ComboFix 11-12-17.05 - Admin 2011-12-18  14:55:26.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.1023.383 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
	/wow section nieukończony
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\str.sys
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-11-18 do 2011-12-18  )))))))))))))))))))))))))))))))
.
.
2011-12-18 13:07 . 2011-12-18 13:07	--------	d-----w-	c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\ESET
2011-12-18 13:02 . 2011-12-18 13:02	--------	d-----w-	c:\program files\ArpanTECH
2011-12-18 13:01 . 2011-12-18 13:01	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PC Tools
2011-12-18 12:36 . 2011-12-18 12:36	191488	----a-w-	c:\documents and settings\Admin\Dane aplikacji\27.exe
2011-12-18 12:21 . 2011-12-18 12:21	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Martau
2011-12-18 12:21 . 2011-12-18 12:21	--------	d-----w-	c:\program files\Total Uninstall 5
2011-12-18 11:30 . 2011-12-18 14:14	221696	----a-w-	c:\documents and settings\Admin\Dane aplikacji\22.exe
2011-12-18 11:23 . 2011-12-18 11:23	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ESET
2011-12-18 11:14 . 2011-12-18 11:14	--------	d--h--w-	c:\documents and settings\All Users\Dane aplikacji\Common Files
2011-12-18 11:10 . 2011-12-18 11:14	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\MFAData
2011-12-18 11:05 . 2011-12-18 11:05	150016	----a-w-	c:\documents and settings\Admin\Dane aplikacji\462.tmp
2011-12-18 11:02 . 2011-12-18 11:02	412160	----a-w-	c:\documents and settings\Admin\Dane aplikacji\460.exe
2011-12-18 11:00 . 2011-12-18 11:00	191488	----a-w-	c:\documents and settings\Admin\Dane aplikacji\458.exe
2011-12-18 11:00 . 2011-12-18 11:00	221696	----a-w-	c:\documents and settings\Admin\Dane aplikacji\454.exe
2011-12-17 15:57 . 2011-12-17 15:57	220160	----a-w-	c:\documents and settings\Admin\Dane aplikacji\E.exe
2011-12-17 15:57 . 2011-12-17 15:57	191488	----a-w-	c:\documents and settings\Admin\Dane aplikacji\A.exe
2011-12-17 14:53 . 2011-12-17 14:53	326	----a-w-	c:\documents and settings\Admin\Dane aplikacji\E35.exe
2011-12-17 14:52 . 2011-12-17 14:52	83	----a-w-	c:\documents and settings\Admin\Dane aplikacji\E33.exe
2011-12-17 10:03 . 2011-12-17 10:03	326	----a-w-	c:\documents and settings\Admin\Dane aplikacji\36.exe
2011-12-17 10:03 . 2011-12-17 10:03	83	----a-w-	c:\documents and settings\Admin\Dane aplikacji\34.exe
2011-12-17 10:03 . 2011-12-18 11:30	412160	----a-w-	c:\documents and settings\Admin\Dane aplikacji\2A.exe
2011-12-16 19:42 . 2011-12-16 19:42	326	----a-w-	c:\documents and settings\Admin\Dane aplikacji\21B0.exe
2011-12-16 19:42 . 2011-12-16 19:42	83	----a-w-	c:\documents and settings\Admin\Dane aplikacji\21AE.exe
2011-12-16 10:59 . 2011-12-18 14:15	191488	----a-w-	c:\documents and settings\Admin\Dane aplikacji\26.exe
2011-12-16 10:59 . 2011-12-18 12:35	221696	----a-w-	c:\documents and settings\Admin\Dane aplikacji\23.exe
2011-12-16 10:59 . 2011-12-16 10:59	191488	----a-w-	c:\documents and settings\Admin\Dane aplikacji\1F.exe
2011-12-16 10:58 . 2011-12-16 10:58	220160	----a-w-	c:\documents and settings\Admin\Dane aplikacji\1B.exe
2011-12-15 21:41 . 2011-12-15 21:41	326	----a-w-	c:\documents and settings\Admin\Dane aplikacji\5FE.exe
2011-12-15 21:41 . 2011-12-15 21:41	83	----a-w-	c:\documents and settings\Admin\Dane aplikacji\5FC.exe
2011-12-15 21:12 . 2011-12-17 15:58	326	----a-w-	c:\documents and settings\Admin\Dane aplikacji\18.exe
2011-12-15 21:12 . 2011-12-17 15:58	83	----a-w-	c:\documents and settings\Admin\Dane aplikacji\16.exe
2011-12-15 21:12 . 2011-12-17 15:58	391168	----a-w-	c:\documents and settings\Admin\Dane aplikacji\13.exe
2011-12-15 21:12 . 2011-12-15 22:01	191488	----a-w-	c:\documents and settings\Admin\Dane aplikacji\F.exe
2011-12-15 21:12 . 2011-12-15 22:01	220160	----a-w-	c:\documents and settings\Admin\Dane aplikacji\B.exe
2011-12-15 21:09 . 2011-12-15 21:09	5190	----a-w-	c:\documents and settings\Admin\Dane aplikacji\6B0.exe
2011-12-15 21:09 . 2011-12-15 21:09	83	----a-w-	c:\documents and settings\Admin\Dane aplikacji\6AB.exe
2011-12-15 20:27 . 2011-12-18 12:36	412160	----a-w-	c:\documents and settings\Admin\Dane aplikacji\2B.exe
2011-12-15 20:27 . 2011-12-16 10:59	326	----a-w-	c:\documents and settings\Admin\Dane aplikacji\28.exe
2011-12-15 20:27 . 2011-12-15 20:27	391168	----a-w-	c:\documents and settings\Admin\Dane aplikacji\25.exe
2011-12-15 20:27 . 2011-12-15 20:27	191488	----a-w-	c:\documents and settings\Admin\Dane aplikacji\21.exe
2011-12-15 20:27 . 2011-12-15 20:27	220160	----a-w-	c:\documents and settings\Admin\Dane aplikacji\1D.exe
2011-12-15 11:43 . 2011-12-15 11:43	--------	d-----w-	c:\documents and settings\Admin\Dane aplikacji\medina0
2011-12-15 11:43 . 2011-12-15 11:43	584872	----a-w-	c:\documents and settings\Admin\Dane aplikacji\45.exe
2011-12-15 11:42 . 2011-12-15 11:42	391168	----a-w-	c:\documents and settings\Admin\Dane aplikacji\3C.exe
2011-12-15 11:42 . 2011-12-17 10:03	391168	----a-w-	c:\documents and settings\Admin\Dane aplikacji\31.exe
2011-12-15 11:42 . 2011-12-15 11:42	220160	----a-w-	c:\documents and settings\Admin\Dane aplikacji\2D.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 09:40 . 2011-09-24 09:40	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-11 16:12 . 2011-10-27 17:43	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
2010-10-20 14:33	481872	----a-w-	c:\program files\vShare\vshare_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20	279944	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
2011-06-01 15:47	177712	----a-w-	c:\program files\vShare.tv plugin\BarLcher.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
"{043C5167-00BB-4324-AF7E-62013FAEDACF}"= "c:\program files\vShare\vshare_toolbar.dll" [2010-10-20 481872]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{043c5167-00bb-4324-af7e-62013faedacf}]
[HKEY_CLASSES_ROOT\vShare.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}]
[HKEY_CLASSES_ROOT\vShare.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{043C5167-00BB-4324-AF7E-62013FAEDACF}"= "c:\program files\vShare\vshare_toolbar.dll" [2010-10-20 481872]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
.
[HKEY_CLASSES_ROOT\clsid\{043c5167-00bb-4324-af7e-62013faedacf}]
[HKEY_CLASSES_ROOT\vShare.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}]
[HKEY_CLASSES_ROOT\vShare.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"Steam"="e:\cs steam\steam.exe" [2011-08-02 1242448]
"iKill"="c:\program files\ArpanTECH\iKill\iKill.exe" [2010-03-21 241664]
"iKill"="c:\program files\ArpanTECH\iKill\iKill.exe" [2010-03-21 241664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-04-08 296631]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\Admin\Menu Start\Programy\Autostart\
raw32.exe [2009-12-22 20992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"e:\\Programy\\AQQ\\AQQ.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\AREK\\Blobby Volley v1.8 na Peter\\volley.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"e:\\cs\\hl.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\math.exe"=
"c:\\Program Files\\IQ Publishing\\Dance Party\\Program\\DanceParty.exe"=
"e:\\css\\Counter-Strike Source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\cs\\hlds.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Nakido\\nakido.exe"=
"d:\\Rafał\\Catia\\intel_a\\code\\bin\\CNEXT.exe"=
"e:\\cs steam\\steamapps\\osada88\\half-life blue shift\\hl.exe"=
"e:\\cs steam\\steamapps\\osada89\\opposing force\\hl.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"e:\\ansys\\program\\v110\\RSM\\bin\\JobManagerService.exe"=
"e:\\ansys\\program\\v110\\RSM\\bin\\JMAdmin.exe"=
"e:\\ansys\\program\\v110\\RSM\\bin\\JMPassword.exe"=
"e:\\ansys\\program\\v110\\RSM\\bin\\ScriptHostService.exe"=
"e:\\ansys\\program\\v110\\AISOL\\CommonFiles\\intel\\AnsysWBU.exe"=
"e:\\ansys\\program\\v110\\ANSYS\\bin\\intel\\ANSYS.exe"=
"e:\\ansys\\program\\v110\\AISOL\\CAD Integration\\intel\\ActivePIMgrU.exe"=
"e:\\ansys\\program\\v110\\AISOL\\CAD Integration\\intel\\ReaderHostU.exe"=
"e:\\ansys\\program\\v110\\CommonFiles\\TCL\\bin\\intel\\tclsh.exe"=
"e:\\ansys\\program\\v110\\CommonFiles\\TCL\\bin\\intel\\wish.exe"=
"c:\\Documents and Settings\\Admin\\Pulpit\\teamspeak3-server_win32-3.0.0-beta26\\teamspeak3-server_win32\\ts3server_win32.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\ICPDAS\\VxCommW7\\VxComm.exe"=
"e:\\cs steam\\Steam.exe"=
"e:\\GIERKI\\cs\\hltv.exe"=
"e:\\cs steam\\steamapps\\common\\monday night combat\\Binaries\\Win32\\mnc.exe"=
"e:\\cs steam\\steamapps\\osada89\\half-life\\hl.exe"=
"e:\\cs steam\\steamapps\\osada88\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"e:\\cs steam\\steamapps\\osada89\\day of defeat\\hl.exe"=
"e:\\cs steam\\steamapps\\osada88\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"e:\\cs steam\\steamapps\\osada88\\team fortress classic\\hl.exe"=
"e:\\cs steam\\steamapps\\osada88\\day of defeat\\hl.exe"=
"e:\\cs steam\\steamapps\\osada88\\deathmatch classic\\hl.exe"=
"e:\\cs steam\\steamapps\\osada88\\opposing force\\hl.exe"=
"e:\\cs steam\\steamapps\\osada88\\ricochet\\hl.exe"=
"e:\\cs steam\\steamapps\\osada88\\half-life\\hl.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"e:\\cs steam\\steamapps\\osada89\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-05-06 436792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 JobManagerService110;Ansys JobManager Service V11;e:\ansys\program\v110\RSM\bin\JobManagerService.exe [2007-09-20 20480]
R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [2009-07-10 328704]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-29 2214504]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI8A7.tmp [2009-05-07 189696]
R2 ScriptHostService110;Ansys ScriptHost Service V11;e:\ansys\program\v110\RSM\bin\ScriptHostService.exe [2007-09-20 20480]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2001-10-26 3584]
S2 quikqf;quikqf;\??\c:\windows\system32\drivers\xugxkqf.sys --> c:\windows\system32\drivers\xugxkqf.sys [?]
S2 Ynsernet;Ynsernet;c:\windows\system32\drivers\Ynsernet.sys [2010-09-07 61056]
S3 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\program files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe --> c:\program files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe [?]
S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-162531612-725345543-1003Core.job
- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-04-17 12:47]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-162531612-725345543-1003UA.job
- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-04-17 12:47]
.
2011-12-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 20:18]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://facebook.com/
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.17\AMVConverter\grab.html
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.233.1
TCP: Interfaces\{093F90DC-E944-49F6-9AF3-B1FC8AB42590}: NameServer = 78.131.142.5,213.199.225.14
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vShare\vshare_toolbar.dll
DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\dunlch1d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: network.proxy.type - 0
.
.
------- Skojarzenia plików -------
.
.scr=AutoCADScriptFile
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
BHO-{6D7B211A-88EA-490c-BAB9-3600D8D7C503} - (no file)
BHO-{92860A02-4D69-48c1-82D7-EF6B2C609502} - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-HijackThis - j:\tools\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 15:13
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jvbubd"="c:\\Documents and Settings\\Admin\\Dane aplikacji\\Jvbubd.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI8A7.tmp"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-162531612-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1343024091-162531612-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3e,a8,97,3c,05,84,c5,44,20,93,d5,a6,ad,ed,55,14,da,ce,da,18,84,
   a5,03,4d,56,6f,40,90,5e,7d,c0,a5,26,97,5a,29,78,35,f7,e8,f8,fb,71,66,cd,82,\
"rkeysecu"=hex:0e,bd,7e,7e,a1,03,ed,ae,dc,30,12,81,e0,ec,bf,10
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4168)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(708)
c:\windows\system32\WININET.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\SOUNDMAN.EXE
c:\documents and settings\Admin\Dane aplikacji\22.exe
c:\documents and settings\Admin\Dane aplikacji\26.exe
c:\documents and settings\Admin\Dane aplikacji\2A.exe
.
**************************************************************************
.
Czas ukończenia: 2011-12-18  15:22:00 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-12-18 14:21
.
Przed: 8 023 547 904 bajtów wolnych
Po: 8 196 866 048 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D879B56F85B2BBC570A13882742ECF3F