Jakimś cudem udało mi się zrobić skany przy pomocy Combofix i OTL.
Oto logi.
Z OTL
OTL logfile created on: 2010-05-20 15:11:01 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Ania\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
502,00 Mb Total Physical Memory | 93,00 Mb Available Physical Memory | 19,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73,12 Gb Total Space | 33,57 Gb Free Space | 45,91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-194B20088B
Current User Name: Ania
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-31 09:02:28 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Ania\Ustawienia lokalne\Temp\RtkBtMnt.exe
PRC - [2007-08-09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007-01-31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006-12-19 15:16:20 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2005-04-08 13:08:52 | 000,483,328 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-08-09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007-01-31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006-12-19 15:16:20 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004-01-30 15:19:20 | 000,065,625 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR)
SRV - [2004-01-30 15:16:06 | 000,065,622 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2010-02-06 16:40:37 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-04-13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-08 10:50:40 | 005,955,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-09-20 21:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007-05-31 12:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-03-21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007-02-16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006-12-23 03:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006-12-23 03:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006-12-23 03:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006-12-19 15:16:24 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2004-08-13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004-08-13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004-08-13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004-08-13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004-08-13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004-08-13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004-08-13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004-08-13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004-08-13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004-08-13 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004-08-04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004-07-14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004-07-14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.90
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-20 20:11:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-19 19:22:10 | 000,000,000 | ---D | M]
[2008-09-08 08:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Extensions
[2010-05-20 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions
[2009-09-03 19:58:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-10-22 19:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008-09-10 12:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010-04-13 18:44:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010-03-13 22:15:10 | 000,000,000 | ---D | M] (myFireFox) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010-04-14 18:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\personas@christopher.beard
[2010-04-13 18:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\sort_tabs_by@codeoptimism.net
[2010-03-13 22:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010-02-06 16:41:50 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\searchplugins\daemon-search.xml
[2010-05-17 19:52:35 | 000,002,436 | ---- | M] () -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\searchplugins\google-us.xml
[2010-05-20 13:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008-01-23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007-02-04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010-03-13 23:03:24 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-13 23:03:24 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-13 23:03:24 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-13 23:03:24 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-13 23:03:24 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-13 23:03:24 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ClientGW] File not found
O4 - HKLM..\Run: [eSnips] C:\Program Files\eSnips\ClientGW.exe File not found
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe File not found
O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKCU..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe File not found
O4 - HKCU..\Run: [iuldgypb] C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel\vmcbhletssd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-25 21:08:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010-05-20 13:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-05-20 13:28:54 | 000,000,000 | ---D | C] -- C:\327882R2FWJFW
[2010-05-20 13:18:41 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
[2010-05-20 13:15:44 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.com
[2010-05-20 07:55:46 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ania\Pulpit\spybotsd162.exe
[2010-05-19 22:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel
[2010-05-07 12:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Pulpit\D.Florczyk
[2010-05-03 14:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Dane aplikacji\Gadu-Gadu 10
[2010-05-03 14:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-05-03 14:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2010-04-28 13:36:57 | 001,123,328 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS
[2010-04-28 13:36:57 | 001,123,328 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\bcmwl5.sys
[2010-04-28 13:36:55 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devIA64.exe
[2010-04-28 13:36:55 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devAMD64.exe
[2010-04-28 13:36:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devcon.exe
[2010-04-28 13:36:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2010-04-28 13:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Broadcom
[2010-04-28 13:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Dane aplikacji\InstallShield
[2010-04-22 11:42:38 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010-04-22 11:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Audio Converter
[2010-04-21 09:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Moje dokumenty\NoteBurner
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Pulpit\*.tmp files -> C:\Documents and Settings\Ania\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ania\Moje dokumenty\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010-05-20 15:14:19 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Ania\NTUSER.DAT
[2010-05-20 15:09:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-20 15:08:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-20 14:44:43 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Ania\ntuser.ini
[2010-05-20 13:52:24 | 040,688,888 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\D.W.C.I.com
[2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
[2010-05-20 13:23:32 | 040,701,552 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\kg8mtuzg.exe
[2010-05-20 13:14:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.com
[2010-05-20 07:56:23 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ania\Pulpit\spybotsd162.exe
[2010-05-20 07:43:19 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-19 20:53:27 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\The Perfect CV.doc
[2010-05-18 11:10:12 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\Miejsca pracy.doc
[2010-05-10 15:04:14 | 000,011,587 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Plan tygodnia.xlsx
[2010-05-10 13:23:11 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\A letter.doc
[2010-05-08 23:45:23 | 000,232,770 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\That's our baby.docx
[2010-05-06 11:40:34 | 000,493,738 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-05-06 11:40:34 | 000,435,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-06 11:40:34 | 000,085,114 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-05-06 11:40:33 | 000,068,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-06 11:40:31 | 001,096,188 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-03 14:20:59 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-03 14:20:58 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-04-26 17:04:23 | 000,303,274 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line 2.JPG
[2010-04-26 17:02:38 | 000,314,073 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line.JPG
[2010-04-26 16:59:22 | 000,261,261 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\stacja metra.JPG
[2010-04-26 16:57:49 | 000,262,420 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\biblioteka.JPG
[2010-04-25 20:00:02 | 000,010,456 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Anna Florczyk address.docx
[2010-04-22 11:42:39 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\MP3 Audio Converter.lnk
[2010-04-22 11:34:52 | 000,001,300 | ---- | M] () -- C:\File List.htm
[2010-04-22 10:12:30 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Something.docx
[2010-04-22 08:55:34 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-20 20:08:57 | 000,071,112 | ---- | M] () -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Pulpit\*.tmp files -> C:\Documents and Settings\Ania\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ania\Moje dokumenty\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010-05-20 13:44:11 | 040,688,888 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\D.W.C.I.com
[2010-05-20 13:19:44 | 040,701,552 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\kg8mtuzg.exe
[2010-05-18 11:10:10 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\Miejsca pracy.doc
[2010-05-14 20:23:42 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\The Perfect CV.doc
[2010-05-10 15:04:13 | 000,011,587 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Plan tygodnia.xlsx
[2010-05-10 13:19:31 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\A letter.doc
[2010-05-08 23:45:18 | 000,232,770 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\That's our baby.docx
[2010-05-03 14:20:59 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-03 14:20:58 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2010-04-28 13:36:57 | 000,614,534 | ---- | C] () -- C:\WINDOWS\System32\bcmwl5.inf
[2010-04-28 13:36:57 | 000,012,465 | ---- | C] () -- C:\WINDOWS\System32\bcm43xx.cat
[2010-04-28 13:36:57 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2010-04-28 13:36:57 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2010-04-28 13:36:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2010-04-28 13:36:55 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2010-04-26 17:04:17 | 000,303,274 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line 2.JPG
[2010-04-26 17:02:37 | 000,314,073 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line.JPG
[2010-04-26 16:59:22 | 000,261,261 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\stacja metra.JPG
[2010-04-26 16:57:48 | 000,262,420 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\biblioteka.JPG
[2010-04-25 19:55:09 | 000,010,456 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Anna Florczyk address.docx
[2010-04-22 11:42:39 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\MP3 Audio Converter.lnk
[2010-04-22 11:34:52 | 000,001,300 | ---- | C] () -- C:\File List.htm
[2010-04-21 19:46:18 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Something.docx
[2010-02-06 16:40:35 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-05-10 18:46:57 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008-10-23 09:53:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2008-08-05 08:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2008-04-23 15:34:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2008-03-31 09:00:39 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-03-28 13:33:30 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008-03-26 16:56:08 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-03-26 10:42:55 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008-03-26 09:51:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4924.dll
[2008-02-29 06:14:04 | 000,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2008-02-21 04:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-02-21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008-02-21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008-02-21 04:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2004-05-22 02:44:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002-10-16 00:54:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001-07-07 04:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
< End of report >
Combofix
ComboFix 10-05-19.03 - Ania 2010-05-20 17:19:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.502.120 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Ania\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100520-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
Zainfekowana kopia c:\windows\system32\drivers\rasacd.sys została znaleziona. Problem naprawiono
Plik odzyskano z - Kitty had a snack <img src='http://www.forum.tweaks.pl/public/style_emoticons/<#EMO_DIR#>/laugh.png' class='bbc_emoticon' alt='B)' />
.
((((((((((((((((((((((((( Pliki utworzone od 2010-04-20 do 2010-05-20 )))))))))))))))))))))))))))))))
.
2010-05-20 13:22 . 2010-05-20 13:22 -------- d-----w- c:\documents and settings\Ania\DoctorWeb
2010-05-20 13:21 . 2008-04-14 17:21 396288 ----a-w- c:\windows\system32\CF25796.exe
2010-05-19 20:47 . 2010-05-20 13:09 -------- d-----w- c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel
2010-05-03 12:21 . 2010-05-03 12:26 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\Gadu-Gadu 10
2010-05-03 12:20 . 2010-05-03 12:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-05-03 12:19 . 2010-05-03 12:20 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-04-22 09:42 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-04-22 09:42 . 2010-04-22 09:42 -------- d-----w- c:\program files\MP3 Audio Converter
2010-04-21 08:40 . 2010-04-21 08:40 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-04-21 08:39 . 2010-04-21 08:39 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 19:57 . 2008-03-26 10:00 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\uTorrent
2010-05-18 18:57 . 2009-09-27 08:24 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\vlc
2010-05-12 10:54 . 2009-04-05 12:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-05-06 09:40 . 2006-03-02 12:00 85114 ----a-w- c:\windows\system32\perfc015.dat
2010-05-06 09:40 . 2006-03-02 12:00 493738 ----a-w- c:\windows\system32\perfh015.dat
2010-04-28 11:36 . 2008-03-26 07:53 -------- d-----w- c:\program files\Broadcom
2010-04-28 11:36 . 2008-03-26 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-28 11:36 . 2010-04-28 11:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Broadcom
2010-04-28 11:36 . 2010-04-28 11:36 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\InstallShield
2010-04-28 11:20 . 2010-04-05 19:34 -------- d-----w- c:\program files\Logia
2010-04-22 18:09 . 2008-03-30 16:21 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\dvdcss
2010-04-20 18:08 . 2008-03-25 19:13 71112 ----a-w- c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-04-20 10:35 . 2010-04-19 17:22 -------- d-----w- c:\program files\Microsoft Works
2010-04-19 17:21 . 2009-04-05 12:17 -------- d-----w- c:\program files\MSBuild
2010-04-19 17:19 . 2010-04-19 17:19 -------- d-----w- c:\program files\Microsoft.NET
2010-04-19 17:17 . 2010-04-19 17:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-05 19:35 . 2010-04-05 19:34 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\Logia
2010-03-25 09:36 . 2009-06-11 08:44 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\ZoomBrowser EX
2010-03-25 09:36 . 2009-06-11 08:43 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\CameraWindowDC
2010-03-24 21:39 . 2009-05-10 16:46 -------- d-----w- c:\program files\Nitro PDF
2010-03-21 18:19 . 2008-03-26 10:01 -------- d-----w- c:\program files\uTorrent
2010-03-10 06:17 . 2006-03-02 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:19 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-02 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-08 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-08 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-08 131072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-12 122939]
"pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-04-08 483328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20898:TCP"= 20898:TCP:BitComet 20898 TCP
"20898:UDP"= 20898:UDP:BitComet 20898 UDP
"56315:TCP"= 56315:TCP:Pando P2P TCP Listening Port
"56315:UDP"= 56315:UDP:Pando P2P UDP Listening Port
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 114768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-06 20560]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-06 691696]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKCU-Run-iuldgypb - c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel\vmcbhletssd.exe
HKLM-Run-ClientGW - (no file)
HKLM-Run-eSnips - c:\program files\eSnips\ClientGW.exe
HKLM-Run-NoteBurner - c:\program files\NoteBurner\VTBurnerGUI.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 17:33
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-796845957-616249376-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{193DBEDF-3912-0FFB-B553-ABE763F10E64}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadphigpifnhgkhiae"=hex:6b,61,68,6b,69,64,66,62,67,66,62,69,67,62,70,6b,66,70,
65,69,6d,6e,00,00
"hanojgojefpmfkdm"=hex:6b,61,68,6b,69,64,66,62,67,66,62,69,67,62,6e,6b,70,6e,
64,63,64,6e,00,00
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(3900)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2010-05-20 17:38:31
ComboFix-quarantined-files.txt 2010-05-20 15:38
Przed: 36 201 553 920 bajtów wolnych
Po: 37 309 833 216 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3037CC1CD3168E74376FC865946A05C0