jamaika

Przeskanowałem dwoma i raczej nic:

A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing





AhnLab-V3 2008.7.25.1 2008.07.25 -
AntiVir 7.8.1.12 2008.07.25 -
Authentium 5.1.0.4 2008.07.24 -
Avast 4.8.1195.0 2008.07.25 -
AVG 8.0.0.130 2008.07.25 -
BitDefender 7.2 2008.07.25 -
CAT-QuickHeal 9.50 2008.07.24 -
ClamAV 0.93.1 2008.07.25 -
DrWeb 4.44.0.09170 2008.07.25 -
eSafe 7.0.17.0 2008.07.24 -
eTrust-Vet 31.6.5981 2008.07.25 -
Ewido 4.0 2008.07.25 -
F-Prot 4.4.4.56 2008.07.24 -
F-Secure 7.60.13501.0 2008.07.25
Fortinet 3.14.0.0 2008.07.25 -
GData 2.0.7306.1023 2008.07.25 -
Ikarus T3.1.1.34.0 2008.07.25 -
Kaspersky 7.0.0.125 2008.07.25 -
McAfee 5346 2008.07.24 -
Microsoft 1.3704 2008.07.24 -
NOD32v2 3298 2008.07.25 -
Norman 5.80.02 2008.07.24 -
Panda 9.0.0.4 2008.07.25 -
PCTools 4.4.2.0 2008.07.24 -
Prevx1 V2 2008.07.25 -
Rising 20.54.42.00 2008.07.25 -
Sophos 4.31.0 2008.07.25 -
Sunbelt 3.1.1536.1 2008.07.18 -
Symantec 10 2008.07.25 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.25 -
VBA32 3.12.8.1 2008.07.24 -
ViRobot 2008.7.25.1310 2008.07.25 -
VirusBuster 4.5.11.0 2008.07.24 -
Webwasher-Gateway 6.6.2 2008.07.25 -

ComboFix 08-07-22.4 - USER 2008-07-25 10:58:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.584 [GMT 2:00]
Running from: C:\Documents and Settings\USER\Pulpit\Michała\porgramy\Logi\ComboFix.exe
Command switches used :: C:\Documents and Settings\USER\Pulpit\Michała\porgramy\Logi\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wdrivers
C:\WINDOWS\system32\wdrivers\20080723 224855.sys
C:\WINDOWS\system32\wdrivers\20080723 225246.sys

.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-24 12:43 . 2008-07-24 12:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 12:43 . 2008-07-24 12:43 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Malwarebytes
2008-07-24 12:43 . 2008-07-24 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2008-07-24 12:43 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 12:43 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-23 19:09 . 2008-07-23 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 18:52 . 2008-07-23 18:55 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-07-23 18:40 . 2008-07-23 18:56 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-07-23 14:25 . 2008-07-23 14:25 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Uniblue
2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Program Files\tibia2
2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Tibia
2008-07-18 17:39 . 2008-07-18 17:40 <DIR> d-------- C:\Program Files\RegCleaner
2008-07-18 17:31 . 2008-07-18 17:32 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\RegClean
2008-07-18 17:19 . 2008-07-18 17:19 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\URSoft
2008-07-17 22:24 . 2008-07-17 22:36 <DIR> d-------- C:\Documents and Settings\USER\dodian.com
2008-07-07 17:23 . 2008-07-10 10:15 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\SecondLife
2008-07-03 13:44 . 2008-07-03 13:44 <DIR> d-------- C:\Program Files\Syncro SVN Client 3.2
2008-07-03 12:00 . 2008-07-03 12:00 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Subversion
2008-07-03 12:00 . 2008-07-07 12:56 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\com.syncrosvnclient
2008-07-03 11:48 . 2008-07-03 11:48 <DIR> d-------- C:\Program Files\Sun
2008-07-03 11:48 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-03 11:47 . 2008-07-03 11:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-01 16:38 . 2008-07-23 22:37 23 --a------ C:\Documents and Settings\USER\jagex_runescape_preferences.dat
2008-07-01 13:28 . 2008-07-22 20:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-01 13:28 . 2008-07-01 13:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-29 14:12 . 2008-06-29 14:12 <DIR> d-------- C:\Program Files\Phoenix Crew
2008-06-26 22:10 . 2008-06-26 22:10 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-25 19:22 . 2008-06-25 20:44 616 --a------ C:\WINDOWS\eReg.dat
2008-06-25 19:17 . 2008-06-25 19:43 <DIR> d-------- C:\Program Files\EA Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 22:12 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\DNA
2008-07-24 16:46 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-22 18:12 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Xfire
2008-07-22 18:05 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\OpenOffice.org2
2008-07-20 09:19 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-20 09:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-18 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 15:41 --------- d-----w C:\Program Files\Bethesda Softworks
2008-07-18 15:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-13 13:03 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Azureus
2008-07-07 12:39 --------- d-----w C:\Program Files\Azureus
2008-07-03 09:48 --------- d-----w C:\Program Files\Java
2008-07-02 09:39 --------- d-----w C:\Program Files\Xfire
2008-06-29 17:48 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Nokia Multimedia Player
2008-06-21 11:24 --------- d-----w C:\Program Files\LucasArts
2008-06-20 21:15 --------- d-----w C:\Program Files\LEGO Media
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 16:11 --------- d-----w C:\Program Files\Cheat Engine
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 07:55 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-06-19 07:55 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-06-19 07:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
2008-06-19 07:54 --------- d-----w C:\Program Files\Ulead Systems
2008-06-19 07:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-06-18 19:46 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Sony
2008-06-18 19:46 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Publish Providers
2008-06-18 19:42 --------- d-----w C:\Program Files\Vstplugins
2008-06-18 19:42 --------- d-----w C:\Program Files\Sony
2008-06-18 19:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-06-18 19:41 --------- d-----w C:\Program Files\Sony Setup
2008-06-18 08:49 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 14:42 --------- d-----w C:\Program Files\sXe Injected
2008-06-13 10:09 --------- d-----w C:\Program Files\MTA San Andreas
2008-06-10 11:22 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-08 18:08 22,328 ----a-w C:\Documents and Settings\USER\Dane aplikacji\PnkBstrK.sys
2008-06-08 17:59 --------- d-----w C:\Program Files\Activision
2008-06-06 19:28 --------- d-----w C:\Program Files\GMX Media
2008-06-05 20:36 4,358,144 ----a-w C:\WINDOWS\uncsetup.exe
2008-06-05 19:09 163,328 ------w C:\WINDOWS\UNINEPSE.EXE
2008-06-05 14:57 --------- d-----w C:\Program Files\Ubisoft
2008-06-04 17:55 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\BitTorrent
2008-06-04 15:41 --------- d-----w C:\Program Files\MagicISO
2008-06-04 15:40 --------- d-----w C:\Program Files\Electronic Arts
2008-06-04 15:38 --------- d-----w C:\Program Files\Maxis
2008-06-03 18:23 --------- d-----w C:\Program Files\DNA
2008-06-03 18:23 --------- d-----w C:\Program Files\BitTorrent
2008-06-01 19:00 --------- d-----w C:\Program Files\Tibia
2008-05-30 17:03 --------- d-----w C:\Program Files\Tasker
2008-05-25 08:44 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-05-10 10:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-10 10:38 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-23_23.07.01.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-25 08:54:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_560.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-03 20:23 289088]
"Google Update"="C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-07-16 15:56 119280]
"RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [2008-06-22 20:37 601848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-25 15:49 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 13:36 229376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\USER\Menu Start\Programy\Autostart\
YouTube Uploader.lnk - C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-16 10:42:48 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwd42.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\Program Files\\MTA San Andreas\\server\\MTA Server.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Soldat\\Soldat.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"D:\\SecondLife\\SLVoice.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-10-04 07:39]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-10-04 07:39]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-10-04 07:39]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-10-04 07:39]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-10-04 07:39]
S3 Pwd42;Pwd42;C:\WINDOWS\System32\drivers\Pwd42.sys [2008-01-11 13:29]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-18 15:31:23 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 11:00:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-25 11:01:38
ComboFix-quarantined-files.txt 2008-07-25 09:01:33
ComboFix2.txt 2008-07-24 10:31:44
ComboFix3.txt 2008-07-23 21:07:15

Pre-Run: 15,313,842,176 bajtów wolnych
Post-Run: 15,433,367,552 bajtów wolnych

211 --- E O F --- 2008-07-10 07:57:07




Już jest okey? Folder QooBox usunąłem...

ComboFix 08-07-22.4 - USER 2008-07-24 12:28:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.651 [GMT 2:00]
Running from: C:\Documents and Settings\USER\Pulpit\Michała\porgramy\Logi\ComboFix.exe
Command switches used :: C:\Documents and Settings\USER\Pulpit\Michała\porgramy\Logi\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::
C:\WINDOWS\system32\deviceemulator.exe
C:\WINDOWS\system32\wdrivers
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\free-downloads.net
C:\Program Files\free-downloads.net\INSTALL.LOG
C:\Program Files\free-downloads.net\toolbar.cfg
C:\Program Files\free-downloads.net\UNWISE.EXE

.
((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.

2008-07-23 22:48 . 2008-07-23 22:53 <DIR> d-------- C:\WINDOWS\system32\wdrivers
2008-07-23 19:09 . 2008-07-23 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 18:52 . 2008-07-23 18:55 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-07-23 18:40 . 2008-07-23 18:56 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-07-23 14:25 . 2008-07-23 14:25 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Uniblue
2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Program Files\tibia2
2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Tibia
2008-07-18 17:39 . 2008-07-18 17:40 <DIR> d-------- C:\Program Files\RegCleaner
2008-07-18 17:31 . 2008-07-18 17:32 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\RegClean
2008-07-18 17:19 . 2008-07-18 17:19 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\URSoft
2008-07-17 22:24 . 2008-07-17 22:36 <DIR> d-------- C:\Documents and Settings\USER\dodian.com
2008-07-07 17:23 . 2008-07-10 10:15 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\SecondLife
2008-07-03 13:44 . 2008-07-03 13:44 <DIR> d-------- C:\Program Files\Syncro SVN Client 3.2
2008-07-03 12:00 . 2008-07-03 12:00 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Subversion
2008-07-03 12:00 . 2008-07-07 12:56 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\com.syncrosvnclient
2008-07-03 11:48 . 2008-07-03 11:48 <DIR> d-------- C:\Program Files\Sun
2008-07-03 11:48 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-03 11:47 . 2008-07-03 11:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-01 16:38 . 2008-07-23 22:37 23 --a------ C:\Documents and Settings\USER\jagex_runescape_preferences.dat
2008-07-01 13:28 . 2008-07-22 20:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-01 13:28 . 2008-07-01 13:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-29 14:12 . 2008-06-29 14:12 <DIR> d-------- C:\Program Files\Phoenix Crew
2008-06-26 22:10 . 2008-06-26 22:10 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-25 19:22 . 2008-06-25 20:44 616 --a------ C:\WINDOWS\eReg.dat
2008-06-25 19:17 . 2008-06-25 19:43 <DIR> d-------- C:\Program Files\EA Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 10:27 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\DNA
2008-07-23 16:56 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-22 18:12 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Xfire
2008-07-22 18:05 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\OpenOffice.org2
2008-07-20 09:19 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-20 09:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-18 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 15:41 --------- d-----w C:\Program Files\Bethesda Softworks
2008-07-18 15:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-13 13:03 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Azureus
2008-07-07 12:39 --------- d-----w C:\Program Files\Azureus
2008-07-03 09:48 --------- d-----w C:\Program Files\Java
2008-07-02 09:39 --------- d-----w C:\Program Files\Xfire
2008-06-29 17:48 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Nokia Multimedia Player
2008-06-21 11:24 --------- d-----w C:\Program Files\LucasArts
2008-06-20 21:15 --------- d-----w C:\Program Files\LEGO Media
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 16:11 --------- d-----w C:\Program Files\Cheat Engine
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 07:55 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-06-19 07:55 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-06-19 07:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
2008-06-19 07:54 --------- d-----w C:\Program Files\Ulead Systems
2008-06-19 07:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-06-18 19:46 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Sony
2008-06-18 19:46 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Publish Providers
2008-06-18 19:42 --------- d-----w C:\Program Files\Vstplugins
2008-06-18 19:42 --------- d-----w C:\Program Files\Sony
2008-06-18 19:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-06-18 19:41 --------- d-----w C:\Program Files\Sony Setup
2008-06-18 08:49 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 14:42 --------- d-----w C:\Program Files\sXe Injected
2008-06-13 10:09 --------- d-----w C:\Program Files\MTA San Andreas
2008-06-10 11:22 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-08 18:08 22,328 ----a-w C:\Documents and Settings\USER\Dane aplikacji\PnkBstrK.sys
2008-06-08 17:59 --------- d-----w C:\Program Files\Activision
2008-06-06 19:28 --------- d-----w C:\Program Files\GMX Media
2008-06-05 20:36 4,358,144 ----a-w C:\WINDOWS\uncsetup.exe
2008-06-05 19:09 163,328 ------w C:\WINDOWS\UNINEPSE.EXE
2008-06-05 14:57 --------- d-----w C:\Program Files\Ubisoft
2008-06-04 17:55 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\BitTorrent
2008-06-04 15:41 --------- d-----w C:\Program Files\MagicISO
2008-06-04 15:40 --------- d-----w C:\Program Files\Electronic Arts
2008-06-04 15:38 --------- d-----w C:\Program Files\Maxis
2008-06-03 18:23 --------- d-----w C:\Program Files\DNA
2008-06-03 18:23 --------- d-----w C:\Program Files\BitTorrent
2008-06-01 19:00 --------- d-----w C:\Program Files\Tibia
2008-05-30 17:03 --------- d-----w C:\Program Files\Tasker
2008-05-25 08:44 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-05-10 10:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-10 10:38 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-23_23.07.01.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-24 09:06:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-03 20:23 289088]
"Google Update"="C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-07-16 15:56 119280]
"RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [2008-06-22 20:37 601848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-25 15:49 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 13:36 229376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\USER\Menu Start\Programy\Autostart\
YouTube Uploader.lnk - C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-16 10:42:48 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwd42.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\Program Files\\MTA San Andreas\\server\\MTA Server.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Soldat\\Soldat.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"D:\\SecondLife\\SLVoice.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-10-04 07:39]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-10-04 07:39]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-10-04 07:39]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-10-04 07:39]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-10-04 07:39]
S3 Pwd42;Pwd42;C:\WINDOWS\System32\drivers\Pwd42.sys [2008-01-11 13:29]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-18 15:31:23 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 12:31:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-24 12:31:44
ComboFix-quarantined-files.txt 2008-07-24 10:31:38
ComboFix2.txt 2008-07-23 21:07:15

Pre-Run: 15,781,093,376 bajtów wolnych
Post-Run: 15,781,339,136 bajtów wolnych

210 --- E O F --- 2008-07-10 07:57:07













i?

no zrobilem ten skrypt i usuneło to co mialo usunąć. Zaraz będę patrzeć co to za cudo to WWDC i dam edit...



EDIT: Wszystkie porty closed bo chyba o to chodziło nie?

Ten link do tego Malwarebytes to z jakimś spyware był...

Ściągnąłem z oryginalnej stronki i znalazło takie cuś?

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken.

Usunąć to?