Moja zawartość
Nie podano
ComboFix 08-11-02.03 - Arni 2008-11-03 0:40:58.1 - NTFSx86
Microsoft? Windows Vista? Home Basic 6.0.6000.0.1250.1.1033.18.235 [GMT 1:00]
Uruchomiony z: C:\Users\Arni\Downloads\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]09F35F1.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]09F3A35.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]09F3C09.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-02 do 2008-11-02 )))))))))))))))))))))))))))))))
.
2008-11-01 19:03 . 2008-11-01 19:03 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-11-01 18:40 . 2008-11-01 18:41 <DIR> d-------- C:\Program Files\CCleaner
2008-10-31 20:35 . 2006-11-02 10:46 439,808 --a------ C:\Windows\System32\win32spl.dll
2008-10-31 20:35 . 2006-11-02 10:46 37,376 --a------ C:\Windows\System32\printcom.dll
2008-10-30 21:22 . 2008-10-30 21:23 <DIR> d-------- C:\Program Files\Hamachi
2008-10-30 21:22 . 2008-10-30 21:22 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-10-29 20:07 . 2008-10-29 20:08 <DIR> d-------- C:\Users\Arni\AppData\Roaming\backup
2008-10-27 19:24 . 2008-10-27 19:27 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-10-27 19:24 . 2008-10-27 19:27 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-10-27 19:24 . 2008-10-27 19:24 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-27 19:24 . 2008-11-01 22:47 32 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-10-27 19:24 . 2008-11-01 22:47 32 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-10-27 19:24 . 2008-11-01 22:47 32 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-10-27 19:24 . 2008-11-01 22:47 32 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-10-27 19:18 . 2008-10-27 19:18 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-10-27 19:18 . 2008-10-27 19:18 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-10-27 15:21 . 2008-10-27 15:25 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-10-27 15:20 . 2008-10-27 15:23 <DIR> d-------- C:\Program Files\Symantec
2008-10-27 15:20 . 2008-10-27 15:23 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-10-27 15:20 . 2008-10-27 15:23 10,563 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-10-27 15:20 . 2008-10-27 15:23 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-10-27 02:18 . 2008-01-02 16:37 180,224 --a------ C:\Windows\System32\igfxres.dll
2008-10-24 23:24 . 2008-10-24 23:26 <DIR> d-------- C:\Users\Arni\AppData\Roaming\FileZilla
2008-10-24 23:24 . 2008-10-24 23:24 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-10-24 23:12 . 2008-10-24 23:12 <DIR> d-------- C:\Program Files\Gekko Manager
2008-10-19 14:50 . 2008-10-19 14:50 <DIR> d-------- C:\Windows\System32\HTML ON
2008-10-19 14:44 . 2008-10-19 14:44 <DIR> d-------- C:\Program Files\Alleycode
2008-10-19 14:37 . 2008-10-19 14:37 <DIR> d-------- C:\Program Files\Zajaczek
2008-10-17 18:36 . 2003-08-18 09:37 303,104 --a------ C:\Windows\System32\LEXBCES.EXE
2008-10-17 18:36 . 2003-08-18 12:47 201,216 --a------ C:\Windows\System32\LEXP2P32.DLL
2008-10-17 18:36 . 2003-08-18 12:48 196,096 --a------ C:\Windows\System32\LEX2KUSB.DLL
2008-10-17 18:36 . 2003-08-18 12:48 192,512 --a------ C:\Windows\System32\lexlmpm.dll
2008-10-17 18:36 . 2003-08-18 09:32 174,592 --a------ C:\Windows\System32\LEXPPS.EXE
2008-10-17 18:36 . 2003-08-18 09:34 147,456 --a------ C:\Windows\System32\LEXBCE.DLL
2008-10-17 18:33 . 2008-10-17 18:35 <DIR> d-------- C:\Users\Arni\{fa545de6-07f4-4735-860c-34ee095cf33d}
2008-10-17 18:22 . 2008-10-17 18:22 <DIR> d-------- C:\Lxk1100
2008-10-17 17:51 . 2008-10-17 18:37 93 --a------ C:\Windows\lexstat.ini
2008-10-17 17:41 . 2008-10-17 17:42 <DIR> d-------- C:\Users\Arni\{27ee03ad-1205-4274-8c23-2d4f999122e3}
2008-10-17 17:41 . 1997-04-08 19:08 299,520 --a------ C:\Windows\uninst.exe
2008-10-15 13:10 . 2008-09-18 03:03 2,027,520 --a------ C:\Windows\System32\win32k.sys
2008-10-15 13:10 . 2008-08-26 02:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-11 00:13 . 2008-10-11 00:13 <DIR> d-------- C:\Program Files\Belt Generator
2008-10-09 19:05 . 2008-10-09 19:05 <DIR> d-------- C:\Users\All Users\Winamp Toolbar
2008-10-09 19:05 . 2008-10-09 19:05 <DIR> d-------- C:\ProgramData\Winamp Toolbar
2008-10-09 19:05 . 2008-10-09 19:05 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-10-09 19:04 . 2008-10-09 19:04 <DIR> d-------- C:\Users\All Users\OrbNetworks
2008-10-09 19:04 . 2008-10-09 19:04 <DIR> d-------- C:\ProgramData\OrbNetworks
2008-10-09 19:04 . 2008-10-09 19:04 <DIR> d-------- C:\Program Files\Winamp Remote
2008-10-09 19:02 . 2008-10-30 14:13 <DIR> d-------- C:\Users\Arni\AppData\Roaming\Winamp
2008-10-09 11:04 . 2008-10-09 11:04 <DIR> d-------- C:\sig
2008-10-09 03:51 . 2008-10-09 03:51 <DIR> d-------- C:\Windows\Downloaded Installations
2008-10-06 00:06 . 2008-11-03 00:45 <DIR> d-------- C:\Users\Arni\AppData\Roaming\Hamachi
2008-10-05 16:18 . 2008-10-05 16:18 <DIR> d-------- C:\Program Files\Chami
2008-10-05 15:53 . 2008-10-05 15:53 <DIR> d-------- C:\Program Files\ConTEXT
2008-10-05 14:57 . 2008-10-05 15:18 <DIR> d-------- C:\Users\Arni\AppData\Roaming\HateML
2008-10-05 14:57 . 2008-10-05 14:57 <DIR> d-------- C:\Program Files\Migajek Software
2008-10-03 19:44 . 2008-10-03 19:44 104,907 --a------ C:\R1003__20_44_44.mp3
2008-10-03 19:43 . 2008-10-03 19:44 63,111 --a------ C:\R1003__20_43_55.mp3
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 19:40 --------- d-----w C:\Users\Arni\AppData\Roaming\gtk-2.0
2008-11-01 18:08 --------- d-----w C:\Users\Arni\AppData\Roaming\DNA
2008-11-01 17:41 --------- d-----w C:\Program Files\Yahoo!
2008-10-31 22:38 --------- d-----w C:\Users\Arni\AppData\Roaming\skypePM
2008-10-31 22:38 --------- d-----w C:\Users\Arni\AppData\Roaming\Skype
2008-10-27 18:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-27 14:25 --------- d-----w C:\ProgramData\Symantec
2008-10-27 01:17 --------- d-----w C:\Users\Arni\AppData\Roaming\Cream Software
2008-10-27 01:16 --------- d-----w C:\Program Files\Acer GameZone
2008-10-27 01:15 --------- d-----w C:\Users\Arni\AppData\Roaming\EditPlus 3
2008-10-16 09:18 --------- d-----w C:\Program Files\Windows Mail
2008-10-09 18:05 --------- d-----w C:\Program Files\Winamp
2008-10-09 02:32 --------- d-----w C:\Users\Arni\AppData\Roaming\BitTorrent
2008-10-03 19:24 --------- d-----w C:\Users\Arni\AppData\Roaming\NCH Software
2008-10-03 19:21 --------- d-----w C:\Users\Arni\AppData\Roaming\NCH Swift Sound
2008-10-03 19:21 --------- d-----w C:\ProgramData\NCH Swift Sound
2008-10-03 19:21 --------- d-----w C:\Program Files\NCH Swift Sound
2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-09-29 16:14 --------- d-----w C:\ProgramData\FLEXnet
2008-09-29 16:09 --------- d-----w C:\Program Files\QuickTime
2008-09-29 16:08 --------- d-----w C:\Program Files\Bonjour
2008-09-29 16:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-29 15:57 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-09-28 20:16 --------- d-----w C:\Program Files\Gadu-Gadu
2008-09-28 02:41 --------- d-----w C:\Program Files\Audacity
2008-09-23 23:30 --------- d-----w C:\Program Files\MTA San Andreas
2008-09-23 21:00 --------- d-----w C:\ProgramData\Apple
2008-09-23 21:00 --------- d-----w C:\Program Files\Apple Software Update
2008-09-19 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-19 20:44 --------- d-----w C:\Program Files\Google
2008-09-18 04:35 3,505,208 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-16 18:21 --------- d-----w C:\Program Files\GTA VC - NFS Undeground
2008-09-07 18:35 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-09-07 18:31 --------- d-----w C:\ProgramData\NCH Software
2008-09-07 18:23 --------- d-----w C:\Users\Arni\AppData\Roaming\GHISLER
2008-07-09 01:11 174 --sha-w C:\Program Files\desktop.ini
2008-03-22 16:42 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-22 16:42 32 ----a-w C:\ProgramData\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domy¶lne, prawidłowe wpisy nie s± pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"GoD"="C:\Users\Arni\Documents\GoD\GoD.exe" [2008-10-25 2517504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 51048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552]
C:\Users\Arni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-10-30 625952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Arni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Arni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 23:49 151552 C:\Acer\AcerTour\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 12:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2007-06-06 09:06 159744 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-09-26 19:58 289088 C:\Users\Arni\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-01-25 18:47 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 00:09 486856 D:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2007-04-26 00:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 11:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-02 17:06 166424 C:\Windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-02 17:07 141848 C:\Windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]
--a------ 2008-01-30 19:14 611712 C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2007-07-16 06:51 768520 C:\PROGRA~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-04-01 02:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2008-02-06 23:49 718704 C:\Program Files\Norton AntiVirus\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2007-06-22 02:25 155648 C:\Program Files\Acer\Acer Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-01-02 17:07 133656 C:\Windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-23 22:36 1232896 C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:26 22014760 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 16:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-31 14:15 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 13:34 201728 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-06-15 09:45 1826816 C:\Windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1048EC96-5F95-471B-BD1C-8C04C6B0F5EE}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{89786B70-1F30-4052-BEEA-53E5B46AF7A7}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{69A763D6-E234-43FF-A87C-CB9AEACE48C6}D:\\totalcmd\\totalcmd.exe"= UDP:D:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{D5AEA4BF-CA39-4413-8E1B-BA47731879E6}D:\\totalcmd\\totalcmd.exe"= TCP:D:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{EEE8C0D0-58F0-4F4E-AB3D-92B72A5A4E9F}C:\\users\\arni\\downloads\\samp022server.win32\\samp-server.exe"= UDP:C:\users\arni\downloads\samp022server.win32\samp-server.exe:samp-server.exe
"UDP Query User{47DB0E9D-44B2-4B9B-86A9-B0CC18898929}C:\\users\\arni\\downloads\\samp022server.win32\\samp-server.exe"= TCP:C:\users\arni\downloads\samp022server.win32\samp-server.exe:samp-server.exe
"TCP Query User{019D490D-8BAA-4FF3-A733-098781FE93D7}D:\\program files\\bittorrent\\bittorrent.exe"= UDP:D:\program files\bittorrent\bittorrent.exe:?Torrent
"UDP Query User{8CE8ACE6-068E-4330-A9C7-AE8BE3B9BE62}D:\\program files\\bittorrent\\bittorrent.exe"= TCP:D:\program files\bittorrent\bittorrent.exe:?Torrent
"{A302C1D5-3535-4BF8-82ED-4F19F667DD56}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{E0A369FB-122B-403A-8A71-1D818E22F8D2}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{A28CEE32-EB60-49EF-A64C-6D9DE6B1A2CD}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{313F9F86-3A69-440F-9F6C-A19612E37E2C}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{33577111-35AA-4B4B-88FF-1ECD93E5C5D0}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{BDD73D3C-730A-484D-898C-AF9BA59DEFA5}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{0B16BB1B-A245-4C89-B8A7-0CAB919E301C}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{7971AAAE-C7E6-47F3-9E6C-AEC2EE3FFFA6}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"{80526D25-D8C0-468D-894F-3C8C0868E5E0}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{7C4A923C-4918-4B63-8D9A-8D3670262682}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{754C697A-7090-4DDF-9764-5F673F7C8794}"= Disabled:UDP:C:\Program Files\DNA\btdna.exe:DNA
"{0A1D1762-AAFC-41E6-93D7-3AD80E6EE574}"= Disabled:TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{7C5C2D80-A992-448F-8389-2129396F303F}D:\\totalcmd\\totalcmd.exe"= Disabled:UDP:D:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{55789AEA-5FA2-4F14-9816-267A1F9AF24C}D:\\totalcmd\\totalcmd.exe"= Disabled:TCP:D:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{54E4111C-EA65-445F-9031-6D83FC0425BA}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{455052A6-4D4A-4EA4-9EF9-88CCAC9A816F}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{ED76607E-0D18-4634-AB08-F804306DDE66}C:\\users\\arni\\desktop\\serwer\\samp-server.exe"= UDP:C:\users\arni\desktop\serwer\samp-server.exe:samp-server.exe
"UDP Query User{7DD9D45A-C216-4D47-9A64-D2C6B98CEDCD}C:\\users\\arni\\desktop\\serwer\\samp-server.exe"= TCP:C:\users\arni\desktop\serwer\samp-server.exe:samp-server.exe
"TCP Query User{C29BCA89-2DC5-4D0E-B189-B4C2253E38B7}C:\\users\\arni\\desktop\\serwer\\samp-server.exe"= UDP:C:\users\arni\desktop\serwer\samp-server.exe:samp-server.exe
"UDP Query User{3614AA89-2A27-4E88-B6C3-E7F20B3C8D67}C:\\users\\arni\\desktop\\serwer\\samp-server.exe"= TCP:C:\users\arni\desktop\serwer\samp-server.exe:samp-server.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"D:\\Program Files\\BitTorrent\\bittorrent.exe"= D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 41008]
S2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c778688-ef6b-11dc-99a1-001b38596c8c}]
\shell\AutoRun\command - F:\Install.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89b9ce76-c7a3-11dc-8a66-001b38596c8c}]
\shell\AutoRun\command - F:\setup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-SetPanel - C:\Acer\APanel\APanel.cmd
.
------- Skan uzupełniaj±cy -------
.
FireFox -: Profile - C:\Users\Arni\AppData\Roaming\Mozilla\Firefox\Profiles\pvoaxf0b.default\
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\common\npyaxmpb.dll
FF -: plugin - C:\Users\Arni\Program Files\DNA\plugins\npbtdna.dll
.
.
------- Skojarzenia plików -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-11-03 00:45:31
Windows 6.0.6000 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomy¶lnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-11-03 0:49:10
ComboFix-quarantined-files.txt 2008-11-02 23:49:06
Przed: 10 014 220 288 bytes free
Po: 9,990,598,656 bytes free
309 --- E O F --- 2008-11-01 02:01:29Proszę o pomoc
