COMBOFIX
- Kod: Zaznacz wszystko
ComboFix 09-03-06.02 - Chłopaki 2009-03-09 9:04:38.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2047.1648 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Chłopaki\Pulpit\takie i inne\ComboFix.exe
AV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\altcmd
c:\program files\altcmd\altcmd.inf
c:\program files\altcmd\altcmd32.dll
c:\program files\altcmd\uninstall.bat
c:\windows\system32\wowfx.dll
c:\windows\TEMP\rundll32.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-09 do 2009-03-09 )))))))))))))))))))))))))))))))
.
2009-02-21 15:33 . 2009-03-08 17:06 <DIR> d-------- c:\documents and settings\Chłopaki\Dane aplikacji\Tibia
2009-02-18 11:13 . 2005-09-18 01:32 5,376 --a------ c:\windows\system32\antiwpa.dll
2009-02-18 11:02 . 2009-02-18 11:02 <DIR> d-------- c:\windows\system32\xlib254.dll
2009-02-18 11:02 . 2009-02-18 11:02 <DIR> d-------- c:\windows\system32\append.dll
2009-02-12 14:44 . 2009-02-12 14:44 <DIR> d-------- c:\documents and settings\Chłopaki\Dane aplikacji\Red Alert 3
2009-02-12 14:18 . 2006-06-19 13:50 454,656 --a------ c:\windows\system32\snapapi32.dll
2009-02-12 12:11 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-02-12 12:11 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-02-12 12:11 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-02-12 12:11 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-02-12 12:11 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-02-12 12:11 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-02-12 12:11 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-02-09 16:11 . 2009-02-09 16:11 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-09 16:11 . 2009-02-09 16:11 73,728 --a------ c:\windows\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 23:10 --------- d-----w c:\documents and settings\Chłopaki\Dane aplikacji\gtk-2.0
2009-03-07 14:46 --------- d-----w c:\documents and settings\Chłopaki\Dane aplikacji\Audacity
2009-02-18 17:13 --------- d-----w c:\program files\neostrada tp
2009-02-14 21:44 --------- d-----w c:\documents and settings\Chłopaki\Dane aplikacji\Skype
2009-02-14 20:21 --------- d-----w c:\documents and settings\Chłopaki\Dane aplikacji\skypePM
2009-02-09 15:13 --------- d-----w c:\program files\Asprate
2009-02-09 15:11 --------- d-----w c:\program files\Java
2009-01-31 10:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 09:23 --------- d-----w c:\program files\Eset
2009-01-30 15:37 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\NVIDIA
2009-01-29 18:10 --------- d-----w c:\documents and settings\Chłopaki\Dane aplikacji\GanymedeNet
2009-01-29 18:09 --------- d-----w c:\program files\Ganymede
2009-01-28 15:24 --------- d-----w c:\documents and settings\Chłopaki\Dane aplikacji\Malwarebytes
2009-01-28 15:24 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-01-26 17:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Wru
2009-01-26 17:16 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Electronic Arts
2009-01-25 19:48 --------- d-----w c:\documents and settings\Chłopaki\Dane aplikacji\.purple
2009-01-20 15:38 --------- d-----w c:\documents and settings\Chłopaki\Dane aplikacji\Moje pliki Bitwy o Śródziemie™ II
2009-01-20 12:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-20 12:08 --------- d-----w c:\program files\AGEIA Technologies
2009-01-19 18:56 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\DrivingSpeed2
2009-01-18 22:20 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Trymedia
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-12 20:00 --------- d-----w c:\documents and settings\Chłopaki\Dane aplikacji\DNA
.
((((((((((((((((((((((((((((( SnapShot@2009-02-27_18.52.24.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-03 13:03:38 8,489,472 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\shell32.dll
+ 2008-02-15 22:03:24 369,152 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\spru0415.dll
+ 2008-06-17 19:03:15 8,489,984 ----a-w c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll
+ 2008-06-17 19:04:53 8,490,496 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:57:12 19,320 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:57:13 234,360 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:57:12 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:57:15 763,256 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:57:23 398,200 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2007-10-25 16:57:22 31,201,792 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2008-07-03 13:16:27 8,483,328 -c--a-w c:\windows\system32\dllcache\shell32.dll
- 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-12-06 15:34:11 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-08 16:02:50 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-10-25 16:57:22 8,483,328 ----a-w c:\windows\system32\shell32.dll
+ 2008-07-03 13:16:27 8,483,328 ----a-w c:\windows\system32\shell32.dll
+ 2009-03-09 08:07:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_120.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 08:44 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SService"="c:\windows\TEMP\EXPLORER.EXE" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-05-04 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 136600]
c:\documents and settings\Chopaki\Menu Start\Programy\Autostart\
Skr˘t do licence.cmd.lnk - d:\programy\Legalizacja_Windows_XP\Legalizacja_Windows_XP_for_www.darkwarez.pl\licence.cmd [2009-01-30 22]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= d:\szablony html\lekkiSzablon\index.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo9"= SDVC03.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Dual.lnk]
path=c:\documents and settings\Chłopaki\Menu Start\Programy\Autostart\Dual.lnk
backup=c:\windows\pss\Dual.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^No-IP DUC.lnk]
path=c:\documents and settings\Chłopaki\Menu Start\Programy\Autostart\No-IP DUC.lnk
backup=c:\windows\pss\No-IP DUC.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Registration Assassin's Creed.LNK]
path=c:\documents and settings\Chłopaki\Menu Start\Programy\Autostart\Registration Assassin's Creed.LNK
backup=c:\windows\pss\Registration Assassin's Creed.LNKStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Skrót do licence (2).lnk]
path=c:\documents and settings\Chłopaki\Menu Start\Programy\Autostart\Skrót do licence (2).lnk
backup=c:\windows\pss\Skrót do licence (2).lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Skrót do licence.lnk]
path=c:\documents and settings\Chłopaki\Menu Start\Programy\Autostart\Skrót do licence.lnk
backup=c:\windows\pss\Skrót do licence.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk]
path=c:\documents and settings\Chłopaki\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^UberIcon.lnk]
path=c:\documents and settings\Chłopaki\Menu Start\Programy\Autostart\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Ubisoft register.lnk]
path=c:\documents and settings\Chłopaki\Menu Start\Programy\Autostart\Ubisoft register.lnk
backup=c:\windows\pss\Ubisoft register.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Y'z Shadow.lnk]
path=c:\documents and settings\Chłopaki\Menu Start\Programy\Autostart\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Y'z ToolBar.lnk]
path=c:\documents and settings\Chłopaki\Menu Start\Programy\Autostart\Y'z ToolBar.lnk
backup=c:\windows\pss\Y'z ToolBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
--a------ 2007-02-28 13:18 2351864 d:\programy\aqq\AQQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-05-05 10:20 289088 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 d:\programy\deamon tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
--a------ 2003-03-24 16:38 1443328 d:\programy\edhtml\EdHTML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
--a------ 2006-09-13 08:58 2154496 c:\program files\VDOTool\TBPANEL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 20:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 14:43 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2008-03-03 13:44 266240 d:\programy\odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-29 17:57 21755688 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-09-07 14:35 716800 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2005-05-20 02:11 925696 c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 14:55 32768 c:\progra~1\NEOSTR~1\GestMAJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 12:49 20480 c:\progra~1\NEOSTR~1\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wru]
--a------ 2008-12-20 13:16 2170880 d:\programy\Wru\Wru.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-10-27 14:21 61952 c:\windows\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 14:43 1519616 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\programy\\total commander\\totalcmd\\TOTALCMD.EXE"=
"d:\\programy\\bitcomet\\BitComet.exe"=
"d:\\programy\\GG 7.7\\Gadu-Gadu\\gg.exe"=
"d:\\GRY\\Etherslords 2\\Etherlords2.exe"=
"d:\\programy\\bearshare\\BearShare.exe"=
"d:\\programy\\Mozilla Firefox\\opera.exe"=
"d:\\GRY\\dedkarz\\Dethkarz.exe"=
"d:\\programy\\game spy\\Aphex.exe"=
"d:\\GRY\\Stronghlod Crusader\\Stronghold Crusader.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\GRY\\Władca Pierścieni Ring Conquest\\Launcher.exe"=
"d:\\GRY\\Soldat\\Soldat\\Soldat.exe"=
"d:\\GRY\\Soldat1.4.1\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-05-04 15424]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-05-04 64000]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-05-04 116992]
S3 SDVC05;USB SDVC05;c:\windows\system32\drivers\SDVC05.sys [2008-08-30 18088]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e5ab69f-1bab-11dd-a67c-0018f3dab27a}]
\Shell\AutoRun\command - G:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e5ab6a0-1bab-11dd-a67c-0018f3dab27a}]
\Shell\AutoRun\command - H:\RunGame.exe
.
Zawartość folderu 'Zaplanowane zadania'
2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/pl/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: &D&ownload &with BitComet - d:\programy\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\programy\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\programy\bitcomet\BitComet.exe/AddAllLink.htm
IE: { - c:\program files\Messenger\msmsgs.exe
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Chłopaki\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]z3zo40i.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\npdsplay.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\npganymedenet.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\nppl3260.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\npqtplugin.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\npqtplugin2.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\npqtplugin3.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\npqtplugin4.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\npqtplugin5.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\npqtplugin6.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\npqtplugin7.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\nprpjplug.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\NPSWF32.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\npWebLaunch.dll
FF - plugin: d:\programy\Mozilla Firefox\program\plugins\npwmsdrm.dll
FF - plugin: d:\programy\vlc madia player\VLC\npvlc.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 09:07:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-343818398-682003330-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,7b,2b,e0,63,72,1b,2d,b2,73,81,1e,69,57,82,4c,b3,2b,0f,40,4d,43,ef,
a2,06,d6,3c,9b,fb,48,32,47,76,78,f3,9f,36,19,e5,ea,aa,3a,c5,46,19,75,9c,7d,\
"??"=hex:2c,73,d4,fd,cf,e5,b4,01,18,4d,f6,12,a7,9b,58,41
[HKEY_USERS\S-1-5-21-343818398-682003330-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:39,c3,d5,d5,03,b1,b0,b0,8c,bd,9a,99,1b,1f,99,18,5a,ef,3f,3d,9d,
eb,a9,38,f2,1f,50,62,5a,3c,86,04,72,96,29,e8,44,66,b0,03,46,c4,16,b9,cd,65,\
"rkeysecu"=hex:94,aa,0d,62,95,54,3e,7d,7a,46,c7,0a,9d,bf,f7,ec
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-09 9:09:27 - komputer został uruchomiony ponownie [Chłopaki]
ComboFix-quarantined-files.txt 2009-03-09 08:09:14
ComboFix2.txt 2009-02-27 17:53:35
ComboFix3.txt 2008-09-02 21:44:02
Przed: 18 093 133 824 bajtów wolnych
Po: 18,091,036,672 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
301 --- E O F --- 2009-02-28 01:34:08
HIJACKTHIS
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:31:32, on 2009-03-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
D:\programy\GG 7.7\Gadu-Gadu\gg.exe
D:\programy\Mozilla Firefox\Opera.exe
C:\Documents and Settings\Chłopaki\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\programy\bitcomet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SService] C:\WINDOWS\TEMP\EXPLORER.EXE
O4 - Startup: Skrót do licence.cmd.lnk = D:\programy\Legalizacja_Windows_XP\Legalizacja_Windows_XP_for_www.darkwarez.pl\licence.cmd
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\programy\bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\programy\bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\programy\bitcomet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\programy\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\GRY\nfs undercover\PB\PnkBstrA.exe (file missing)
O24 - Desktop Component 1: (no name) - D:\szablony html\lekkiSzablon\index.html
--
End of file - 5824 bytes
