ComboFix 09-04-16.04 - Karool 2009-04-16 18:07.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1615 [GMT 2:00] Uruchomiony z: c:\documents and settings\Karool\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Karool\Pulpit\CFScript.txt AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll c:\program files\myglobalsearch c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL c:\program files\myglobalsearch\bar\Cache\[u]0[/u]00306F6 c:\program files\myglobalsearch\bar\Cache\[u]0[/u]003255B c:\program files\myglobalsearch\bar\Cache\[u]0[/u]0034DA4.bin c:\program files\myglobalsearch\bar\Cache\[u]0[/u]0035257.bin c:\program files\myglobalsearch\bar\Cache\[u]0[/u]003568D.bin c:\program files\myglobalsearch\bar\Cache\files.ini c:\program files\myglobalsearch\bar\History\search c:\program files\myglobalsearch\bar\Settings\prevcfg.htm . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_JSPGI -------\Legacy_MEMSWEEP2 -------\Service_JSPGI -------\Service_MEMSWEEP2 ((((((((((((((((((((((((( Pliki utworzone od 2009-03-16 do 2009-04-16 ))))))))))))))))))))))))))))))) . 2070-01-01 01:01 . 2070-01-01 01:01 -------- d-----w c:\windows\system32\LogFiles 2009-04-16 16:10 . 2009-04-16 16:10 -------- d-----w C:\My Downloads 2009-04-16 15:24 . 2009-04-16 15:24 0 ----a-w C:\TP11691C.$$$ 2009-04-16 15:20 . 2009-04-16 15:19 81 ----a-w c:\documents and settings\GG.EXE 2009-04-16 15:16 . 2009-04-16 15:16 0 ----a-w C:\TP114897.$$$ 2009-04-16 15:11 . 1999-03-23 07:12 299520 ----a-w c:\windows\uninst.exe 2009-04-16 15:11 . 2009-04-16 15:11 -------- d-----w c:\documents and settings\Karool\WINDOWS 2009-04-16 15:10 . 2009-04-16 15:24 -------- d-----w C:\Pascal 2009-04-14 10:35 . 2009-04-14 17:36 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\gtk-2.0 2009-04-14 10:35 . 2009-04-14 10:35 -------- d-----w c:\documents and settings\Karool\.thumbnails 2009-04-14 10:06 . 2009-04-15 15:27 -------- d-----w c:\documents and settings\Karool\.gimp-2.6 2009-04-14 10:06 . 2009-04-14 10:06 -------- d-----w c:\documents and settings\Karool\.gegl-0.0 2009-04-14 09:19 . 2009-04-14 09:19 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\FLEXnet 2009-04-13 10:25 . 2009-04-13 10:32 -------- d-----w c:\documents and settings\Karool\FileDownloader 2009-04-09 14:45 . 2009-04-09 14:45 -------- d-----w c:\documents and settings\Karool\Ustawienia lokalne\Dane aplikacji\EA Games 2009-04-06 13:39 . 2009-04-06 13:39 -------- d-----w c:\windows\Moje Gimnazjum 2009 Profil Humanistyczny 2009-04-05 08:35 . 2009-04-06 19:35 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\ipla 2009-04-05 08:35 . 2009-04-05 08:35 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\ipla 2009-04-05 08:35 . 2009-04-05 08:35 1700352 ----a-w c:\windows\system32\gdiplus.dll 2009-04-05 08:35 . 2009-04-05 08:35 1060864 ----a-w c:\windows\system32\mfc71.dll 2009-04-03 09:41 . 2007-08-14 06:12 18816 ------w c:\windows\system32\SAVRKBootTasks.sys 2009-04-03 09:36 . 2009-04-03 09:36 3588096 ----a-w c:\windows\system32\UP 2009-04-02 19:17 . 2009-04-02 19:17 -------- d-----w c:\documents and settings\LocalService\Pulpit 2009-04-02 19:08 . 2009-04-05 08:49 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft 2009-04-01 11:28 . 2008-03-04 15:23 2944 ----a-r c:\windows\system32\LgExport.dll 2009-04-01 11:28 . 2008-03-04 15:23 25344 ----a-r c:\windows\system32\LGDispDrv.dll 2009-03-30 12:40 . 2009-03-30 12:40 -------- d-----w c:\windows\speech 2009-03-29 10:20 . 2009-03-29 10:20 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\IrfanView 2009-03-28 16:06 . 2009-03-28 16:06 -------- d-----w c:\windows\system32\xlive 2009-03-28 08:17 . 2009-03-28 08:17 -------- d-----w c:\documents and settings\Karool\Ustawienia lokalne\Dane aplikacji\Prec 2009-03-28 08:16 . 2009-03-28 08:16 -------- d-----w c:\windows\system32\pl-PL 2009-03-28 08:15 . 2009-03-28 08:15 116088 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2009-03-28 08:14 . 2009-03-28 08:16 -------- d-----w c:\windows\system32\XPSViewer 2009-03-28 08:14 . 2006-06-29 12:07 14048 ------w c:\windows\system32\spmsg2.dll 2009-03-27 08:01 . 2009-03-27 08:01 -------- d-----w c:\documents and settings\Karool\Ustawienia lokalne\Dane aplikacji\Ascaron Entertainment 2009-03-27 08:00 . 2009-03-27 08:00 -------- d--h--r c:\documents and settings\Karool\Dane aplikacji\SecuROM 2009-03-27 07:58 . 2009-03-28 14:49 413696 ----a-w c:\windows\system32\wrap_oal.dll 2009-03-27 07:58 . 2009-03-28 14:49 110592 ----a-w c:\windows\system32\OpenAL32.dll 2009-03-26 17:24 . 2004-08-03 22:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys 2009-03-26 17:24 . 2004-08-03 22:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys 2009-03-26 17:21 . 2009-03-26 17:21 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\FMA 2009-03-25 21:02 . 2009-03-25 21:02 -------- d-----w c:\documents and settings\Karool\Ustawienia lokalne\Dane aplikacji\Help 2009-03-24 16:00 . 2009-03-24 16:00 -------- d-----w c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP 2009-03-24 13:18 . 2009-03-24 13:18 249856 ------w c:\windows\Setup1.exe 2009-03-24 13:15 . 2000-07-14 23:00 101888 ----a-w c:\windows\system32\VB6STKIT.DLL 2009-03-24 13:15 . 2009-03-24 13:18 73216 ----a-w c:\windows\ST6UNST.EXE 2009-03-24 13:15 . 2009-03-24 13:15 1346 ----a-w c:\windows\ST6UNST.000 2009-03-24 12:40 . 2009-03-24 12:58 29510 ----a-w c:\windows\DIIUnin.dat 2009-03-24 12:40 . 2009-03-24 12:40 2829 ----a-w c:\windows\DIIUnin.pif 2009-03-24 12:40 . 2009-03-24 12:40 106496 ----a-w c:\windows\DIIUnin.exe 2009-03-23 15:18 . 2009-03-23 15:29 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\PeaZip 2009-03-22 08:27 . 2009-03-22 08:27 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\DeepBurner 2009-03-21 19:45 . 2009-03-21 19:50 89601 ----a-w c:\windows\system32\drivers\klick.dat 2009-03-21 19:45 . 2009-03-21 19:50 101287 ----a-w c:\windows\system32\drivers\klin.dat 2009-03-21 19:44 . 2009-04-16 16:10 581664 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-03-21 19:44 . 2009-04-16 16:10 6212 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-03-21 19:44 . 2009-04-16 16:10 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-03-21 19:44 . 2009-04-16 16:09 4895776 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-03-21 19:44 . 2009-04-16 16:09 43520 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-03-21 19:22 . 2009-03-21 19:22 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\Malwarebytes 2009-03-21 19:22 . 2009-03-21 19:22 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-03-21 18:16 . 2009-03-21 18:16 68296 ----a-w c:\windows\system32\drivers\GRD.sys 2009-03-21 17:59 . 2009-03-21 17:59 50888 ----a-w c:\windows\system32\drivers\MiniIcpt.sys 2009-03-21 17:59 . 2009-03-21 19:20 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\G DATA 2009-03-21 17:58 . 2009-03-21 17:58 50888 ----a-w c:\windows\system32\drivers\GDTdiIcpt.sys 2009-03-21 17:58 . 2009-03-21 17:58 22272 ----a-w c:\windows\system32\drivers\GDNdisIc.sys 2009-03-21 17:51 . 2009-03-21 17:51 -------- d-----w c:\documents and settings\Karool\Ustawienia lokalne\Dane aplikacji\Downloaded Installations 2009-03-21 17:33 . 2009-03-21 19:34 54 ----a-w c:\windows\Lic.xxx 2009-03-21 17:33 . 2009-03-21 17:33 626688 ----a-w c:\windows\system32\msvcr80.dll 2009-03-21 17:33 . 2009-03-21 17:33 548864 ----a-w c:\windows\system32\msvcp80.dll 2009-03-21 17:33 . 2009-03-21 17:33 28672 ----a-w c:\windows\system32\eEmpty.exe 2009-03-21 17:33 . 2005-09-22 22:22 522 ----a-w c:\windows\system32\Microsoft.VC80.CRT.manifest 2009-03-21 17:33 . 2004-08-03 22:44 139776 ----a-w c:\windows\system32\T.COM 2009-03-21 17:33 . 2004-08-03 22:44 149504 ----a-w c:\windows\R.COM 2009-03-21 17:32 . 2009-03-21 17:33 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\MicroWorld 2009-03-21 16:57 . 2009-03-21 16:57 -------- d-sh--w c:\windows\ftpcache 2009-03-20 14:57 . 2009-03-20 14:57 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-03-20 14:36 . 2009-04-14 10:24 -------- d-----w c:\documents and settings\Karool\Ustawienia lokalne\Dane aplikacji\Adobe 2009-03-19 15:45 . 2009-03-19 15:45 107888 ----a-w c:\windows\system32\CmdLineExt.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-16 16:09 . 2009-03-11 19:11 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\foobar2000 2009-04-16 15:16 . 2009-04-16 15:16 -------- d-----w c:\program files\TP 2009-04-16 14:22 . 2001-10-26 14:15 84208 ----a-w c:\windows\system32\perfc015.dat 2009-04-16 14:22 . 2001-10-26 14:15 491152 ----a-w c:\windows\system32\perfh015.dat 2009-04-16 13:30 . 2009-04-16 13:29 -------- d-----w c:\program files\BearShare 2009-04-14 17:09 . 2009-03-08 18:51 64368 ----a-w c:\documents and settings\Karool\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-04-14 10:24 . 2009-04-14 10:24 -------- d-----w c:\program files\Microsoft Works 2009-04-14 10:05 . 2009-04-14 10:05 -------- d-----w c:\program files\GIMP-2.0 2009-04-14 09:40 . 2009-03-20 14:36 -------- d-----w c:\program files\Common Files\Adobe 2009-04-14 09:16 . 2009-04-14 09:16 -------- d-----w c:\program files\Bonjour 2009-04-14 09:10 . 2009-04-14 09:10 -------- d-----w c:\program files\Common Files\Macrovision Shared 2009-04-13 17:19 . 2009-04-13 17:01 -------- d-----w c:\program files\Debugging Tools for Windows (x86) 2009-04-13 16:34 . 2009-03-09 09:47 24944 ----a-w c:\windows\system32\drivers\GVTDrv.sys 2009-04-13 12:50 . 2009-04-13 12:50 -------- d-----w c:\program files\HD Tune 2009-04-13 12:35 . 2009-04-13 12:29 -------- d-----w c:\program files\ATITool 2009-04-13 10:35 . 2009-04-13 10:25 -------- d-----w c:\program files\FDN 2009-04-12 20:11 . 2009-03-09 15:14 -------- d-----w c:\program files\ALLPlayer 2009-04-11 20:04 . 2009-03-09 15:15 -------- d-----w c:\program files\SubEdit-Player 2009-04-09 14:51 . 2009-03-08 13:09 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-09 07:51 . 2009-04-09 06:52 -------- d-----w c:\program files\BitComet 2009-04-06 14:09 . 2009-04-06 14:09 -------- d-----w c:\program files\AidemMedia 2009-04-06 13:57 . 2009-04-06 13:57 -------- d-----w c:\program files\MindFusion Limited 2009-04-06 13:39 . 2009-04-06 13:39 -------- d-----w c:\program files\Moje Gimnazjum 2009 Profil Humanistyczny 2009-04-05 08:55 . 2009-03-28 07:57 -------- d-----w c:\program files\Prec 2009-04-05 08:55 . 2009-03-15 14:57 -------- d-----w c:\program files\No-IP 2009-04-05 08:55 . 2009-03-10 19:52 -------- d-----w c:\program files\Ahead 2009-04-05 08:53 . 2009-03-30 12:40 -------- d-----w c:\program files\ivo 2009-04-05 08:52 . 2009-03-24 13:19 -------- d-----w c:\program files\Hero Editor 2009-04-05 08:49 . 2009-04-02 19:08 -------- d-----w c:\program files\Lavasoft 2009-04-05 08:35 . 2009-04-05 08:35 -------- d-----w c:\program files\ipla 2009-04-02 19:17 . 2009-04-02 19:17 -------- d-----w c:\program files\Trend Micro 2009-04-02 12:46 . 2009-03-14 18:02 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\Hamachi 2009-04-01 13:51 . 2009-04-01 13:51 -------- d-----w c:\program files\egzamin2008_gim 2009-04-01 11:28 . 2009-04-01 11:28 -------- d-----w c:\program files\LG Soft India 2009-03-28 16:07 . 2009-03-28 16:06 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2009-03-28 11:02 . 2009-03-26 17:21 -------- d-----w c:\program files\Fma 2009-03-28 08:14 . 2009-03-28 08:14 -------- d-----w c:\program files\MSBuild 2009-03-28 08:14 . 2009-03-28 08:14 -------- d-----w c:\program files\Reference Assemblies 2009-03-28 08:12 . 2009-03-28 08:12 -------- d-----w c:\program files\MSXML 6.0 2009-03-27 14:23 . 2009-03-09 09:43 15600 ----a-w c:\windows\gdrv.sys 2009-03-26 17:13 . 2009-03-08 13:19 -------- d-----w c:\program files\Gadu-Gadu 2009-03-24 15:59 . 2009-03-09 10:13 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-21 19:50 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-03-21 19:44 . 2009-03-21 19:44 -------- d-----w c:\program files\Kaspersky Lab 2009-03-21 19:20 . 2009-03-21 17:58 -------- d-----w c:\program files\G DATA 2009-03-21 19:20 . 2009-03-21 17:58 -------- d-----w c:\program files\Common Files\G DATA 2009-03-21 17:33 . 2009-03-21 17:33 -------- d-----w c:\program files\Common Files\MicroWorld 2009-03-17 14:01 . 2009-03-17 14:00 -------- d-----w c:\program files\8BallClub 2009-03-15 20:00 . 2009-03-10 19:35 -------- d-----w c:\program files\hp deskjet 845c series 2009-03-15 19:59 . 2009-03-10 19:35 -------- d-----w c:\program files\Hewlett-Packard 2009-03-15 18:50 . 2009-03-15 18:50 -------- d-----w c:\program files\jv16 PowerTools 2009 2009-03-15 18:03 . 2009-03-15 18:03 -------- d-----w c:\program files\Hamachi 2009-03-15 18:03 . 2009-03-14 18:01 25280 ----a-w c:\windows\system32\drivers\hamachi.sys 2009-03-15 17:22 . 2009-03-15 17:22 -------- d-----w c:\program files\Microsoft.NET 2009-03-15 08:49 . 2009-03-15 08:49 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\Media Player Classic 2009-03-15 08:49 . 2009-03-15 08:48 -------- d-----w c:\program files\Real Alternative 2009-03-15 08:49 . 2009-03-15 08:49 -------- d-----w c:\program files\Media Player Classic 2009-03-15 08:40 . 2009-03-15 08:40 98304 ----a-w c:\windows\system32\qttask.exe 2009-03-15 08:39 . 2009-03-15 08:37 -------- d-----w c:\program files\ACE Mega CoDecS Pack 2009-03-15 08:19 . 2009-03-15 08:19 -------- d-----w c:\program files\IrfanView 2009-03-15 08:02 . 2009-03-15 08:02 -------- d-----w c:\program files\Sony Ericsson 2009-03-13 17:22 . 2009-03-13 17:22 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\dBpoweramp 2009-03-13 17:15 . 2009-03-13 17:15 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\AccurateRip 2009-03-13 17:13 . 2009-03-13 17:15 5068152 ----a-w c:\windows\system32\SpoonUninstall.exe 2009-03-13 17:07 . 2009-03-13 17:07 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\Vso 2009-03-13 17:07 . 2009-03-13 17:07 81920 ----a-w c:\documents and settings\Karool\Dane aplikacji\ezpinst.exe 2009-03-13 17:07 . 2009-03-13 17:07 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-03-13 17:07 . 2009-03-13 17:07 47360 ----a-w c:\documents and settings\Karool\Dane aplikacji\pcouffin.sys 2009-03-13 16:35 . 2009-03-13 16:35 -------- d-----w c:\program files\Common Files\Thraex Software 2009-03-11 19:11 . 2009-03-11 19:11 -------- d-----w c:\program files\foobar2000 2009-03-11 16:52 . 2009-03-11 16:51 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\Nero 2009-03-11 16:28 . 2009-03-11 13:32 -------- d-----w c:\program files\Nero 2009-03-11 16:27 . 2009-03-11 16:27 -------- d-----w c:\program files\Windows Sidebar 2009-03-11 16:24 . 2009-03-11 13:31 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2009-03-11 16:23 . 2009-03-10 19:54 -------- d-----w c:\program files\Common Files\Nero 2009-03-10 19:28 . 2009-03-10 19:28 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\ESET 2009-03-10 19:27 . 2009-03-10 19:27 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\ESET 2009-03-10 13:17 . 2009-03-10 13:17 -------- d-----w c:\program files\Audacity 2009-03-10 12:15 . 2009-03-10 12:15 -------- d-----w c:\program files\AMX Mod X 2009-03-09 15:14 . 2009-03-09 15:14 -------- d-----w c:\program files\NAPI-PROJEKT 2009-03-09 11:58 . 2009-03-09 11:58 -------- d-----w c:\program files\Java 2009-03-09 11:56 . 2009-03-09 11:56 -------- d-----w c:\program files\Common Files\Java 2009-03-09 11:14 . 2009-03-09 11:14 -------- d-----w c:\program files\AGEIA Technologies 2009-03-09 10:18 . 2009-03-09 10:18 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\Ubisoft 2009-03-09 10:18 . 2009-03-09 10:18 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ubisoft 2009-03-09 10:14 . 2009-03-09 10:14 361728 ----a-w c:\windows\system32\TuneUpDefragService.exe 2009-03-09 10:14 . 2009-03-09 10:14 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\TuneUp Software 2009-03-09 10:14 . 2009-03-09 10:14 -------- d-----w c:\program files\TuneUp Utilities 2008 2009-03-09 10:14 . 2009-03-09 10:14 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\TuneUp Software 2009-03-09 09:53 . 2009-03-09 09:53 -------- d-----w c:\program files\Alcohol Soft 2009-03-09 09:48 . 2009-03-09 09:45 -------- d-----w c:\program files\Realtek 2009-03-09 09:45 . 2009-03-09 09:45 315392 ----a-w c:\windows\HideWin.exe 2009-03-09 09:45 . 2009-03-09 09:45 -------- d-----w c:\program files\AMD 2009-03-09 09:44 . 2009-03-09 09:44 -------- d-----w c:\program files\GIGABYTE 2009-03-09 09:44 . 2009-03-09 09:44 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\InstallShield 2009-03-09 09:44 . 2009-03-09 09:43 -------- d-----w c:\program files\Common Files\InstallShield 2009-03-08 18:05 . 2009-03-08 12:53 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-03-08 13:20 . 2009-03-08 13:20 -------- d-----w c:\documents and settings\Karool\Dane aplikacji\Gadu-Gadu 2009-03-08 13:10 . 2009-03-08 13:09 33 ----a-w c:\windows\system32\drivers\adidsl.cfg 2009-03-08 13:09 . 2009-03-08 13:09 -------- d-----w c:\program files\SAGEM . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-21 206088] "BearShare"="c:\program files\BearShare\BearShare.exe" [2006-08-01 3313664] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-02 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-3-8 1205840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll "vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "e:\\Gry\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "e:\\Gry\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "e:\\Gry\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "e:\\Gry\\CS 1.6\\hl.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "e:\\Gry\\CS 1.6\\hlds.exe"= "e:\\Gry\\CoD4\\iw3mp.exe"= "c:\\Program Files\\8BallClub\\GameDirector.exe"= "e:\\Gry\\CSS\\Counter-Strike Source\\hl2.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "e:\\Gry\\cs 1.6 v32\\hl.exe"= "c:\\Program Files\\Java\\jre1.6.0_06\\launch4j-tmp\\JDownloader.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12389:TCP"= 12389:TCP:BitComet 12389 TCP "12389:UDP"= 12389:UDP:BitComet 12389 UDP "17389:TCP"= 17389:TCP:BitComet 17389 TCP "17389:UDP"= 17389:UDP:BitComet 17389 UDP R2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2007-01-04 69656] R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-03-27 14336] R3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-03-27 13312] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-03-21 33808] S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2007-08-14 18816] S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Zawartość folderu 'Zaplanowane zadania' 2009-04-16 c:\windows\Tasks\Konserwacja jednym kliknięciem.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-27 11:09] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.bearshare.com/pl/ TCP: {7D65BB3A-0E2E-4653-BFDE-E65E13D275EC} = 213.241.79.37 83.238.255.76 FF - ProfilePath - c:\documents and settings\Karool\Dane aplikacji\Mozilla\Firefox\Profiles\dfc04iw3.default\ FF - component: c:\documents and settings\Karool\Dane aplikacji\Mozilla\Firefox\Profiles\dfc04iw3.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-16 18:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** "ServiceDll"="c:\windows\system32\es.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Downloads+RELOADED - SACRED 2 FALLEN ANGEL [CRACK] 100% WORKING+FAH.exe] "ImagePath"="c:\downloads\RELOADED - SACRED 2 FALLEN ANGEL [CRACK] 100% WORKING\FAH.exe -svcstart" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Downloads+RELOADED - SACRED 2 FALLEN ANGEL [CRACK] 100% WORKING+FAH.exe] "ImagePath"="c:\downloads\RELOADED - SACRED 2 FALLEN ANGEL . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1844237615-152049171-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:e2,6d,20,1f,97,76,25,8c,af,8e,9f,56,30,f4,02,d1,b6,8a,5b,35,5b, 3c,35,5e,cb,46,e4,91,3e,7c,39,ce,63,be,2c,53,f2,8f,4c,b6,6a,ae,9a,af,4c,3f,\ "rkeysecu"=hex:95,ca,bb,aa,4d,ff,43,dd,8f,e9,ba,1e,1c,91,12,64 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\e65ae326-7297-6599-f002-2618e63e824] @Denied: (Full) (AuthenticatedUsers) @Denied: (Full) (Administrators) "1twloo6xec29f"=hex:38,37,32,34,39,65,36,36,2d,36,35,62,38,2d,34,61,34,38,2d, 38,36,37,62,2d,62,37,31,34,62,65,61,63,36,64,35,66 "1btr3z0mvx1zc"=hex:65,00,00,00,f8,00,00,00,3f,48,92,ef,6b,61,72,6f,6f,6c,39, 39,33,00,00,00,00,00,00,00,66,9e,24,87,b8,65,48,4a,86,7b,b7,14,be,ac,6d,5f,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(1832) c:\windows\system32\msi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2009-04-16 18:12 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-04-16 16:12 Przed: 7 910 318 080 bajtów wolnych Po: 7 887 273 984 bajtów wolnych 345