ComboFix 11-10-17.01 - xp 2011-10-17 16:42:17.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1015.464 [GMT 2:00] Uruchomiony z: c:\documents and settings\xp\Pulpit\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735} c:\windows\749563319 c:\windows\assembly\GAC_MSIL\desktop.ini c:\windows\COM+.log c:\windows\system32\ . Zainfekowana kopia c:\windows\system32\Ati2evxx.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2evxx.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_b76dad2c . . ((((((((((((((((((((((((( Pliki utworzone od 2011-09-17 do 2011-10-17 ))))))))))))))))))))))))))))))) . . 2011-10-17 14:38 . 2011-10-17 14:38 -------- d-----w- c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\Sun 2011-10-17 14:38 . 2011-10-17 14:38 -------- d-----w- c:\program files\Common Files\Java 2011-10-17 14:37 . 2011-10-17 14:37 128000 ----a-w- c:\windows\system32\javacpl.cpl 2011-10-17 12:44 . 2011-10-17 12:44 -------- d-----w- c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\ATI 2011-10-17 12:44 . 2011-10-17 12:44 -------- d-----w- c:\documents and settings\xp\Dane aplikacji\ATI 2011-10-17 12:44 . 2011-10-17 12:44 -------- d-----w- c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\ApplicationHistory 2011-10-17 12:41 . 2011-10-17 12:41 -------- d-----w- c:\program files\Common Files\ATI Technologies 2011-10-17 12:39 . 2011-10-17 12:40 -------- d-----w- c:\program files\ATI Technologies 2011-10-17 12:38 . 2011-10-17 12:38 -------- d-----w- c:\windows\system32\URTTEMP 2011-10-17 12:36 . 2006-05-15 06:18 12416 ----a-r- c:\windows\system32\drivers\EIO.sys 2011-10-17 12:36 . 2006-05-03 04:54 307200 ----a-r- c:\windows\system32\atiiiexx.dll 2011-10-17 11:11 . 2011-10-17 11:11 -------- d-----w- C:\Nowy folder 2011-10-17 09:30 . 2008-04-14 20:51 5632 ----a-w- c:\windows\system32\dllcache\cisvc.exe 2011-10-17 09:30 . 2008-04-14 20:51 5632 ----a-w- c:\windows\system32\cisvc.exe 2011-10-15 16:37 . 2011-10-15 16:37 -------- d-sh--w- c:\documents and settings\xp\Ustawienia lokalne\Dane aplikacji\b76dad2c 2011-10-13 10:40 . 2011-10-13 10:54 -------- d-----w- C:\Cameo Collection 1977 - 2002 FLAC 2011-10-12 05:59 . 2011-10-13 05:18 -------- d-----w- C:\boys - lody 2011-10-07 15:36 . 2011-10-07 15:37 -------- d-----w- C:\Jan Hammer . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-17 14:37 . 2010-06-29 10:20 544656 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-02 05:43 . 2011-05-02 16:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [-] 2007-10-15 . 0FB6743E937C7BB248B2530A5A77ABC6 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtServicePackUninstall$\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2011-10-17_10.06.27 ))))))))))))))))))))))))))))))))))))))))) . + 2003-02-21 03:16 . 2003-02-21 03:16 49152 c:\windows\system32\URTTEMP\regtlib.exe + 2011-10-17 12:39 . 2006-05-03 04:45 77824 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Oemdspif.dll + 2011-10-17 12:39 . 2001-11-08 16:00 24064 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativcoxx.dll + 2011-10-17 12:39 . 2006-05-03 04:15 17408 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atitvo32.dll + 2011-10-17 12:39 . 2006-05-03 04:43 53248 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDDC.DLL + 2011-10-17 12:39 . 2006-05-03 04:45 26112 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Ati2mdxx.exe + 2011-10-17 12:39 . 2006-05-03 04:44 61440 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.dll + 2011-10-17 12:39 . 2006-05-03 04:10 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2erec.dll + 2011-10-17 12:39 . 2006-05-03 04:45 41984 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2edxx.dll + 2011-10-17 12:39 . 2006-05-03 04:45 77824 c:\windows\system32\ReinstallBackups\0000\DriverFiles\Oemdspif.dll + 2011-10-17 12:39 . 2001-11-08 16:00 24064 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ativcoxx.dll + 2011-10-17 12:39 . 2006-05-03 04:15 17408 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atitvo32.dll + 2011-10-17 12:39 . 2006-05-03 04:43 53248 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ATIDDC.DLL + 2011-10-17 12:39 . 2006-05-03 04:45 26112 c:\windows\system32\ReinstallBackups\0000\DriverFiles\Ati2mdxx.exe + 2011-10-17 12:39 . 2006-05-03 04:44 61440 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2evxx.dll + 2011-10-17 12:39 . 2006-05-03 04:10 40960 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2erec.dll + 2011-10-17 12:39 . 2006-05-03 04:45 41984 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2edxx.dll + 2001-10-26 20:15 . 2011-10-17 14:38 88478 c:\windows\system32\perfc015.dat + 2001-08-18 01:30 . 2011-10-17 14:38 70576 c:\windows\system32\perfc009.dat + 2006-05-03 04:45 . 2006-05-03 04:45 77824 c:\windows\system32\Oemdspif.dll + 2011-10-17 12:42 . 2005-10-18 13:01 11008 c:\windows\system32\drivers\atkkbnt.sys + 2006-05-03 04:10 . 2006-05-03 04:10 40960 c:\windows\system32\drivers\ati2erec.dll + 2011-10-17 12:42 . 2005-08-31 12:06 10496 c:\windows\system32\ATKOSDMini.DLL + 2011-10-17 12:42 . 2006-04-06 09:34 37888 c:\windows\system32\ATKOGL32.dll - 2001-11-09 16:01 . 2001-11-09 16:01 24064 c:\windows\system32\ativcoxx.dll + 2001-11-08 16:00 . 2001-11-08 16:00 24064 c:\windows\system32\ativcoxx.dll - 2009-02-25 20:38 . 2009-02-25 20:38 17408 c:\windows\system32\atitvo32.dll + 2006-05-03 04:15 . 2006-05-03 04:15 17408 c:\windows\system32\atitvo32.dll + 2005-10-03 13:35 . 2005-10-03 13:35 73728 c:\windows\system32\atiexdxx.dll + 2006-05-03 04:43 . 2006-05-03 04:43 53248 c:\windows\system32\ATIDDC.DLL - 2009-02-25 21:26 . 2009-02-25 21:26 53248 c:\windows\system32\ATIDDC.DLL + 2006-05-03 04:45 . 2006-05-03 04:45 26112 c:\windows\system32\Ati2mdxx.exe - 2009-02-25 21:29 . 2009-02-25 21:29 26112 c:\windows\system32\Ati2mdxx.exe + 2006-05-03 04:44 . 2006-05-03 04:44 61440 c:\windows\system32\ati2evxx.dll + 2006-05-03 04:45 . 2006-05-03 04:45 41984 c:\windows\system32\ati2edxx.dll + 2011-10-17 12:42 . 2005-08-31 12:16 46080 c:\windows\system32\asrussian.dll + 2011-10-17 12:42 . 2005-08-31 12:16 45568 c:\windows\system32\askorean.dll + 2011-10-17 12:42 . 2005-08-31 12:16 45568 c:\windows\system32\asjapan.dll + 2011-10-17 12:42 . 2005-08-31 12:16 46080 c:\windows\system32\asgerman.dll + 2011-10-17 12:42 . 2005-08-31 12:16 46592 c:\windows\system32\asfrench.dll + 2011-10-17 12:42 . 2005-08-31 12:16 46080 c:\windows\system32\aseng.dll + 2011-10-17 12:42 . 2005-08-31 12:16 45568 c:\windows\system32\ASCHT.dll + 2011-10-17 12:42 . 2005-08-31 12:16 45568 c:\windows\system32\aschs.dll + 2003-02-20 18:10 . 2003-02-20 18:10 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll + 2003-02-21 05:24 . 2003-02-21 05:24 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll + 2003-02-21 05:26 . 2003-02-21 05:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll + 2003-02-20 17:09 . 2003-02-20 17:09 64000 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll + 2003-02-21 05:26 . 2003-02-21 05:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll + 2003-02-21 05:26 . 2003-02-21 05:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll + 2003-02-21 05:26 . 2003-02-21 05:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll + 2003-02-21 05:25 . 2003-02-21 05:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe + 2003-02-21 05:26 . 2003-02-21 05:26 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll + 2003-02-21 05:25 . 2003-02-21 05:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe + 2003-02-20 17:09 . 2003-02-20 17:09 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll + 2003-02-20 17:09 . 2003-02-20 17:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe + 2003-02-20 16:43 . 2003-02-20 16:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll + 2003-02-20 17:18 . 2003-02-20 17:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll + 2003-02-20 17:09 . 2003-02-20 17:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2003-02-20 17:09 . 2003-02-20 17:09 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll + 2003-02-20 17:06 . 2003-02-20 17:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll + 2003-02-20 17:09 . 2003-02-20 17:09 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2003-02-20 17:09 . 2003-02-20 17:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2003-02-20 17:09 . 2003-02-20 17:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll + 2003-02-21 05:25 . 2003-02-21 05:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe + 2003-02-21 05:25 . 2003-02-21 05:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe + 2003-02-21 05:25 . 2003-02-21 05:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2003-02-21 05:24 . 2003-02-21 05:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll + 2003-02-21 05:24 . 2003-02-21 05:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll + 2003-02-21 05:24 . 2003-02-21 05:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe + 2003-02-21 05:24 . 2003-02-21 05:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll + 2003-02-20 17:22 . 2003-02-20 17:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll + 2003-02-21 05:24 . 2003-02-21 05:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe + 2003-02-21 05:24 . 2003-02-21 05:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll + 2003-02-21 02:12 . 2003-02-21 02:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe + 2003-02-21 05:24 . 2003-02-21 05:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll + 2003-02-21 05:24 . 2003-02-21 05:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll + 2003-02-21 08:20 . 2003-02-21 08:20 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe + 2003-02-20 17:09 . 2003-02-20 17:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2003-02-21 05:24 . 2003-02-21 05:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe + 2003-02-21 05:24 . 2003-02-21 05:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe + 2003-02-20 17:19 . 2003-02-20 17:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2003-02-20 17:19 . 2003-02-20 17:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe + 2003-02-20 17:19 . 2003-02-20 17:19 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe + 2003-02-20 17:19 . 2003-02-20 17:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll + 2003-02-20 17:19 . 2003-02-20 17:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll + 2003-02-21 03:00 . 2003-02-21 03:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll + 2003-02-21 01:55 . 2003-02-21 01:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll + 2003-02-21 00:59 . 2003-02-21 00:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll + 2011-10-17 12:41 . 2011-10-17 12:41 25214 c:\windows\Installer\{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}\ARPPRODUCTICON.exe + 2011-10-17 12:42 . 2011-10-17 12:42 10134 c:\windows\Installer\{71D4305B-56E6-4971-A799-FB7678A1D1AB}\ARPPRODUCTICON.exe + 2011-10-17 12:38 . 2011-10-17 12:38 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7886fb02\System.Drawing.Design.dll + 2011-10-17 12:38 . 2011-10-17 12:38 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7a0848c0\CustomMarshalers.dll + 2011-10-17 12:38 . 2011-10-17 12:38 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2011-10-17 12:38 . 2011-10-17 12:38 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2011-10-17 12:38 . 2011-10-17 12:38 64000 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll + 2011-10-17 12:38 . 2011-10-17 12:38 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2011-10-17 12:38 . 2011-10-17 12:38 86016 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2011-10-17 12:38 . 2011-10-17 12:38 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2011-10-17 12:38 . 2011-10-17 12:38 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll + 2011-10-17 12:38 . 2011-10-17 12:38 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2011-10-17 12:38 . 2011-10-17 12:38 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2011-10-17 12:38 . 2011-10-17 12:38 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2011-10-17 12:38 . 2011-10-17 12:38 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2011-10-17 12:38 . 2011-10-17 12:38 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll + 2011-10-17 12:38 . 2011-10-17 12:38 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2011-10-17 12:38 . 2011-10-17 12:38 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll + 2003-02-20 16:43 . 2003-02-20 16:43 4096 c:\windows\system32\mui\0409\mscoreer.dll + 2003-02-20 17:09 . 2003-02-20 17:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll + 2003-02-21 05:25 . 2003-02-21 05:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll + 2003-02-21 05:25 . 2003-02-21 05:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll + 2003-02-21 05:24 . 2003-02-21 05:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll + 2003-02-21 05:24 . 2003-02-21 05:24 7168 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll + 2003-02-21 05:24 . 2003-02-21 05:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe + 2003-02-21 05:24 . 2003-02-21 05:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll + 2011-10-17 12:38 . 2011-10-17 12:38 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2011-10-17 12:38 . 2011-10-17 12:38 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll + 2011-10-17 12:38 . 2011-10-17 12:38 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll + 2011-10-17 12:38 . 2011-10-17 12:38 7168 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2011-10-17 12:38 . 2011-10-17 12:38 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll + 2011-10-17 12:39 . 2006-05-03 04:45 114688 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atipdlxx.dll + 2011-10-17 12:39 . 2006-05-03 04:15 151552 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atikvmag.dll + 2011-10-17 12:39 . 2006-05-03 04:54 307200 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiiiexx.dll + 2011-10-17 12:39 . 2006-04-28 08:05 127614 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiicdxx.dat + 2011-10-17 12:39 . 2006-05-03 04:12 286720 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGR.dll + 2011-10-17 12:39 . 2006-05-03 04:43 413696 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.exe + 2011-10-17 12:39 . 2006-05-03 04:51 258048 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2dvag.dll + 2011-10-17 12:39 . 2006-05-03 04:09 282624 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2cqag.dll + 2011-10-17 12:39 . 2006-05-03 04:45 114688 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atipdlxx.dll + 2011-10-17 12:39 . 2006-05-03 04:15 151552 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atikvmag.dll + 2011-10-17 12:39 . 2006-05-03 04:54 307200 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atiiiexx.dll + 2011-10-17 12:39 . 2006-04-28 08:05 127614 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atiicdxx.dat + 2011-10-17 12:39 . 2006-05-03 04:12 286720 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ATIDEMGR.dll + 2011-10-17 12:39 . 2006-05-03 04:43 413696 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2evxx.exe + 2011-10-17 12:39 . 2006-05-03 04:51 258048 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2dvag.dll + 2011-10-17 12:39 . 2006-05-03 04:09 282624 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2cqag.dll + 2001-10-26 20:15 . 2011-10-17 14:38 500010 c:\windows\system32\perfh015.dat + 2001-08-18 01:30 . 2011-10-17 14:38 441078 c:\windows\system32\perfh009.dat + 2011-10-17 14:37 . 2011-10-17 14:37 214408 c:\windows\system32\javaws.exe + 2011-10-17 14:37 . 2011-10-17 14:37 173960 c:\windows\system32\javaw.exe + 2011-10-17 14:37 . 2011-10-17 14:37 173960 c:\windows\system32\java.exe + 2011-10-17 12:42 . 2005-12-21 13:45 992896 c:\windows\system32\drivers\Bravo_n.sys + 2011-10-17 12:42 . 2005-12-21 13:48 992896 c:\windows\system32\drivers\Bravo_a.sys + 2009-02-25 21:41 . 2006-05-03 04:51 258048 c:\windows\system32\dllcache\ati2dvag.dll + 2009-02-25 20:32 . 2006-05-03 04:09 282624 c:\windows\system32\dllcache\ati2cqag.dll + 2011-10-17 12:42 . 2006-04-10 15:42 250368 c:\windows\system32\ATKDISP.dll + 2006-05-03 04:45 . 2006-05-03 04:45 114688 c:\windows\system32\atipdlxx.dll + 2006-05-03 04:15 . 2006-05-03 04:15 151552 c:\windows\system32\atikvmag.dll + 2011-10-17 12:36 . 2006-04-28 08:05 127614 c:\windows\system32\atiicdxx.dat + 2006-05-03 04:12 . 2006-05-03 04:12 286720 c:\windows\system32\ATIDEMGR.dll + 2006-05-03 04:43 . 2006-05-03 04:43 413696 c:\windows\system32\ati2evxx.exe + 2009-02-25 21:41 . 2006-05-03 04:51 258048 c:\windows\system32\ati2dvag.dll + 2009-02-25 20:32 . 2006-05-03 04:09 282624 c:\windows\system32\ati2cqag.dll + 2003-02-21 08:20 . 2003-02-21 08:20 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe + 2003-02-21 05:27 . 2003-02-21 05:27 569344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll + 2003-02-21 05:27 . 2003-02-21 05:27 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll + 2003-02-21 05:27 . 2003-02-21 05:27 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll + 2003-02-21 05:26 . 2003-02-21 05:26 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll + 2003-02-21 05:26 . 2003-02-21 05:26 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll + 2003-02-21 05:26 . 2003-02-21 05:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll + 2003-02-21 05:26 . 2003-02-21 05:26 368640 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll + 2003-02-21 05:26 . 2003-02-21 05:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll + 2003-02-21 05:26 . 2003-02-21 05:26 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll + 2003-02-21 05:25 . 2003-02-21 05:25 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll + 2003-02-20 17:09 . 2003-02-20 17:09 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll + 2003-02-20 17:09 . 2003-02-20 17:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll + 2003-02-20 17:09 . 2003-02-20 17:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll + 2003-02-21 02:42 . 2003-02-21 02:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll + 2003-02-20 17:09 . 2003-02-20 17:09 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll + 2003-02-20 16:43 . 2003-02-20 16:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll + 2003-02-20 17:06 . 2003-02-20 17:06 311296 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2003-02-20 17:09 . 2003-02-20 17:09 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll + 2003-02-21 05:26 . 2003-02-21 05:26 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll + 2003-02-21 05:26 . 2003-02-21 05:26 716800 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll + 2003-02-20 17:09 . 2003-02-20 17:09 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe + 2003-02-20 17:06 . 2003-02-20 17:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll + 2003-02-20 17:16 . 2003-02-20 17:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll + 2003-02-21 08:21 . 2003-02-21 08:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll + 2003-02-21 08:21 . 2003-02-21 08:21 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2002-07-29 09:11 . 2002-07-29 09:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll + 2003-02-20 17:19 . 2003-02-20 17:19 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2003-02-21 03:04 . 2003-02-21 03:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll + 2003-02-21 01:02 . 2003-02-21 01:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll + 2011-10-17 14:38 . 2011-10-17 14:38 176640 c:\windows\Installer\3d879.msi + 2011-10-17 14:37 . 2011-10-17 14:37 937984 c:\windows\Installer\3d872.msi + 2011-10-17 12:42 . 2006-04-10 15:54 241664 c:\windows\ATKKBService.exe + 2011-10-17 12:38 . 2011-10-17 12:38 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b5780fd9\System.Drawing.dll + 2011-10-17 12:38 . 2011-10-17 12:38 569344 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2011-10-17 12:38 . 2011-10-17 12:38 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2011-10-17 12:38 . 2011-10-17 12:38 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2011-10-17 12:38 . 2011-10-17 12:38 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2011-10-17 12:38 . 2011-10-17 12:38 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2011-10-17 12:38 . 2011-10-17 12:38 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll + 2011-10-17 12:38 . 2011-10-17 12:38 368640 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll + 2011-10-17 12:38 . 2011-10-17 12:38 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2011-10-17 12:38 . 2011-10-17 12:38 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll + 2011-10-17 12:38 . 2011-10-17 12:38 299008 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll + 2011-10-17 12:38 . 2011-10-17 12:38 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2011-10-17 12:38 . 2011-10-17 12:38 716800 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2011-10-17 12:39 . 2006-05-03 04:29 1408000 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dll + 2011-10-17 12:39 . 2006-05-03 04:18 5033984 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglxx.dll + 2011-10-17 12:39 . 2006-05-03 04:21 6684672 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglx1.dll + 2011-10-17 12:39 . 2006-05-03 04:35 2693280 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati3duag.dll + 2011-10-17 12:39 . 2006-05-03 04:50 1540608 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2mtag.sys + 2011-10-17 12:39 . 2006-05-03 04:29 1408000 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ativvaxx.dll + 2011-10-17 12:39 . 2006-05-03 04:18 5033984 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atioglxx.dll + 2011-10-17 12:39 . 2006-05-03 04:21 6684672 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atioglx1.dll + 2011-10-17 12:39 . 2006-05-03 04:35 2693280 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati3duag.dll + 2011-10-17 12:39 . 2006-05-03 04:50 1540608 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2mtag.sys + 2009-02-25 22:58 . 2006-05-03 04:50 1540608 c:\windows\system32\drivers\ati2mtag.sys + 2009-02-25 20:59 . 2006-05-03 04:29 1408000 c:\windows\system32\dllcache\ativvaxx.dll + 2009-02-25 21:16 . 2006-05-03 04:35 2693280 c:\windows\system32\dllcache\ati3duag.dll + 2009-02-25 22:58 . 2006-05-03 04:50 1540608 c:\windows\system32\dllcache\ati2mtag.sys + 2011-10-17 12:42 . 2006-04-06 09:34 2032640 c:\windows\system32\ATKOSDX32.dll + 2011-10-17 12:42 . 2005-09-12 09:52 1667072 c:\windows\system32\ATKDispCPL.dll + 2009-02-25 20:59 . 2006-05-03 04:29 1408000 c:\windows\system32\ativvaxx.dll + 2006-05-03 04:18 . 2006-05-03 04:18 5033984 c:\windows\system32\atioglxx.dll + 2006-05-03 04:21 . 2006-05-03 04:21 6684672 c:\windows\system32\atioglx1.dll + 2009-02-25 21:16 . 2006-05-03 04:35 2693280 c:\windows\system32\ati3duag.dll + 2003-02-21 03:04 . 2003-02-21 03:04 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll + 2003-02-21 05:27 . 2003-02-21 05:27 1335296 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll + 2003-02-21 05:27 . 2003-02-21 05:27 2039808 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll + 2003-02-21 05:27 . 2003-02-21 05:27 1245184 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2003-02-21 05:26 . 2003-02-21 05:26 1216512 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2003-02-21 05:26 . 2003-02-21 05:26 1699840 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll + 2003-02-21 05:26 . 2003-02-21 05:26 1290240 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll + 2003-02-20 17:08 . 2003-02-20 17:08 2482176 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2003-02-20 17:07 . 2003-02-20 17:07 2494464 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2003-02-21 05:26 . 2003-02-21 05:26 2088960 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2003-02-21 05:25 . 2003-02-21 05:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll + 2011-10-17 12:42 . 2011-10-17 12:42 6364672 c:\windows\Installer\3bbc8.msi + 2011-10-17 12:41 . 2011-10-17 12:41 3679232 c:\windows\Installer\3bbc2.msi + 2011-10-17 12:38 . 2011-10-17 12:38 3443712 c:\windows\Installer\3bba9.msi + 2011-10-17 12:38 . 2011-10-17 12:38 1929216 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_d9ea4b5d\System.dll + 2011-10-17 12:39 . 2011-10-17 12:39 2076672 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c59ec993\System.Xml.dll + 2011-10-17 12:39 . 2011-10-17 12:39 2994176 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c1c25051\System.Windows.Forms.dll + 2011-10-17 12:38 . 2011-10-17 12:38 1462272 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7c580ae6\System.Design.dll + 2011-10-17 12:38 . 2011-10-17 12:38 3289088 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_368728d6\mscorlib.dll + 2011-10-17 12:38 . 2011-10-17 12:38 1216512 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2011-10-17 12:38 . 2011-10-17 12:38 1335296 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll + 2011-10-17 12:38 . 2011-10-17 12:38 2039808 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll + 2011-10-17 12:38 . 2011-10-17 12:38 1245184 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2011-10-17 12:38 . 2011-10-17 12:38 1699840 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll + 2011-10-17 12:38 . 2011-10-17 12:38 1290240 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll + 2011-10-17 12:38 . 2011-10-17 12:38 1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll + 2011-10-17 12:41 . 2011-10-17 12:41 13073408 c:\windows\Installer\3bbba.msi . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyœlne, prawidłowe wpisy nie sš pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-10-17 16844800] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-04 198160] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/pl.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNjcwMDU4ODAwLVhMKzEtVDQtRkwrOS1YTzM2KzEtRjlNNCsxLUREVCsxNDQwMC1GTDEwKzEtREQxMEYrMS1TVDEwRkFQUCsx&prod=90&ver=10.0.1411" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ RaConfig.lnk - c:\windows\system32\RaConfig.exe [2009-6-19 380928] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^My applications^Tibia Client.exe] backup=c:\windows\pss\Tibia Client.exeStartup . [HKLM\~\startupfolder\C:^Documents and Settings^xp^Menu Start^Programy^Autostart^VMLoad.lnk] backup=c:\windows\pss\VMLoad.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2011-01-24 10:42 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\FlashGet\\FlashGet.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\VMLoad.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\K2T\\WTW\\wtw.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Documents and Settings\\xp\\Pulpit\\tdsskiller.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "24337:TCP"= 24337:TCP:BitComet 24337 TCP "24337:UDP"= 24337:UDP:BitComet 24337 UDP "25374:TCP"= 25374:TCP:BitComet 25374 TCP "25374:UDP"= 25374:UDP:BitComet 25374 UDP "24390:TCP"= 24390:TCP:BitComet 24390 TCP "24390:UDP"= 24390:UDP:BitComet 24390 UDP . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-07-08 218688] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-03-06 27632] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 136176] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-03-04 13224] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 136176] S3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2009-06-19 51712] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-03-04 155344] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-17 717296] . Zawartoœć folderu 'Zaplanowane zadania' . 2011-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:00] . 2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:00] . . ------- Skan uzupełniajšcy ------- . uStart Page = hxxp://www.google.pl/ uInternet Settings,ProxyOverride = local IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Pobierz wszystkie VIdeo za pomocš BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocš BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz za pomocš BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Pobierz za pomocš Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm IE: Œcišgnij przy pomocy FlashGet'a - c:\program files\FlashGet\jc_link.htm IE: Œcišgnij wszystko przy pomocy FlashGet'a - c:\program files\FlashGet\jc_all.htm IE: ????3?? - c:\documents and settings\xp\Dane aplikacji\FlashGetBHO\GetUrl.htm IE: ????3?????? - c:\documents and settings\xp\Dane aplikacji\FlashGetBHO\GetAllUrl.htm LSP: mswsock.dll FF - ProfilePath - c:\documents and settings\xp\Dane aplikacji\Mozilla\Firefox\Profiles\bcgy9kmy.default\ FF - prefs.js: browser.search.selectedEngine - Allegro FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - prefs.js: network.proxy.type - 0 . - - - - USUNIĘTO PUSTE WPISY - - - - . AddRemove-{df6db4c8-9280-46e3-b110-0d8233bdb96d} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-17 16:54 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . . c:\windows\749563319:1217549011.exe 816 bytes executable . . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}] @="c:\\Documents and Settings\\xp\\Dane aplikacji\\FlashGetBHO\\GetUrl.htm" "contexts"=dword:00000022 . [HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}hQčţ”Ľc] @="c:\\Documents and Settings\\xp\\Dane aplikacji\\FlashGetBHO\\GetAllUrl.htm" "contexts"=dword:000000f3 . [HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{21852CCB-77AA-C9F5-DB58-7AE8C903D781}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "nahcfegdjemgcpkgkbplllmglhem"=hex:6b,61,6c,65,61,68,64,6d,70,68,67,6f,66,6c, 62,69,64,6a,69,69,69,67,00,00 "mabchcbdglnfcnjknaoaipccmb"=hex:6b,61,6d,65,64,69,65,6c,6b,63,6a,70,61,69,62, 6e,62,69,61,69,64,61,00,00 "iahcfegdjemgcpkgkb"=hex:6b,61,6c,65,62,68,61,63,6a,6d,6e,66,6b,6e,6d,67,68,6b, 6c,6c,6f,6c,00,00 "habchcbdglnfcnjk"=hex:6b,61,6c,65,62,68,61,63,6a,6d,6e,66,6b,6e,6d,67,68,6b, 6c,6c,6f,6c,00,00 . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\749563319:1217549011.exe c:\windows\system32\Ati2evxx.exe c:\windows\RTHDCPL.EXE c:\windows\ATKKBService.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2011-10-17 16:58:55 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-10-17 14:58 ComboFix2.txt 2011-10-17 11:39 ComboFix3.txt 2011-10-17 10:11 . Przed: 17 465 794 560 bajtów wolnych Po: 17 453 690 880 bajtów wolnych . - - End Of File - - FD5D40F46526FAC576A4E6DA9BB1AD32