v8power utworzono 30 sierpnia 2008 utworzono 30 sierpnia 2008 ComboFix 08-08-30.01 - Komputer 2008-08-31 1:02:32.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.583 [GMT 2:00]Running from: C:\Documents and Settings\Komputer\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))).2008-08-31 00:36 . 2008-08-31 00:37 <DIR> d-------- C:\Program Files\Euro Truck Simulator2008-08-30 19:39 . 2008-08-30 19:39 <DIR> d-------- C:\Program Files\Alwil Software2008-08-30 19:22 . 2008-08-30 19:22 <DIR> d-------- C:\Program Files\ZoneAlarmSB2008-08-30 19:21 . 2008-08-30 19:21 <DIR> d-------- C:\Program Files\Zone Labs2008-08-30 19:19 . 2008-08-30 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-08-30 19:18 . 2008-08-30 19:18 <DIR> d-------- C:\Program Files\Trojan Remover2008-08-30 19:18 . 2008-08-30 19:18 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Simply Super Software2008-08-30 19:18 . 2008-08-30 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software2008-08-30 19:18 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll2008-08-30 19:18 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll2008-08-30 19:18 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll2008-08-30 19:18 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll2008-08-30 19:18 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll2008-08-30 19:14 . 2008-08-30 19:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy2008-08-30 18:32 . 2008-08-30 18:32 <DIR> d-------- C:\Program Files\MWSnap2008-08-30 17:40 . 2008-08-30 18:13 <DIR> d-------- C:\Program Files\Odkurzacz2008-08-30 17:30 . 2008-08-30 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avg82008-08-30 14:25 . 2008-08-31 01:04 725,024 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat2008-08-30 14:25 . 2008-08-30 19:40 5,936 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx2008-08-30 14:18 . 2008-08-30 19:21 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs2008-08-30 12:37 . 2008-08-30 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\comodo2008-08-30 00:45 . 2008-08-30 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier2008-08-30 00:45 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll2008-08-30 00:45 . 2008-08-30 19:22 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat2008-08-30 00:44 . 2008-08-31 00:51 <DIR> d-------- C:\WINDOWS\Internet Logs2008-08-29 23:32 . 2008-08-29 23:32 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll2008-08-29 23:31 . 2008-08-30 13:07 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Comodo2008-08-27 00:48 . 2008-08-27 00:48 <DIR> d-------- C:\Program Files\Gadu-Gadu2008-08-27 00:48 . 2008-08-27 00:51 <DIR> d-------- C:\Documents and Settings\Komputer\Gadu-Gadu2008-08-27 00:34 . 2008-08-27 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\tlen.pl2008-08-26 00:01 . 2008-08-26 00:03 <DIR> d-------- C:\Program Files\BMW M3 Challenge2008-08-25 22:33 . 2008-08-25 22:33 <DIR> d-------- C:\Program Files\Grupa332008-08-25 22:16 . 2008-08-25 22:17 <DIR> d-------- C:\WINDOWS\system32\embedded2008-08-25 22:16 . 2008-08-25 22:16 <DIR> d-------- C:\Program Files\Kolekcja Klasyki2008-08-25 21:43 . 2008-08-25 21:43 <DIR> d-------- C:\Program Files\Rockstar Games2008-08-25 12:54 . 2002-06-06 14:38 139,264 --a------ C:\WINDOWS\system32\eax.dll2008-08-24 21:31 . 2008-08-24 21:31 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Thunderbird2008-08-24 21:31 . 2008-08-24 21:31 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Talkback2008-08-23 12:41 . 2008-08-23 12:41 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Nowe Gadu-Gadu2008-08-19 16:02 . 2008-08-19 16:09 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Ulead Systems2008-08-19 15:42 . 2008-08-19 15:42 <DIR> d-------- C:\Program Files\Common Files\InterVideo2008-08-19 15:42 . 2008-08-19 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo2008-08-19 15:42 . 2007-03-27 19:56 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll2008-08-19 15:42 . 2007-03-27 19:56 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll2008-08-19 15:42 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll2008-08-19 15:42 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll2008-08-19 15:42 . 2007-03-27 19:56 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll2008-08-19 15:42 . 2007-03-27 19:56 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll2008-08-19 15:41 . 2008-08-19 15:41 <DIR> d-------- C:\Program Files\Windows Media Components2008-08-19 15:40 . 2008-08-19 15:40 <DIR> d-------- C:\Program Files\Ulead Systems2008-08-19 15:40 . 2008-08-19 15:41 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems2008-08-19 15:40 . 2008-08-19 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems2008-08-19 00:40 . 2008-08-19 00:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FlashFXP2008-08-19 00:24 . 2008-08-19 00:30 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\FileZilla2008-08-18 14:19 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll2008-08-18 14:17 . 2008-08-18 14:17 <DIR> d-------- C:\Program Files\Microsoft Works2008-08-18 14:16 . 2008-08-18 14:16 <DIR> d-------- C:\Program Files\MSBuild2008-08-18 14:11 . 2008-08-18 14:16 <DIR> d-------- C:\WINDOWS\SHELLNEW2008-08-18 14:10 . 2008-08-18 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-08-18 14:09 . 2008-08-18 14:09 <DIR> dr-h----- C:\MSOCache2008-08-18 14:03 . 2008-08-18 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-08-17 16:52 . 2008-08-17 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2008-08-16 23:28 . 2008-08-16 23:28 <DIR> d-------- C:\Program Files\VDownloader2008-08-16 22:56 . 2008-08-18 12:49 <DIR> d-------- C:\Program Files\F1 Challenge 20072008-08-16 11:00 . 2008-08-16 11:00 0 --------- C:\WINDOWS\WB.ini2008-08-16 10:55 . 2005-01-22 19:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll2008-08-16 10:55 . 2008-08-17 17:52 4,531 --a------ C:\WINDOWS\langorig.ini2008-08-15 21:33 . 2008-08-22 16:09 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\gtk-2.02008-08-15 21:33 . 2008-08-15 21:33 <DIR> d-------- C:\Documents and Settings\Komputer\.thumbnails2008-08-15 20:17 . 2008-08-30 09:05 69 --a------ C:\WINDOWS\NeroDigital.ini2008-08-15 20:07 . 2008-08-15 20:08 <DIR> d-------- C:\Program Files\EA SPORTS2008-08-15 14:57 . 2004-09-13 08:17 2,146,304 --------- C:\WINDOWS\UNNMP.exe2008-08-15 14:57 . 2004-10-15 12:02 52,536 --------- C:\WINDOWS\UNNMP.cfg2008-08-15 14:54 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe2008-08-15 14:53 . 2008-08-15 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-08-15 14:53 . 2004-10-14 10:19 2,285,568 --------- C:\WINDOWS\UNNeroVision.exe2008-08-15 14:53 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll2008-08-15 14:53 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll2008-08-15 14:53 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll2008-08-15 14:53 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll2008-08-15 14:53 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll2008-08-15 14:53 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll2008-08-15 14:53 . 2004-10-15 12:02 97,294 --------- C:\WINDOWS\UNNeroVision.cfg2008-08-15 14:53 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll2008-08-15 14:53 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll2008-08-15 14:51 . 2008-08-15 14:57 <DIR> d-------- C:\Program Files\Ahead2008-08-15 12:53 . 2008-08-30 17:45 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\DeepBurner2008-08-15 12:10 . 2008-08-15 12:15 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\InfraRecorder2008-08-15 11:36 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll2008-08-15 11:36 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll2008-08-15 11:34 . 2008-08-15 11:57 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Ahead2008-08-15 11:30 . 2008-08-15 14:54 <DIR> d-------- C:\Program Files\Common Files\Ahead2008-08-15 07:40 . 2008-08-15 07:40 <DIR> d-------- C:\Program Files\Common Files\DirectX2008-08-15 01:52 . 2008-08-15 20:41 5,760,054 --a------ C:\WINDOWS\ALX_1600x1200.bmp2008-08-15 01:50 . 2008-08-15 23:12 5,760,054 --a------ C:\WINDOWS\AW_1600x1200.bmp2008-08-15 01:49 . 2008-08-15 22:27 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp2008-08-14 11:57 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp2008-08-13 18:57 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe2008-08-13 17:19 . 2008-08-13 17:19 <DIR> d-------- C:\Documents and Settings\Komputer\WINDOWS2008-08-13 16:35 . 2008-08-13 16:35 <DIR> d-------- C:\Program Files\Ligos2008-08-13 16:35 . 1998-10-29 19:45 306,688 --a------ C:\WINDOWS\IsUninst.exe2008-08-13 16:35 . 2000-06-23 14:05 136,704 --a------ C:\WINDOWS\system32\iacenc.dll2008-08-13 16:35 . 2000-06-22 13:09 56,320 --------- C:\WINDOWS\system32\iyvu9_32.dll2008-08-13 16:22 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg2008-08-13 16:22 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg2008-08-13 16:21 . 2008-08-13 16:21 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\ESET2008-08-13 14:42 . 2008-08-13 14:42 <DIR> d-------- C:\Program Files\Trend Micro2008-08-13 14:36 . 2008-08-30 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-08-13 14:33 . 2008-08-25 12:56 <DIR> d-------- C:\Documents and Settings\Komputer\.gimp-2.42008-08-13 14:32 . 2008-08-13 14:32 <DIR> d-------- C:\Program Files\GIMP-2.02008-08-13 13:28 . 2008-08-13 13:28 <DIR> d-------- C:\Program Files\Ares2008-08-13 10:32 . 2008-08-13 10:32 <DIR> d-------- C:\Program Files\Idoru2008-08-13 00:29 . 2008-08-30 21:59 <DIR> d-------- C:\Program Files\AIMP22008-08-12 23:58 . 2008-08-13 00:01 <DIR> d-------- C:\Program Files\PhotoFiltre2008-08-12 23:06 . 2008-07-23 18:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll2008-08-12 23:06 . 2008-07-04 08:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm2008-08-12 23:06 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll2008-08-12 23:06 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll2008-08-12 23:06 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll2008-08-12 23:06 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll2008-08-12 23:06 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm2008-08-12 23:06 . 2008-07-25 10:34 81,920 --a------ C:\WINDOWS\system32\dpl100.dll2008-08-12 23:06 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml2008-08-12 23:06 . 2008-08-23 08:10 38 --a------ C:\WINDOWS\avisplitter.ini2008-08-12 23:05 . 2008-08-12 23:05 <DIR> d-------- C:\Program Files\Real Alternative.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-30 23:02 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\uTorrent2008-08-30 15:45 --------- d-----w C:\Program Files\USB Disk Win98 Driver2008-08-25 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-08-12 20:59 --------- d-----w C:\Program Files\CCleaner2008-08-12 20:28 --------- d-----w C:\Program Files\Common Files\Adobe AIR2008-08-12 20:27 --------- d-----w C:\Program Files\Common Files\Adobe2008-08-12 20:23 --------- d-----w C:\Program Files\DAEMON Tools Lite2008-08-12 20:21 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2008-08-12 20:21 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\DAEMON Tools2008-08-12 18:57 --------- d-----w C:\Program Files\uTorrent2008-08-12 18:49 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Gadu-Gadu2008-08-12 18:38 --------- d-----w C:\Program Files\Canon2008-08-12 18:37 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared2008-08-12 18:37 --------- d-----w C:\Program Files\Common Files\InstallShield2008-08-12 18:37 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\ScanSoft2008-08-12 18:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft2008-08-12 18:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield2008-08-12 18:36 --------- d-----w C:\Program Files\ScanSoft2008-08-12 18:35 --------- d-----w C:\Program Files\ArcSoft2008-08-12 18:34 --------- d--h--w C:\Program Files\CanonBJ2008-08-12 18:34 --------- d--h--w C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ2008-08-12 18:33 --------- d-----w C:\Program Files\ASUS2008-08-12 18:30 --------- d-----w C:\Program Files\Analog Devices2008-08-12 18:28 --------- d-----w C:\Program Files\VIA2008-08-12 18:18 --------- d-----w C:\Program Files\microsoft frontpage2008-08-12 18:17 --------- d-----w C:\Program Files\Usługi online2008-07-09 07:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-08-16 16:01 264704][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 11:11 925696]"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 11:47 352256]"Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-08-15 15:46 3171328]"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-09-12 12:17 340136]"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-30 13:20 916560]"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]"nwiz"="nwiz.exe" [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"=R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS [2002-06-24 06:30]R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-10-26 17:30]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]*Newly Created Service* - ASWUPDSV*Newly Created Service* - AVAST!_ANTIVIRUS*Newly Created Service* - AVAST!_MAIL_SCANNER*Newly Created Service* - AVAST!_WEB_SCANNER*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90..------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\ckh8jl63.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.plFF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-31 01:04:39Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]"ImagePath"="\??\C:\DOCUME~1\Komputer\USTAWI~1\Temp\ASFWHide".Completion time: 2008-08-31 1:05:45ComboFix-quarantined-files.txt 2008-08-30 23:05:40Pre-Run: 62,838,636,544 bajtów wolnychPost-Run: 62,819,176,448 bajtów wolnych246Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:07:30, on 2008-08-31Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\ASUS\ASUS DH Remote\AsRc.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exeC:\Program Files\USB Disk Win98 Driver\Res.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\uTorrent\uTorrent.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLLO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe bootO4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /bootO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.htmlO8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.htmlO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 7667 bytes
Mateusz J. komentarz 31 sierpnia 2008 komentarz 31 sierpnia 2008 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) Fix w HijackThis. Ogólnie logi czyste. Jaki powód sprawdzania logów?
v8power komentarz 31 sierpnia 2008 Autor komentarz 31 sierpnia 2008 coś mi się pomieszało w w "dodaj lub usuń programy" nie ma wszystkich programów i kilkanaście razy powtarza się "Microsoft office...", i jeszcze Outpost Firewall wykrył mi coś takiego : Name: BZub Type: Trojan Registry key: HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\Control Panel\load - narazie dałem do kwarantanny.
Mateusz J. komentarz 31 sierpnia 2008 komentarz 31 sierpnia 2008 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load Klucz służy do konfiguracji panelu sterowania. Outpost wykrywa go po użyciu ComboFix-a, nie przejmuj się tym
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.