Wyskakujące Reklamy

iamthekacper · 30 Kwietnia 2008

Witam. Co jakis czas wyskakuja mi jakieś reklamy i takie tam dziwne strony 8O Wczoraj an dodatek nie mogłem wejść na zadnastrone ani OPera ani z IE :)

Oto logi z combofix i HIjack oraz silent runers

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - ComboFix

ComboFix 08-04-29.3 - Administrator 2008-04-30 9:10:49.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2675 [GMT 2:00]

Running from: C:\Documents and Settings\Administrator\Pulpit\portable\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

I:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))

.

2008-04-27 11:32 . 2008-04-27 11:32 <DIR> d-------- C:\SOYO

2008-04-27 11:23 . 2008-04-27 11:27 37 --a------ C:\WINDOWS\CMAURACK.INI

2008-04-27 11:23 . 2008-04-27 11:26 36 --a------ C:\WINDOWS\CMMPLAY.INI

2008-04-27 11:20 . 2008-04-27 12:02 140 --a------ C:\WINDOWS\CMMIXER.INI

2008-04-27 11:20 . 2008-04-27 12:03 84 --a------ C:\WINDOWS\CMSurround.ini

2008-04-27 11:12 . 2008-04-27 11:12 <DIR> d-------- C:\Program Files\PCI Audio Applications

2008-04-27 11:12 . 2008-04-27 11:12 <DIR> d-------- C:\Program Files\C-Media

2008-04-27 11:12 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-04-27 11:12 . 2004-08-11 06:44 135,168 --a------ C:\WINDOWS\cmuninst.dat

2008-04-27 11:12 . 2004-08-11 06:44 15,448 --------- C:\WINDOWS\cmaudio.ini

2008-04-27 11:12 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2008-04-27 11:12 . 2004-08-03 23:08 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys

2008-04-27 11:12 . 2008-04-27 11:15 411 --a------ C:\WINDOWS\CMISETUP.INI

2008-04-27 11:12 . 2008-04-27 11:23 40 --a------ C:\WINDOWS\CMCDPLAY.INI

2008-04-27 11:11 . 2004-08-11 06:44 1,228,800 --a------ C:\WINDOWS\mixer.exe

2008-04-27 11:11 . 2004-08-11 06:44 765,952 --a------ C:\WINDOWS\system\crlds3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a--c--- C:\WINDOWS\system32\dllcache\a3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll

2008-04-27 11:11 . 2004-08-11 06:44 712,704 --a------ C:\WINDOWS\system32\a3d.dll

2008-04-27 11:11 . 2004-08-11 06:44 370,382 --a------ C:\WINDOWS\system32\drivers\cmaudio.sys

2008-04-27 11:11 . 2004-08-11 06:44 135,168 --a------ C:\WINDOWS\cmuninst.exe

2008-04-27 11:11 . 2004-08-11 06:44 32,768 --a------ C:\WINDOWS\system32\cmnprop.dll

2008-04-27 10:13 . 2008-04-27 10:19 <DIR> d-------- C:\Program Files\Quicken

2008-04-27 10:13 . 2008-04-27 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Intuit

2008-04-27 10:13 . 2008-04-27 10:13 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Intuit

2008-04-27 10:13 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll

2008-04-27 10:13 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll

2008-04-27 10:13 . 2008-04-27 10:19 31 --a------ C:\WINDOWS\QUICKEN.INI

2008-04-27 09:44 . 2008-04-27 09:44 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Uniblue

2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Program Files\creative bias debug

2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\flap bend audio debug

2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\creative bias debug

2008-04-27 09:20 . 2008-04-29 09:08 <DIR> d-------- C:\Program Files\WinZix

2008-04-25 11:37 . 2008-04-25 11:37 267 --a------ C:\WINDOWS\game.ini

2008-04-25 11:17 . 2008-04-25 11:17 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-04-22 21:31 . 2008-04-22 21:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-04-22 21:31 . 2008-04-22 21:31 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-04-22 21:31 . 2008-04-25 19:35 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-04-22 21:31 . 2008-04-25 19:29 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-04-22 21:31 . 2008-04-25 19:35 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-22 21:31 . 2008-04-25 11:38 22,328 --a------ C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys

2008-04-22 20:59 . 2008-04-22 21:12 <DIR> d-------- C:\Tom.Clancys.Rainbow.Six.Vegas.2-RELOADED

2008-04-21 18:55 . 2008-04-21 18:55 <DIR> d-------- C:\Program Files\Haali

2008-04-21 18:47 . 2008-04-21 18:47 <DIR> d-------- C:\Program Files\ffdshow

2008-04-21 18:47 . 2008-01-01 01:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-04-21 18:47 . 2008-04-10 17:50 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-04-21 18:47 . 2008-04-10 17:50 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm

2008-04-21 18:47 . 2008-01-01 01:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-04-18 18:53 . 2006-04-18 14:53 3,548 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys

2008-04-18 18:52 . 2008-04-18 18:52 <DIR> d-------- C:\Program Files\ABIT

2008-04-18 18:52 . 2006-08-29 14:51 3,252,224 --a------ C:\WINDOWS\system32\FlashMenu.exe

2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d-------- C:\WINDOWS\system32\AGEIA

2008-04-17 08:43 . 2008-04-17 08:43 <DIR> d-------- C:\Program Files\AGEIA Technologies

2008-04-14 18:55 . 2008-04-30 09:11 15,115,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-04-14 18:55 . 2008-04-30 08:43 220,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-04-14 18:55 . 2008-04-30 09:11 178,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-04-14 18:55 . 2008-04-07 23:05 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-04-14 18:55 . 2008-04-07 23:05 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-04-14 18:55 . 2008-04-30 08:43 25,916 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-04-14 09:42 . 2008-04-14 09:42 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2008-04-14 09:42 . 2008-04-14 18:54 <DIR> d-------- C:\Program Files\Microsoft FrontPage Express

2008-04-14 09:42 . 2008-04-14 18:54 91 --a------ C:\WINDOWS\fpxpress.ini

2008-04-14 09:41 . 2008-04-14 09:42 <DIR> d-------- C:\Temp\ext50684

2008-04-13 22:57 . 2008-04-13 23:01 <DIR> d-------- C:\Program Files\SmartFPS.com

2008-04-11 22:20 . 2008-04-11 22:22 <DIR> d-------- C:\Program Files\wamp

2008-04-10 19:13 . 2008-04-10 19:13 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-10 19:13 . 2008-04-10 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft

2008-04-09 21:59 . 2008-04-09 22:31 <DIR> d-------- C:\Program Files\nLite

2008-04-08 07:51 . 2008-04-23 19:45 <DIR> d-------- C:\movie

2008-04-07 21:10 . 2008-04-07 21:10 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-04-07 21:10 . 2008-04-07 21:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-04-07 21:10 . 2008-04-07 21:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-04-07 21:10 . 2008-04-14 15:00 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER

2008-04-07 21:10 . 2008-04-07 21:10 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE

2008-04-07 08:58 . 2008-04-07 08:58 <DIR> d-------- C:\WINDOWS\NU_DATA

2008-04-06 14:09 . 2008-04-06 14:09 <DIR> d--h----- C:\WINDOWS\PIF

2008-04-06 13:30 . 2008-02-11 14:42 48,480 --a------ C:\WINDOWS\system32\drivers\SIVX32.sys

2008-04-05 13:09 . 2008-04-05 13:09 <DIR> d-------- C:\Program Files\A4Tech

2008-04-03 21:50 . 2008-04-03 21:50 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-03 00:54 . 2008-04-13 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2008-03-30 20:42 . 2008-03-30 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Locktime

2008-03-30 11:53 . 2008-03-30 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Locktime

2008-03-29 22:38 . 2008-04-14 14:10 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FileZilla

2008-03-29 09:42 . 2008-03-29 09:42 <DIR> d-------- C:\Program Files\DivX

2008-03-28 13:19 . 2008-03-28 13:19 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-03-27 11:37 . 2008-03-27 11:37 <DIR> d-------- C:\Program Files\bPlayer2

2008-03-27 11:34 . 2008-03-27 11:34 <DIR> d-------- C:\Program Files\CDex_150

2008-03-26 18:33 . 2008-04-14 09:41 <DIR> d-------- C:\Temp

2008-03-25 22:51 . 2008-03-25 22:51 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-03-25 22:51 . 2008-04-28 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\skypePM

2008-03-25 22:51 . 2008-03-25 22:51 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-03-25 13:11 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-03-25 13:01 . 2008-03-25 13:12 <DIR> d-------- C:\WINDOWS\nview

2008-03-25 13:01 . 2008-03-25 13:04 140,158 --a------ C:\WINDOWS\system32\nvapps.xml

2008-03-25 13:01 . 2007-12-05 02:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-03-25 12:58 . 2008-03-25 12:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-03-25 12:58 . 2008-03-25 12:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-03-25 12:35 . 2008-03-25 12:35 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application

2008-03-25 12:35 . 2008-03-25 12:35 <DIR> d-------- C:\Program Files\NVIDIA Corporation

2008-03-24 23:33 . 2008-03-24 23:33 <DIR> d-------- C:\Program Files\FileZilla FTP Client

2008-03-24 22:36 . 2008-04-05 21:44 <DIR> d-------- C:\Program Files\MegauploadToolbar

2008-03-24 22:36 . 2008-04-29 21:30 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar

2008-03-24 20:43 . 2008-03-24 20:43 <DIR> d-------- C:\Program Files\Notepad++

2008-03-24 20:43 . 2008-03-24 20:48 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Notepad++

2008-03-24 14:33 . 2004-08-04 00:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2008-03-24 14:33 . 2004-08-04 00:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys

2008-03-23 06:54 . 2008-04-28 08:59 <DIR> d-------- C:\Program Files\NAPI-PROJEKT

2008-03-22 11:40 . 2008-03-22 11:47 <DIR> d-------- C:\Program Files\uTorrent

2008-03-22 11:40 . 2008-04-30 09:10 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent

2008-03-22 11:21 . 2008-04-29 20:14 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-22 09:37 . 2008-03-22 09:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PrevxCSI

2008-03-22 09:06 . 2007-01-17 02:58 36,864 --a------ C:\WINDOWS\system32\Amhooker.dll

2008-03-22 09:06 . 2007-01-16 16:19 13,824 --a------ C:\WINDOWS\system32\drivers\Amusbprt.sys

2008-03-22 09:06 . 2007-01-16 16:26 13,824 --a------ C:\WINDOWS\system32\drivers\Amps2prt.sys

2008-03-22 09:06 . 2007-01-16 15:49 8,704 --a------ C:\WINDOWS\system32\drivers\Amfilter.sys

2008-03-21 20:24 . 2008-03-21 20:26 <DIR> d-------- C:\Program Files\BearShare

2008-03-21 20:24 . 2008-03-21 20:24 <DIR> d-------- C:\My Downloads

2008-03-21 17:47 . 2008-03-25 14:25 <DIR> d-------- C:\Program Files\ATITool

2008-03-21 15:51 . 2008-03-21 15:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-03-21 15:43 . 2000-06-18 15:03 106,544 --a------ C:\WINDOWS\system32\TWEAKUI.CPL

2008-03-21 11:10 . 2008-04-23 08:05 <DIR> d-------- C:\Program Files\fraps

2008-03-21 11:10 . 2008-04-29 20:52 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-03-21 11:08 . 2008-04-22 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

2008-03-21 11:08 . 2008-03-21 11:08 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-30 06:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-04-28 18:44 --------- d-----w C:\Program Files\Winamp

2008-04-27 09:13 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2008-04-27 09:13 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll

2008-04-27 08:13 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-14 16:55 --------- d-----w C:\Program Files\Kaspersky Lab

2008-03-26 17:50 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp

2008-03-20 20:33 --------- d-----w C:\Program Files\microsoft frontpage

2008-03-20 18:31 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-20 07:24 --------- d-----w C:\Program Files\Opera

2008-03-20 06:42 --------- d-----w C:\Program Files\Realtek Sound Manager

2008-03-20 06:42 --------- d-----w C:\Program Files\Realtek AC97

2008-03-20 06:42 --------- d-----w C:\Program Files\AvRack

2008-03-20 06:21 --------- d-----w C:\Program Files\Usługi online

2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll

.

<pre>------w		 6,571,664 2002-07-14 17:08:52  C:\Documents and Settings\Administrator\Pulpit\IN STAL KEY\recovery\Acronis Recovery Expert Deluxe (Partition Recovery)\Acronis Recovery Expert Deluxe  1.0.0.5 .exe</pre>

((((((((((((((((((((((((((((( snapshot_2008-04-29_22.11.55,14 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-29 19:59:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-30 06:46:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-21 17:18 2119104]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-22 11:46 219952]

"BookFace"="C:\DOCUME~1\ADMINI~1\DANEAP~1\CREATI~1\FirstBase.exe" [2008-04-27 09:20 430592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\audio debug boob locks]

--a------ 2008-04-30 08:46 840192 C:\Documents and Settings\All Users\Dane aplikacji\flap bend audio debug\Proxy mode.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

--a------ 2008-02-08 18:36 227856 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Echo Control]

--a------ 2001-12-05 16:47 147456 C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

--a------ 2004-08-11 06:44 1228800 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-04 01:55 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"E:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"E:\\fear\\FEARXP2.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"E:\\Vegas2\\Binaries\\R6Vegas2_Game.exe"=

"E:\\Vegas2\\Binaries\\R6Vegas2_Launcher.exe"=

"E:\\cod4\\iw3mp.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21:TCP"= 21:TCP:andrew

R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 15:24]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2006-04-18 14:53]

S3 RTCore32;RTCore32;D:\testing\rmclock_230_bin_upd1\RTCore32.sys [2005-05-25 11:39]

S3 SIVDRIVER;SIV Kernel Driver;C:\WINDOWS\system32\Drivers\SIVX32.sys [2008-02-11 14:42]

S3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 11:24]

S4 wampapache;wampapache;"C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []

S4 wampmysqld;wampmysqld;"C:\Program Files\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe" wampmysqld []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61e4b9f8-0592-11dd-8d96-000e5cedb805}]

\Shell\AutoRun\command - J:\v.com

\Shell\explore\Command - J:\v.com

\Shell\open\Command - J:\v.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca6704ee-f64c-11dc-bd95-806d6172696f}]

\Shell\AutoRun\command - J:\Autorun.exe root.ini

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]

c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

.

Contents of the 'Scheduled Tasks' folder

"2008-04-30 07:00:00 C:\WINDOWS\Tasks\ADB7D5CC91C049F0.job"

- c:\docume~1\admini~1\daneap~1\creati~1\Skip draw comp.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-30 09:11:59

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-30 9:12:32

ComboFix-quarantined-files.txt 2008-04-30 07:12:30

ComboFix2.txt 2008-04-29 20:12:10

ComboFix3.txt 2008-04-14 06:07:07

ComboFix4.txt 2008-04-05 21:57:51

ComboFix5.txt 2008-03-21 15:37:47

Pre-Run: 10,839,703,552 bajtów wolnych

Post-Run: 10,830,422,016 bajtów wolnych

271

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:08:58, on 2008-04-30

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [bookFace] C:\DOCUME~1\ADMINI~1\DANEAP~1\CREATI~1\FirstBase.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - Silent Runners

"Silent Runners.vbs", revision 56, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"uTorrent" = ""C:\Program Files\uTorrent\uTorrent.exe"" [null data]

"BookFace" = "C:\DOCUME~1\ADMINI~1\DANEAP~1\CREATI~1\FirstBase.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"" ["Kaspersky Lab"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\K-Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"

-> {HKLM...CLSID} = "Statystyki dla ochrony WWW"

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"

-> {HKLM...CLSID} = "Haali Column Provider"

\InProcServer32\(Default) = "C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll" [null data]

"{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page"

-> {HKLM...CLSID} = "Haali Matroska Shell Property Page"

\InProcServer32\(Default) = "C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll" [null data]

"{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Extractor"

-> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor"

\InProcServer32\(Default) = "C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll" [null data]

"{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}" = "WinZixShell extension"

-> {HKLM...CLSID} = "WinZixShell Class"

\InProcServer32\(Default) = "C:\Program Files\WinZix\WinZixManager.dll" [empty string]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"

-> {HKLM...CLSID} = "Haali Column Provider"

\InProcServer32\(Default) = "C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll" [null data]

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]

Notepad++\(Default) = "{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}"

-> {HKLM...CLSID} = "Notepad++"

\InProcServer32\(Default) = "C:\Program Files\Notepad++\nppcm.dll" ["Burgaud.com"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZixManager\(Default) = "{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}"

-> {HKLM...CLSID} = "WinZixShell Class"

\InProcServer32\(Default) = "C:\Program Files\WinZix\WinZixManager.dll" [empty string]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZixManager\(Default) = "{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}"

-> {HKLM...CLSID} = "WinZixShell Class"

\InProcServer32\(Default) = "C:\Program Files\WinZix\WinZixManager.dll" [empty string]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZixManager\(Default) = "{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}"

-> {HKLM...CLSID} = "WinZixShell Class"

\InProcServer32\(Default) = "C:\Program Files\WinZix\WinZixManager.dll" [empty string]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Scheduled Tasks:

------------------------

"ADB7D5CC91C049F0" -> launches: "c:\docume~1\admini~1\daneap~1\creati~1\Skip draw comp.exe" [null data]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" [file not found]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

Miscellaneous IE Hijack Points

------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\

<<H>> "Tabs" = "C:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar\tabwelcome.html" [null data]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

---------- (launch time: 2008-04-30 09:35:03)

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 10 seconds.

---------- (total run time: 34 seconds)

HELP 8O Edytowane 30 Kwietnia 2008 przez XaD_

iamthekacper · 30 Kwietnia 2008

Dzięki oto logsy

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "combofix"

ComboFix 08-04-29.3 - Administrator 2008-04-30 20:06:48.9 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2555 [GMT 2:00]

Running from: C:\Documents and Settings\Administrator\Pulpit\IN STAL KEY\walczace\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))

.

2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

2008-04-30 19:54 . 2008-04-30 19:54 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes

2008-04-30 19:46 . 2008-04-30 19:46 <DIR> d-------- C:\WINDOWS\ERUNT