIntf16.dll
2008-04-26 15:21 . 2008-04-26 15:21 106,496 --a------ C:WINDOWSDIIUnin.exe
2008-04-26 15:21 . 2008-04-26 15:37 36,032 --a------ C:WINDOWSDIIUnin.dat
2008-04-26 15:21 . 2008-04-26 15:21 2,829 --a------ C:WINDOWSDIIUnin.pif
2008-04-25 22:26 . 2004-08-04 00:44 25,088 --a------ C:WINDOWSsystem32userini.exe
2008-04-24 15:52 . 2008-05-12 21:26 <DIR> d-------- C:Documents and SettingsBartek WWINDOWS
2008-04-24 15:52 . 1997-06-04 16:29 271,248 --a------ C:WINDOWSISUN16.EXE
2008-04-24 15:52 . 1995-07-13 17:43 26,768 --a------ C:WINDOWSsystemCTL3D.DLL
2008-04-24 12:40 . 2008-04-25 13:21 <DIR> d-------- C:Program FilesGoogle
2008-04-24 12:40 . 2008-05-10 22:41 11,270 --ahs---- C:WINDOWSsystem32KGyGaAvL.sys
2008-04-24 12:40 . 2008-05-10 22:41 56 -r-hs---- C:WINDOWSsystem322E08BA0E51.sys
2008-04-24 12:39 . 2008-04-24 12:40 <DIR> d-------- C:Program FilesDivX
2008-04-23 21:14 . 2008-05-12 21:10 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiApple Computer
2008-04-23 21:14 . 2008-04-23 21:14 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiNVIDIA
2008-04-23 00:14 . 2006-11-07 09:42 97,056 -ra------ C:WINDOWSsystem32driversw200mdm.sys
2008-04-23 00:14 . 2006-11-07 09:42 9,328 -ra------ C:WINDOWSsystem32driversw200mdfl.sys
2008-04-23 00:14 . 2006-11-07 09:42 6,208 -ra------ C:WINDOWSsystem32driversw200cmnt.sys
2008-04-23 00:14 . 2006-11-07 09:42 6,208 -ra------ C:WINDOWSsystem32driversw200cm.sys
2008-04-22 23:57 . 2006-11-07 09:42 61,504 -ra------ C:WINDOWSsystem32driversw200bus.sys
2008-04-22 23:57 . 2006-11-07 09:42 5,840 -ra------ C:WINDOWSsystem32driversw200whnt.sys
2008-04-22 23:57 . 2006-11-07 09:42 5,840 -ra------ C:WINDOWSsystem32driversw200wh.sys
2008-04-22 23:17 . 2008-04-22 23:27 <DIR> d-------- C:Program FilesQuickTime
2008-04-22 23:16 . 2008-05-12 21:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiApple Computer
2008-04-22 23:14 . 2008-05-12 21:12 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiTeleca
2008-04-22 23:14 . 2008-05-12 21:12 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiSony Ericsson
2008-04-22 23:10 . 2008-04-22 23:13 <DIR> d----c--- C:WINDOWSsystem32DRVSTORE
2008-04-22 23:09 . 2008-04-22 23:09 <DIR> d-------- C:Program FilesSony Ericsson
2008-04-22 23:09 . 2008-04-22 23:09 <DIR> d-------- C:Program FilesCommon FilesTeleca Shared
2008-04-22 23:09 . 2008-05-12 21:09 <DIR> d-------- C:Documents and SettingsAll UsersDocuments
2008-04-22 23:09 . 2008-05-12 21:09 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiTeleca
2008-04-22 23:09 . 2008-05-12 21:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiSony Ericsson
2008-04-22 23:08 . 2008-04-22 23:09 <DIR> d-------- C:WINDOWSDownloaded Installations
2008-04-22 23:06 . 2008-04-22 23:06 <DIR> d-------- C:Program FilesDisc2Phone
2008-04-22 22:56 . 2008-04-22 22:58 <DIR> d-------- C:WINDOWSsystem32URTTemp
2008-04-21 21:07 . 2008-04-21 21:07 <DIR> d-------- C:Program FilesMarBit
2008-04-21 20:34 . 2008-05-12 21:35 <DIR> d-------- C:Program FilesCommon FilesDirectX
2008-04-21 20:31 . 2008-05-12 21:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiAdobe Systems
2008-04-21 20:30 . 2008-05-12 21:35 <DIR> d-------- C:Program FilesCommon FilesAdobe Systems Shared
2008-04-21 19:13 . 2008-05-12 21:11 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiNikon
2008-04-21 19:12 . 2008-04-21 19:13 <DIR> d-------- C:Program FilesNikon
2008-04-21 19:12 . 2001-10-09 10:02 434,176 --a------ C:WINDOWSsystem32DC120V15_32.DLL
2008-04-21 19:11 . 2008-05-06 23:44 <DIR> d-------- C:Program FilesCommon FilesNikon
2008-04-21 19:11 . 2008-04-21 19:11 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiQuickTime
2008-04-20 16:56 . 2008-05-12 21:10 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiGadu-Gadu
2008-04-20 11:18 . 2008-04-20 11:18 <DIR> d-------- C:Program FilesK-Lite Codec Pack
2008-04-20 11:18 . 2007-11-29 23:30 3,596,288 --a------ C:WINDOWSsystem32qt-dx331.dll
2008-04-20 11:18 . 2007-06-28 18:52 765,952 --a------ C:WINDOWSsystem32xvidcore.dll
2008-04-20 11:18 . 2006-09-24 16:11 389,120 --a------ C:WINDOWSsystem32lameACM.acm
2008-04-20 11:18 . 2004-01-25 17:18 217,088 --a------ C:WINDOWSsystem32yv12vfw.dll
2008-04-20 11:18 . 2007-06-28 18:54 180,224 --a------ C:WINDOWSsystem32xvidvfw.dll
2008-04-20 11:18 . 2007-09-04 17:56 164,352 --a------ C:WINDOWSsystem32unrar.dll
2008-04-20 11:18 . 2007-09-21 01:52 118,784 --a------ C:WINDOWSsystem32ac3acm.acm
2008-04-20 11:18 . 2007-11-29 23:28 81,920 --a------ C:WINDOWSsystem32dpl100.dll
2008-04-20 11:18 . 2007-12-24 13:49 7,680 --a------ C:WINDOWSsystem32ff_vfw.dll
2008-04-20 11:18 . 2007-07-10 17:10 547 --a------ C:WINDOWSsystem32ff_vfw.dll.manifest
2008-04-20 11:18 . 2007-10-03 16:03 414 --a------ C:WINDOWSsystem32lame_acm.xml
2008-04-20 00:14 . 2008-04-20 00:14 <DIR> d-------- C:WINDOWSsystem32Kaspersky Lab
2008-04-20 00:14 . 2008-05-12 21:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiKaspersky Lab
2008-04-19 17:16 . 2008-05-12 21:15 <DIR> d--hs---- C:Documents and SettingsBartek WUserData
2008-04-19 17:16 . 2008-05-12 21:10 <DIR> d-------- C:Documents and SettingsBartek WDane aplikacjiHP
2008-04-19 17:08 . 2008-05-12 21:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiHP
2008-04-19 16:57 . 2008-05-12 21:35 <DIR> d-------- C:Program FilesCommon FilesHP
2008-04-19 16:52 . 2008-04-19 16:54 <DIR> d-------- C:Program FilesHewlett-Packard
2008-04-19 16:51 . 2008-05-12 21:35 <DIR> d-------- C:Program FilesCommon FilesHewlett-Packard
2008-04-19 16:49 . 2006-04-12 12:04 49,664 -ra------ C:WINDOWSsystem32driversHPZid412.sys
2008-04-19 16:49 . 2006-04-12 12:04 16,496 -ra------ C:WINDOWSsystem32driversHPZipr12.sys
2008-04-19 16:48 . 2006-01-03 19:12 77,824 -ra------ C:WINDOWSsystem32HPZIDS01.dll
2008-04-19 16:48 . 2006-04-10 14:03 48,128 --a------ C:WINDOWSsystem32hpzll054.dll
2008-04-19 16:48 . 2004-08-03 22:58 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys
2008-04-19 16:48 . 2004-08-03 22:58 15,104 --a--c--- C:WINDOWSsystem32dllcacheusbscan.sys
2008-04-19 16:47 . 2006-03-03 21:03 282,680 --a------ C:WINDOWSsystem32HPZidr12.dll
2008-04-19 16:47 . 2006-03-03 21:02 204,800 --a------ C:WINDOWSsystem32HPZipr12.dll
2008-04-19 16:47 . 2006-03-03 21:02 94,208 --a------ C:WINDOWSsystem32HPZipt12.dll
2008-04-19 16:47 . 2007-08-09 09:27 73,728 --a------ C:WINDOWSsystem32HPZipm12.exe
2008-04-19 16:47 . 2006-03-03 21:03 65,536 --a------ C:WINDOWSsystem32HPZinw12.exe
2008-04-19 16:47 . 2006-03-03 21:02 57,344 --a------ C:WINDOWSsystem32HPZisn12.dll
2008-04-19 16:45 . 2008-04-19 17:01 <DIR> d-------- C:Program FilesHP
2008-04-19 16:44 . 2004-08-03 23:08 31,616 --a------ C:WINDOWSsystem32driversusbccgp.sys
2008-04-19 16:44 . 2004-08-03 23:08 31,616 --a--c--- C:WINDOWSsystem32dllcacheusbccgp.sys
2008-04-19 16:44 . 2004-08-03 23:08 26,496 --a--c--- C:WINDOWSsystem32dllcacheusbstor.sys
2008-04-19 16:44 . 2004-08-03 23:01 25,856 --a------ C:WINDOWSsystem32driversusbprint.sys
2008-04-19 16:44 . 2004-08-03 23:01 25,856 --a--c--- C:WINDOWSsystem32dllcacheusbprint.sys
2008-04-19 16:43 . 2008-04-19 17:16 120,253 --a------ C:WINDOWShpoins11.dat
2008-04-19 15:17 . 2008-04-19 15:17 <DIR> d-------- C:Program Filesdirectx
2008-04-19 15:07 . 2008-04-19 15:07 <DIR> d-------- C:Program FilesDAEMON Tools
2008-04-19 15:04 . 2008-04-19 15:04 639,224 --a------ C:WINDOWSsystem32driverssptd.sys
2008-04-19 13:42 . 2004-08-04 00:35 58,624 --a------ C:WINDOWSsystem32driversredbook.sys
2008-04-19 13:42 . 2001-08-17 22:59 3,072 --a------ C:WINDOWSsystem32driversaudstub.sys
2008-04-19 13:41 . 2004-08-04 00:44 77,312 --a------ C:WINDOWSsystem32usbui.dll
2008-04-19 13:41 . 2004-08-03 22:31 20,992 --a------ C:WINDOWSsystem32driversrtl8139.sys
2008-04-19 13:40 . 2008-05-13 17:47 <DIR> d-------- C:Program FilesFlashGet
2008-04-19 13:40 . 2008-05-12 21:34 <DIR> d-------- C:Program FilesAres
2008-04-19 13:39 . 2008-05-13 16:55 <DIR> d-------- C:WINDOWSsystem32CatRoot2
2008-04-19 13:39 . 2008-04-19 13:40 <DIR> d-------- C:Program FilesWinamp
2008-04-19 13:39 . 2008-05-12 21:26 <DIR> dr-h----- C:Documents and SettingsDefault UserUstawienia lokalne
2008-04-19 13:39 . 2008-04-19 13:39 <DIR> d-------- C:Documents and SettingsDefault UserUlubione
2008-04-19 13:39 . 2008-04-19 12:45 <DIR> d--h----- C:Documents and SettingsDefault UserSzablony
2008-04-19 13:39 . 2008-04-19 13:39 <DIR> d-------- C:Documents and SettingsDefault UserPulpit
2008-04-19 13:39 . 2008-04-19 13:39 <DIR> d-------- C:Documents and SettingsDefault UserMoje dokumenty
2008-04-19 13:39 . 2008-05-12 21:26 <DIR> dr------- C:Documents and SettingsDefault UserMenu Start
2008-04-19 13:39 . 2008-05-12 21:26 <DIR> dr-h----- C:Documents and SettingsDefault UserDane aplikacji
2008-04-19 13:39 . 2008-04-19 13:39 <DIR> d-------- C:Documents and SettingsAll UsersUlubione
2008-04-19 13:39 . 2008-04-19 13:39 <DIR> d--h----- C:Documents and SettingsAll UsersSzablony
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 19:35 --------- d-----w C:Program FilesCommon FilesInstallShield
2008-04-19 12:59 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiMicrosoft Help
2008-04-19 12:56 --------- d-----w C:Program FilesMicrosoft Works
2008-04-19 10:59 --------- d-----w C:Program FilesNVIDIA
2008-04-19 10:50 --------- d-----w C:Program Filesmicrosoft frontpage
2008-04-19 10:46 --------- d-----w C:Program FilesUsługi online
.
((((((((((((((((((((((((((((( snapshot@2008-05-13_16.56.00.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-13 14:53:17 2,048 --s-a-w C:WINDOWSbootstat.dat
+ 2008-05-13 16:05:44 2,048 --s-a-w C:WINDOWSbootstat.dat
+ 2008-05-13 00:55:56 163,328 ----a-w C:WINDOWSERUNTSDFIXERDNT.EXE
+ 2008-05-13 15:53:19 3,936,256 ----a-w C:WINDOWSERUNTSDFIXUsers[u]0[/u]0000001NTUSER.DAT
+ 2008-05-13 15:53:19 8,192 ----a-w C:WINDOWSERUNTSDFIXUsers[u]0[/u]0000002UsrClass.dat
+ 2008-05-13 00:55:56 163,328 ----a-w C:WINDOWSERUNTSDFIX_First_RunERDNT.EXE
+ 2008-05-13 15:53:09 3,936,256 ----a-w C:WINDOWSERUNTSDFIX_First_RunUsers[u]0[/u]0000001NTUSER.DAT
+ 2008-05-13 15:53:10 8,192 ----a-w C:WINDOWSERUNTSDFIX_First_RunUsers[u]0[/u]0000002UsrClass.dat
- 2008-05-13 14:53:20 16,384 ----a-w C:WINDOWSsystem32configsystemprofileCookiesindex.dat
+ 2008-05-13 15:51:13 16,384 ----a-w C:WINDOWSsystem32configsystemprofileCookiesindex.dat
- 2008-05-13 14:53:20 32,768 ----a-w C:WINDOWSsystem32configsystemprofileUstawienia lokalneHistoriaHistory.IE5index.dat
+ 2008-05-13 15:51:13 32,768 ----a-w C:WINDOWSsystem32configsystemprofileUstawienia lokalneHistoriaHistory.IE5index.dat
- 2008-05-13 14:53:20 32,768 ----a-w C:WINDOWSsystem32configsystemprofileUstawienia lokalneTemporary Internet FilesContent.IE5index.dat
+ 2008-05-13 15:51:13 32,768 ----a-w C:WINDOWSsystem32configsystemprofileUstawienia lokalneTemporary Internet FilesContent.IE5index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="C:WINDOWSSystem32NvCpl.dll" [2006-08-11 21:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:WINDOWSsystem32nwiz.exe]
"NvMediaCenter"="C:WINDOWSSystem32NvMcTray.dll" [2006-08-11 21:43 86016]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 55296 C:WINDOWSSOUNDMAN.EXE]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 11:50 155648]
"WinampAgent"="C:Program FilesWinampwinampa.exe" [2006-11-21 19:38 35328]
"DAEMON Tools"="C:Program FilesDAEMON Toolsdaemon.exe" [2006-11-12 12:48 157592]
"HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2006-02-19 02:41 49152]
"Sony Ericsson PC Suite"="C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [2008-04-22 23:17 155648]
"avgnt"="C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSSystem32CTFMON.EXE" [2004-08-04 00:44 15360]
C:Documents and SettingsBartek WMenu StartProgramyAutostart
Adobe Gamma.lnk - C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
C:Documents and SettingsAll UsersMenu StartProgramyAutostart
HP Digital Imaging Monitor.lnk - C:Program FilesHPDigital Imagingbinhpqtra08.exe [2006-02-19 04:21:22 288472]
NkbMonitor.exe.lnk - C:Program FilesNikonPictureProjectNkbMonitor.exe [2008-04-21 19:13:39 118784]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalCfi13.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalDgj68.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalEik24.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalEik58.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalGkn25.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalIlo46.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalJnq25.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalNrv02.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalOtw71.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPsv82.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalRvx57.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSwa58.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalXce02.sys]
@="Driver"
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=
"C:\Program Files\Ares\Ares.exe"=
"C:\Program Files\Gadu-Gadu\gg.exe"=
S0 Cfi13;Cfi13;C:WINDOWSsystem32DriversCfi13.sys []
S0 Dgj68;Dgj68;C:WINDOWSsystem32DriversDgj68.sys []
S0 Eik24;Eik24;C:WINDOWSsystem32DriversEik24.sys []
S0 Gkn25;Gkn25;C:WINDOWSsystem32DriversGkn25.sys []
S0 Ilo46;Ilo46;C:WINDOWSsystem32DriversIlo46.sys []
S0 Jnq25;Jnq25;C:WINDOWSsystem32DriversJnq25.sys []
S0 Nrv02;Nrv02;C:WINDOWSsystem32DriversNrv02.sys []
S0 Otw71;Otw71;C:WINDOWSsystem32DriversOtw71.sys []
S0 Psv82;Psv82;C:WINDOWSsystem32DriversPsv82.sys []
S0 Rvx57;Rvx57;C:WINDOWSsystem32DriversRvx57.sys []
S0 Swa58;Swa58;C:WINDOWSsystem32DriversSwa58.sys []
S0 Xce02;Xce02;C:WINDOWSsystem32DriversXce02.sys []
S3 w200bus;Sony Ericsson W200 driver (WDM);C:WINDOWSsystem32DRIVERSw200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:WINDOWSsystem32DRIVERSw200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:WINDOWSsystem32DRIVERSw200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:WINDOWSsystem32DRIVERSw200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:WINDOWSsystem32DRIVERSw200obex.sys [2006-11-07 09:42]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 18:25:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-13 18:25:41
ComboFix-quarantined-files.txt2008-05-13 16:25:37
ComboFix2.txt2008-05-13 14:57:22
Pre-Run: 3,363,639,296 bajtów wolnych
Post-Run: 3,368,341,504 bajtów wolnych
264
SDFix
Kod: [b]SDFix: Version 1.182 [/b]
Run by Bartek W on 2008-05-13 at 17:58
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:SDFixSDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:WINDOWSsystem32ntos.exe- Deleted
C:WINDOWSsystem32wsnpoemaudio.dll- Deleted
C:WINDOWSsystem32wsnpoemvideo.dll- Deleted
C:WINDOWSsystem32wsnpoemvideo.dll - Deleted
C:WINDOWSsystem32wsnpoemaudio.dll - Deleted
Folder C:WINDOWSsystem32wsnpoem - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 18:06:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg]
"s1"=dword:9eef68fc
"s2"=dword:9ed467df
"h0"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4]
"p0"="C:Program FilesDAEMON Tools"
"h0"=dword:00000000
"khjeh"=hex:3a,1e,f7,9b,d0,0e,54,cb,6a,5e,f0,5e,39,28,90,41,28,ff,22,c5,10,..
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,18,a2,78,d0,99,1e,92,f8,d0,ac,ed,25,9c,82,fe,28,3e,..
"khjeh"=hex:20,63,43,d3,a6,1e,ab,d4,53,6f,b8,4c,c8,e3,9d,fb,df,69,48,67,c0,..
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5e,e0,c6,5f,93,1b,f6,0b,da,54,cf,ee,21,0c,d7,35,9b,e3,fc,47,7c,..
[HKEY_LOCAL_MACHINESYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4]
"p0"="C:Program FilesDAEMON Tools"
"h0"=dword:00000000
"khjeh"=hex:3a,1e,f7,9b,d0,0e,54,cb,6a,5e,f0,5e,39,28,90,41,28,ff,22,c5,10,..
[HKEY_LOCAL_MACHINESYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,18,a2,78,d0,99,1e,92,f8,d0,ac,ed,25,9c,82,fe,28,3e,..
"khjeh"=hex:20,63,43,d3,a6,1e,ab,d4,53,6f,b8,4c,c8,e3,9d,fb,df,69,48,67,c0,..
[HKEY_LOCAL_MACHINESYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5e,e0,c6,5f,93,1b,f6,0b,da,54,cf,ee,21,0c,d7,35,9b,e3,fc,47,7c,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - C:SDFixSDFixbackupsbackups.zip
[b]Files with Hidden Attributes [/b]:
Sat 10 May 200856 ..SHR --- "C:WINDOWSsystem322E08BA0E51.sys"
Sat 10 May 200811,270 A.SH. --- "C:WINDOWSsystem32KGyGaAvL.sys"
Sat 26 Apr 2008 4,348 A.SH. --- "C:Documents and SettingsAll UsersDRMDRMv1.bak"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTriedit.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedVBA.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedVGX.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedWeb Folders.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMSSoapBinaries.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesNikonDriver.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesNikonImages.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesNikonMaidMods.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesNikonMessage Center.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesNikonProfiles.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesNikonServices.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesNikonUtilities.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesODBCData Sources.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSpeechEnginesMicrosoft.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedAdBlocking.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedAntiSpam.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedCCPD-LC.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedDecomposers.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedHelp.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedIDS.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedLiveReg.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedOptions.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedScript Blocking.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSecurity Center.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSPBBC.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSPManifests.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSymcData.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedDW1045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedEQUATION1045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedHelp1028.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedHelp1031.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedHelp1033.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedHelp1036.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedHelp1040.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedHelp1041.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedHelp1042.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedHelp1046.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedHelp1049.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedHelp2052.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedHelp3082.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedMODI12.0.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE111045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE121045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Cultures.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controller.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedPortal1045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedPROOF1031.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedPROOF1033.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedPROOF1045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedSmart Tag1045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedSmart TagLISTS.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedSpeech1045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12AFTRNOON.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12ARCTIC.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12AXIS.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12BLENDS.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12BLUECALM.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12BLUEPRNT.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12BOLDSTRI.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12BREEZE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12CANYON.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12CAPSULES.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12CASCADE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12COMPASS.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12CONCRETE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12DEEPBLUE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12ECHO.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12ECLIPSE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12EDGE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12EVRGREEN.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12EXPEDITN.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12ICE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12INDUST.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12IRIS.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12JOURNAL.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12LAYERS.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12LEVEL.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12NETWORK.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12PAPYRUS.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12PIXEL.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12PROFILE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12QUAD.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12RADIAL.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12REFINED.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12RICEPAPR.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12RIPPLE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12RMNSQUE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12SATIN.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12SKY.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12SLATE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12SONORA.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12SPRING.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12STRTEDGE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12STUDIO.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12SUMIPNTG.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12WATER.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTHEMES12WATERMAR.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTRANSLATENGE.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedTRANSLATGEEN.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedVBAVBA6.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedWeb Folders1045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMSSoapBinariesResources.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesNikonDriverPTPCam.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSpeechEnginesMicrosoftLexicon.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSpeechEnginesMicrosoftTTS.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSymcDataidsdefs.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup ControllerExcel.pl-pl.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup ControllerHOMESTUDENTR.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup ControllerOffice.pl-pl.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup ControllerOneNote.pl-pl.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup ControllerPowerPoint.pl-pl.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup ControllerProof.de.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup ControllerProof.en.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup ControllerProofing.pl-pl.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup ControllerProof.pl.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup ControllerRosebud.pl-pl.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup ControllerWord.pl-pl.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedSmart TagLISTS1045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedVBAVBA61033.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft SharedVBAVBA61045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12BIN.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40admcgi.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40admisapi.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40bin.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40bots.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40isapi.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40servsupp.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40_vti_bin.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMSSoapBinariesResources1045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSpeechEnginesMicrosoftLexicon1033.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSpeechEnginesMicrosoftTTS1033.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSymcDataidsdefs20080425.001.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSymcDataidsdefs20080429.001.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSymcDataidsdefsBinHub.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSymcDataidsdefsincoming.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSymcDataidsdefstmp1219.tmp.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSymcDataidsdefstmp1416.tmp.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesSymantec SharedSymcDataidsdefstmp3ef7.tmp.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12BIN1045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40admcgiscripts.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40admisapiscripts.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40bin1045.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40botsvinavbar.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40isapi_vti_adm.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40isapi_vti_aut.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40_vti_bin_vti_adm.exe"
Tue6 May 200853,248 ..SH. --- "C:Program FilesCommon FilesMicrosoft Sharedweb server extensions40_vti_bin_vti_aut.exe"
[b]Finished![/b]
Chcialem dodac jeszcze, ze wlaczajac combofix antyvira ciagle go wykrywal i musialem go wylaczyc:/, to normalne?
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Cytat: C:WINDOWSsystem32userini.exe
Usuń ten plik.
Cytat: C:WINDOWSsystem322E08BA0E51.sys
Ten plik przeskanuj na [Aby zobaczyć linki, zarejestruj się tutaj] lub [Aby zobaczyć linki, zarejestruj się tutaj]
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Liczba postów: 4
Liczba wątków: 1
Dołączył: 12.05.2008
Reputacja:
0
Troche pozno pisze, ale wyjechalemm, wiec nie mialem dostpeu do kompa.
Plik przeskanowalem tutaj [Aby zobaczyć linki, zarejestruj się tutaj] i nic nie wykryto.
A jesli chodzi o ten plik co mam go usunac, to mam to zrobic ręcznie?
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Silv napisał(a):A jesli chodzi o ten plik co mam go usunac, to mam to zrobic ręcznie?
Usuń go ręcznie z dysku w trybie awaryjnym i wyłączonym przywracaniem systemu.
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
|
