wklejto.pl

Dodane przez: ~Anonim (2009-04-16 23:12) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
ComboFix 09-04-17.01 - Tomek 2009-04-17 23:21.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1539 [GMT 2:00]
Uruchomiony z: d:\\pobrane\\Programy (Setupy)\\ComboFix.exe
AV: ArcaVir *On-access scanning enabled* (Updated)
FW: ArcaVir Firewall *enabled*
.
 
(((((((((((((((((((((((((   Pliki utworzone od 2009-03-17 do 2009-04-17  )))))))))))))))))))))))))))))))
.
 
2009-04-16 18:10 . 2009-04-16 18:10     26624   ----a-w c:\\windows\\ehopixoxiw.dll
2009-04-16 17:12 . 2009-04-16 17:12     26624   ----a-w c:\\windows\\irimaxagawoyuliw.dll
2009-04-16 17:02 . 2009-04-16 17:02     26624   ----a-w c:\\windows\\osenomozolo.dll
2009-04-15 16:47 . 2009-02-06 10:10     227840  -c----w c:\\windows\\system32\\dllcache\\wmiprvse.exe
2009-04-15 16:47 . 2009-03-06 14:22     285696  -c----w c:\\windows\\system32\\dllcache\\pdh.dll
2009-04-15 16:47 . 2009-02-09 11:25     111104  -c----w c:\\windows\\system32\\dllcache\\services.exe
2009-04-15 16:47 . 2009-02-09 10:53     401408  -c----w c:\\windows\\system32\\dllcache\\rpcss.dll
2009-04-15 16:47 . 2009-02-09 10:53     686592  -c----w c:\\windows\\system32\\dllcache\\advapi32.dll
2009-04-15 16:47 . 2009-02-09 10:53     473600  -c----w c:\\windows\\system32\\dllcache\\fastprox.dll
2009-04-15 16:47 . 2009-02-09 10:53     731136  -c----w c:\\windows\\system32\\dllcache\\lsasrv.dll
2009-04-15 16:47 . 2009-02-09 10:53     722944  -c----w c:\\windows\\system32\\dllcache\\ntdll.dll
2009-04-15 16:47 . 2009-02-09 10:53     453120  -c----w c:\\windows\\system32\\dllcache\\wmiprvsd.dll
2009-04-15 16:46 . 2009-03-27 06:58     1203922 -c----w c:\\windows\\system32\\dllcache\\sysmain.sdb
2009-04-15 16:46 . 2008-04-21 21:16     218112  -c----w c:\\windows\\system32\\dllcache\\wordpad.exe
2009-04-14 21:48 . 2009-04-14 21:48     69120   ----a-w c:\\windows\\abevetidac.dll
2009-04-14 18:41 . 2008-06-19 14:24     28544   ----a-w c:\\windows\\system32\\drivers\\pavboot.sys
2009-04-13 18:27 . 2009-04-13 18:28     --------        d-----w c:\\documents and settings\\Tomek\\Dane aplikacji\\CPUControl
2009-04-12 20:46 . 2009-04-12 20:46     --------        d-sh--w c:\\windows\\system32\\config\\systemprofile\\IETldCache
2009-03-29 15:22 . 2009-03-29 15:22     --------        d-----w c:\\documents and settings\\Tomek\\Ustawienia lokalne\\Dane aplikacji\\Ares
2009-03-28 13:34 . 2009-03-28 13:34     --------        d-sh--w c:\\documents and settings\\NetworkService\\IETldCache
2009-03-21 18:29 . 2009-03-21 18:29     --------        d-sh--w c:\\documents and settings\\LocalService\\IETldCache
2009-03-21 16:30 . 2009-03-21 16:30     --------        d-sh--w c:\\documents and settings\\Tomek\\IECompatCache
2009-03-21 16:29 . 2009-03-21 16:29     --------        d-sh--w c:\\documents and settings\\Tomek\\PrivacIE
2009-03-21 16:28 . 2009-03-21 16:28     --------        d-sh--w c:\\documents and settings\\Tomek\\IETldCache
2009-03-21 16:25 . 2009-03-21 16:25     --------        d-----w c:\\windows\\ie8updates
2009-03-21 16:24 . 2009-03-21 16:25     --------        dc-h--w c:\\windows\\ie8
2009-03-21 16:23 . 2009-02-28 04:55     105984  -c----w c:\\windows\\system32\\dllcache\\iecompat.dll
2009-03-21 14:08 . 2009-03-21 14:08     1018368 -c----w c:\\windows\\system32\\dllcache\\kernel32.dll
2009-03-20 21:48 . 2009-03-20 21:48     4       ----a-w c:\\windows\\system32\\proc-503976190.bin
 
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 21:14 . 2008-10-18 20:28     --------        d-----w c:\\program files\\Mozilla Thunderbird
2009-04-17 18:54 . 2008-10-18 19:36     --------        d-----w c:\\program files\\AutoConnect
2009-04-17 18:54 . 2009-03-22 12:33     11839   ----a-w C:\\aaw7boot.log
2009-04-17 18:31 . 2009-02-10 19:59     --------        d-----w c:\\program files\\Nowe Gadu-Gadu
2009-04-16 18:06 . 2008-12-28 15:55     --------        d-----w c:\\program files\\FlashGet
2009-04-16 17:59 . 2009-04-16 17:59     --------        d-----w c:\\program files\\Trend Micro
2009-04-15 14:13 . 2008-10-20 11:34     --------        d-----w c:\\documents and settings\\Tomek\\Dane aplikacji\\Hamachi
2009-04-15 13:44 . 2009-03-12 18:54     --------        d-----w c:\\documents and settings\\Tomek\\Dane aplikacji\\GanymedeNet
2009-04-14 18:41 . 2009-04-14 18:41     --------        d-----w c:\\program files\\Panda Security
2009-04-13 18:27 . 2009-04-13 18:27     --------        d-----w c:\\program files\\CPU-Control
2009-04-12 20:46 . 2009-02-12 19:43     --------        d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\ArcaBit
2009-04-11 17:00 . 2008-11-10 15:24     --------        d-----w c:\\program files\\Java
2009-04-11 17:00 . 2009-04-11 17:00     --------        d-----w c:\\program files\\Common Files\\Java
2009-04-04 21:07 . 2009-04-04 21:07     --------        d-----w c:\\program files\\Matroska Pack
2009-04-04 18:11 . 2008-11-27 18:52     138184  ----a-w c:\\windows\\system32\\drivers\\PnkBstrK.sys
2009-04-04 18:11 . 2008-11-27 18:52     183112  ----a-w c:\\windows\\system32\\PnkBstrB.exe
2009-04-04 16:14 . 2006-03-02 12:00     74450   ----a-w c:\\windows\\system32\\perfc015.dat
2009-04-04 16:14 . 2006-03-02 12:00     448348  ----a-w c:\\windows\\system32\\perfh015.dat
2009-04-02 10:54 . 2009-03-12 18:53     --------        d-----w c:\\program files\\Ganymede
2009-03-29 15:22 . 2009-03-29 15:22     --------        d-----w c:\\program files\\Ares
2009-03-28 13:21 . 2009-01-28 22:23     --------        d-----w c:\\documents and settings\\Tomek\\Dane aplikacji\\Skype
2009-03-28 13:21 . 2009-01-28 22:25     --------        d-----w c:\\documents and settings\\Tomek\\Dane aplikacji\\skypePM
2009-03-21 14:56 . 2009-03-14 12:18     --------        d-----w c:\\program files\\Pity 2008
2009-03-16 17:20 . 2009-02-24 20:51     --------        d-----w c:\\program files\\Common Files\\Adobe
2009-03-15 13:22 . 2009-01-31 23:28     --------        d-----w c:\\program files\\Spybot - Search & Destroy
2009-03-14 13:35 . 2009-02-28 14:06     15688   ----a-w c:\\windows\\system32\\lsdelete.exe
2009-03-14 13:35 . 2009-02-28 13:34     64160   ----a-w c:\\windows\\system32\\drivers\\Lbd.sys
2009-03-09 03:19 . 2008-11-10 15:24     410984  ----a-w c:\\windows\\system32\\deploytk.dll
2009-03-08 03:34 . 2006-03-02 12:00     914944  ----a-w c:\\windows\\system32\\wininet.dll
2009-03-08 03:34 . 2006-03-02 12:00     43008   ----a-w c:\\windows\\system32\\licmgr10.dll
2009-03-08 03:33 . 2006-03-02 12:00     18944   ----a-w c:\\windows\\system32\\corpol.dll
2009-03-08 03:33 . 2006-03-02 12:00     420352  ----a-w c:\\windows\\system32\\vbscript.dll
2009-03-08 03:32 . 2006-03-02 12:00     72704   ----a-w c:\\windows\\system32\\admparse.dll
2009-03-08 03:32 . 2006-03-02 12:00     71680   ----a-w c:\\windows\\system32\\iesetup.dll
2009-03-08 03:31 . 2006-03-02 12:00     34816   ----a-w c:\\windows\\system32\\imgutil.dll
2009-03-08 03:31 . 2006-03-02 12:00     48128   ----a-w c:\\windows\\system32\\mshtmler.dll
2009-03-08 03:31 . 2006-03-02 12:00     45568   ----a-w c:\\windows\\system32\\mshta.exe
2009-03-08 03:22 . 2006-03-02 12:00     156160  ----a-w c:\\windows\\system32\\msls31.dll
2009-03-06 14:22 . 2006-03-02 12:00     285696  ----a-w c:\\windows\\system32\\pdh.dll
2009-02-28 13:28 . 2009-02-28 13:28     --------        dc-h--w c:\\documents and settings\\All Users\\Dane aplikacji\\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-28 13:28 . 2008-11-28 15:25     --------        d-----w c:\\program files\\Common Files\\Wise Installation Wizard
2009-02-23 13:36 . 2009-02-23 13:36     --------        d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\LogiShrd
2009-02-22 14:01 . 2009-02-22 14:01     --------        d-----w c:\\program files\\Common Files\\Logishrd
2009-02-22 14:01 . 2008-10-20 13:40     --------        d-----w c:\\program files\\Common Files\\Logitech
2009-02-22 14:01 . 2008-10-18 18:45     --------        d--h--w c:\\program files\\InstallShield Installation Information
2009-02-21 13:33 . 2009-02-21 13:33     --------        d-----w c:\\documents and settings\\Tomek\\Dane aplikacji\\DAEMON Tools
2009-02-21 13:33 . 2009-02-21 13:33     --------        d-----w c:\\documents and settings\\Tomek\\Dane aplikacji\\DAEMON Tools Pro
2009-02-21 13:33 . 2009-02-21 13:33     --------        d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\DAEMON Tools Lite
2009-02-21 13:32 . 2009-02-21 13:32     --------        d-----w c:\\program files\\DAEMON Tools
2009-02-21 13:30 . 2008-10-19 12:15     717296  ----a-w c:\\windows\\system32\\drivers\\sptd.sys
2009-02-21 13:30 . 2009-02-21 13:30     --------        d-----w c:\\documents and settings\\Tomek\\Dane aplikacji\\DAEMON Tools Lite
2009-02-20 17:05 . 2008-10-18 19:12     28264   ----a-w c:\\documents and settings\\Tomek\\Ustawienia lokalne\\Dane aplikacji\\GDIPFONTCACHEV1.DAT
2009-02-20 16:56 . 2008-10-18 18:35     23000   ----a-w c:\\windows\\system32\\emptyregdb.dat
2009-02-20 15:19 . 2009-02-16 13:13     12800   ----a-w c:\\windows\\system32\\wmmest.dll
2009-02-20 15:19 . 2009-02-18 14:47     --------        d-----w c:\\documents and settings\\Tomek\\Dane aplikacji\\IDM
2009-02-20 15:19 . 2009-02-18 14:47     --------        d-----w c:\\program files\\Internet Download Manager
2009-02-20 15:18 . 2008-11-28 15:25     --------        d-----w c:\\program files\\AGEIA Technologies
2009-02-20 14:59 . 2009-02-18 14:47     --------        d-----w c:\\documents and settings\\Tomek\\Dane aplikacji\\DMCache
2009-02-20 14:51 . 2009-02-20 14:51     47747   ----a-w c:\\windows\\BricoPackUninst.cmd
2009-02-20 14:51 . 2009-02-20 14:47     2150    ----a-w c:\\windows\\BricoPackFoldersDelete.cmd
2009-02-09 14:07 . 2006-03-02 12:00     1847040 ----a-w c:\\windows\\system32\\win32k.sys
2009-02-09 11:26 . 2004-08-04 00:39     2025472 ----a-w c:\\windows\\system32\\ntkrnlpa.exe
2009-02-09 11:26 . 2006-03-02 12:00     2146816 ----a-w c:\\windows\\system32\\ntoskrnl.exe
2009-02-09 11:25 . 2006-03-02 12:00     111104  ----a-w c:\\windows\\system32\\services.exe
2009-02-09 10:53 . 2006-03-02 12:00     731136  ----a-w c:\\windows\\system32\\lsasrv.dll
2009-02-09 10:53 . 2006-03-02 12:00     686592  ----a-w c:\\windows\\system32\\advapi32.dll
2009-02-09 10:53 . 2006-03-02 12:00     401408  ----a-w c:\\windows\\system32\\rpcss.dll
2009-02-09 10:53 . 2006-03-02 12:00     722944  ----a-w c:\\windows\\system32\\ntdll.dll
2009-02-06 10:39 . 2006-03-02 12:00     35328   ----a-w c:\\windows\\system32\\sc.exe
2009-02-05 19:31 . 2008-12-02 20:22     48913   ----a-w c:\\windows\\UninstVeetleTVPlayer.exe
2009-02-05 09:54 . 2008-10-18 18:44     453152  ----a-w c:\\windows\\system32\\NVUNINST.EXE
2009-02-04 09:50 . 2009-02-04 09:50     24576   ----a-w c:\\windows\\system32\\nsis_loader.dll
2009-02-03 19:58 . 2006-03-02 12:00     56832   ----a-w c:\\windows\\system32\\secur32.dll
2009-02-01 17:08 . 2009-02-01 17:08     7738    ----a-w c:\\windows\\mozver.dat
2009-01-28 22:25 . 2009-01-28 22:25     32      ----a-w c:\\documents and settings\\All Users\\Dane aplikacji\\ezsid.dat
2008-10-20 13:31 . 2008-10-20 13:31     25600   ----a-w c:\\documents and settings\\Tomek\\usbsermptxp.sys
2008-10-20 13:31 . 2008-10-20 13:31     22768   ----a-w c:\\documents and settings\\Tomek\\usbsermpt.sys
.
 
(((((((((((((((((((((((((((((   SnapShot@2009-04-17_18.21.10   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-17 18:55 . 2009-04-17 18:55   16384              c:\\windows\\Temp\\Perflib_Perfdata_710.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
 
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\ctfmon.exe\" [2008-04-14 15360]
\"AutoConnect\"=\"c:\\program files\\AutoConnect\\AutoConnect.exe\" [2006-12-02 310784]
\"SpybotSD TeaTimer\"=\"c:\\program files\\Spybot - Search & Destroy\\TeaTimer.exe\" [2009-03-05 2260480]
\"DAEMON Tools Lite\"=\"c:\\program files\\DAEMON Tools\\daemon.exe\" [2008-12-29 687560]
\"CPU_Control\"=\"c:\\program files\\CPU-Control\\CPU_Control.exe\" [2009-01-03 1034240]
 
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Gainward\"=\"c:\\program files\\VDOTool\\TBPanel.exe\" [2007-11-27 2169368]
\"NvCplDaemon\"=\"c:\\windows\\system32\\NvCpl.dll\" [2009-02-09 13680640]
\"AvMenu\"=\"c:\\program files\\ArcaBit\\ArcaVir\\AVMenu.exe\" [2009-03-26 559624]
\"ABRegmon\"=\"c:\\program files\\ArcaBit\\ArcaVir\\ABregmon.exe\" [2008-12-12 387592]
\"ArcaCheck\"=\"c:\\program files\\ArcaBit\\ArcaVir\\ArcaCheck.exe\" [2008-11-04 662024]
\"NvMediaCenter\"=\"c:\\windows\\system32\\NvMcTray.dll\" [2009-02-09 86016]
\"Ad-Watch\"=\"c:\\program files\\Lavasoft\\Ad-Aware\\AAWTray.exe\" [2009-03-14 515416]
\"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre6\\bin\\jusched.exe\" [2009-03-09 148888]
\"SkyTel\"=\"SkyTel.EXE\" - c:\\windows\\SkyTel.exe [2006-05-16 2879488]
\"nwiz\"=\"nwiz.exe\" - c:\\windows\\system32\\nwiz.exe [2009-02-09 1657376]
\"RTHDCPL\"=\"RTHDCPL.EXE\" - c:\\windows\\RTHDCPL.exe [2007-01-30 16116224]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-14 15360]
 
[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]
\"tscuninstall\"=\"c:\\windows\\system32\\tscupgrd.exe\" [2006-03-02 44544]
 
c:\\documents and settings\\Tomek\\Menu Start\\Programy\\Autostart\\
Y\'z ToolBar.lnk - c:\\windows\\BricoPacks\\Vista Inspirat\\YzToolbar\\YzToolBar.exe [2002-9-29 90112]
 
c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\
DSLMON.lnk - c:\\program files\\SAGEM\\SAGEM F@st 800-840\\dslmon.exe [2008-10-18 962661]
Logitech SetPoint.lnk - c:\\program files\\Logitech\\SetPoint\\SetPoint.exe [2009-2-22 805392]
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\LBTWlgn]
2008-05-02 01:42        72208   ----a-w c:\\program files\\common files\\logitech\\bluetooth\\LBTWLgn.dll
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\aawservice]
@=\"\"
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\Lavasoft Ad-Aware Service]
@=\"Service\"
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\WdfLoadGroup]
@=\"\"
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GammaTray.lnk]
path=c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\GammaTray.lnk
backup=c:\\windows\\pss\\GammaTray.lnkCommon Startup
 
[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Status Monitor.lnk]
path=c:\\documents and settings\\All Users\\Menu Start\\Programy\\Autostart\\Status Monitor.lnk
backup=c:\\windows\\pss\\Status Monitor.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
2009-02-27 16:10        35696   ----a-w c:\\program files\\Adobe\\Reader 9.0\\Reader\\reader_sl.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ALLUpdate]
2008-11-24 19:44        869888  ----a-w c:\\program files\\ALLPlayer\\ALLUpdate.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ControlCenter2.0]
2005-05-17 15:42        933888  ----a-w c:\\program files\\Brother\\ControlCenter2\\brctrcen.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MagicRotation]
2007-08-24 10:40        1097728 ----a-w c:\\program files\\MagicRotation\\MagicPvt.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RivaTunerStartupDaemon]
2008-04-28 18:25        2707456 ----a-w c:\\program files\\RivaTuner v2.09\\RivaTuner.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SetDefPrt]
2005-01-26 16:02        49152   ----a-w c:\\program files\\Brother\\Brmfl05a\\BrStDvPt.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
2009-03-09 03:19        148888  ----a-w c:\\program files\\Java\\jre6\\bin\\jusched.exe
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"AntiVirusDisableNotify\"=dword:00000001
\"UpdatesDisableNotify\"=dword:00000001
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"c:\\\\Program Files\\\\Hamachi\\\\hamachi.exe\"=
\"c:\\\\Program Files\\\\FIFA 09\\\\FIFA09.exe\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=
\"c:\\\\Program Files\\\\SopCast\\\\adv\\\\SopAdver.exe\"=
\"c:\\\\Program Files\\\\SopCast\\\\SopCast.exe\"=
\"c:\\\\Program Files\\\\TVUPlayer\\\\TVUPlayer.exe\"=
\"c:\\\\Program Files\\\\TVAnts\\\\Tvants.exe\"=
\"c:\\\\Program Files\\\\Java\\\\jre6\\\\launch4j-tmp\\\\JDownloader.exe\"=
\"c:\\\\WINDOWS\\\\system32\\\\java.exe\"=
\"c:\\\\Program Files\\\\Mozilla Firefox\\\\firefox.exe\"=
\"c:\\\\Program Files\\\\Nowe Gadu-Gadu\\\\gg.exe\"=
\"c:\\\\Program Files\\\\FlashGet\\\\flashget.exe\"=
\"c:\\\\Program Files\\\\MagicTune Premium\\\\MagicTune.exe\"=
\"c:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"=
 
[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"50001:TCP\"= 50001:TCP:ArcaVir CommunicationPort (S)
\"50000:TCP\"= 50000:TCP:ArcaVir CommunicationPort (A)
 
R2 ArcaRemoteService;ArcaBit Control;c:\\program files\\ArcaBit\\ArcaAgent\\ArcaRemoteSvc.exe [2009-03-26 270336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\\program files\\Lavasoft\\Ad-Aware\\AAWService.exe [2009-03-14 951632]
R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;c:\\program files\\ArcaBit\\Common\\ArcaBit.Core.Configurator2.exe [2008-01-30 200704]
R3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;c:\\program files\\ArcaBit\\Common\\ArcaBit.Core.LoggingService.exe [2008-09-05 241664]
S0 Lbd;Lbd;c:\\windows\\system32\\DRIVERS\\Lbd.sys [2009-03-14 64160]
S0 pavboot;pavboot;c:\\windows\\system32\\drivers\\pavboot.sys [2008-06-19 28544]
S1 ABTDI;ABTDI;c:\\program files\\ArcaBit\\ArcaVir\\ABTDI.sys [2008-02-26 51208]
S1 magicpvt;magicpvt;c:\\windows\\system32\\drivers\\magicpvt.sys [2005-11-14 9728]
S2 ABFileMon;ArcaBit FileMonitor;c:\\program files\\ArcaBit\\ArcaVir\\FileMonSV.exe [2009-03-24 59912]
S2 AVBackup;ArcaBit Backup Service;c:\\program files\\ArcaBit\\ArcaTools\\arcabackup\\ArcaBackupService.exe [2008-11-25 178696]
S2 AVUpdate;ArcaBit Update Service;c:\\progra~1\\ArcaBit\\ARCAUP~1\\update.exe [2009-03-11 117256]
S3 ABFLT;ArcaBit File Monitor Driver;c:\\progra~1\\ArcaBit\\ArcaVir\\ABFLT.sys [2007-12-10 37896]
S3 SNPP106;PC Camera (6029 CIF);c:\\windows\\system32\\DRIVERS\\snpp106.sys [2002-12-05 239488]
 
 
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{edeab2d2-9dd7-11dd-b7a8-4d6564696130}]
\\Shell\\AutoRun\\command - J:\\LaunchU3.exe -a
 
[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
\"c:\\windows\\system32\\rundll32.exe\" \"c:\\windows\\system32\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP
.
Zawartość folderu \'Zaplanowane zadania\'
 
2009-04-13 c:\\windows\\Tasks\\Ad-Aware Update (Weekly).job
- c:\\program files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe [2009-01-18 13:34]
 
2009-04-17 c:\\windows\\Tasks\\User_Feed_Synchronization-{412B6CB6-D5AA-4573-B9AB-8E17BBEA3441}.job
- c:\\windows\\system32\\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: &Ściągnij przy pomocy FlashGet\'a - c:\\program files\\FlashGet\\jc_link.htm
IE: &Ściągnij wszystko przy pomocy FlashGet\'a - c:\\program files\\FlashGet\\jc_all.htm
IE: E&ksportuj do programu Microsoft Excel - c:\\progra~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - c:\\program files\\ArcaBit\\WebExtensions\\ie\\ArcaIEExt.dll
TCP: {86340E2D-74DA-4056-832C-1CF811B4898F} = 194.204.159.1 217.98.63.164
FF - ProfilePath - c:\\documents and settings\\Tomek\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\nm57hv26.default\\
FF - component: c:\\program files\\Mozilla Firefox\\extensions\\arcabit@www.arcabit.pl\\components\\ArcaExt.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\np-mswmp.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npganymedenet.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\NPWORDS.dll
FF - plugin: c:\\program files\\Photosynth\\npPhotosynthMozilla.dll
FF - plugin: c:\\program files\\Veetle\\plugins\\npVeetle.dll
FF - plugin: c:\\program files\\Veetle\\VLC\\npvlc.dll
.
 
**************************************************************************
 
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 23:22
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
skanowanie ukrytych procesów ...  
 
skanowanie ukrytych wpisów autostartu ... 
 
skanowanie ukrytych plików ...  
 
skanowanie pomyślnie ukończone
ukryte pliki: 0
 
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
 
- - - - - - - > \'winlogon.exe\'(664)
c:\\program files\\common files\\logitech\\bluetooth\\LBTWlgn.dll
c:\\program files\\common files\\logitech\\bluetooth\\LBTServ.dll
 
- - - - - - - > \'explorer.exe\'(3512)
c:\\windows\\system32\\ieframe.dll
c:\\windows\\system32\\webcheck.dll
c:\\windows\\system32\\WPDShServiceObj.dll
c:\\windows\\system32\\PortableDeviceTypes.dll
c:\\windows\\system32\\PortableDeviceApi.dll
.
Czas ukończenia: 2009-04-17 23:23
ComboFix-quarantined-files.txt  2009-04-17 21:23
ComboFix2.txt  2009-04-17 18:52
ComboFix3.txt  2009-04-17 18:22
 
Przed: 69 039 702 016 bajtów wolnych
Po: 69 027 344 384 bajtów wolnych
 
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
280     --- E O F ---   2009-04-15 20:55
 
Wygenerowano w 0.141s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!