Dołączam logi, prośba o wgląd. Dzięki z góry.
[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2010-11-03 at 17:48
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 17:57:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
" %windir%\\system32\\sessmgr.exe " = " %windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "
" C:\\Program Files\\Opera\\opera.exe " = " C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser "
" C:\\Documents and Settings\\J?zek\\Moje dokumenty\\GoD\\GoD.exe " = " C:\\Documents and Settings\\J?zek\\Moje dokumenty\\GoD\\GoD.exe:*:Enabled:GoD "
" C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE " = " C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
" C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE " = " C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
" C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE " = " C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
" C:\\Program Files\\uTorrent\\uTorrent.exe " = " C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent "
" C:\\Documents and Settings\\J?zek\\Pulpit\\utorrent.exe " = " C:\\Documents and Settings\\J?zek\\Pulpit\\utorrent.exe:*:Enabled:uTorrent "
" C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe " = " C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare "
" C:\\Program Files\\Vuze\\Azureus.exe " = " C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus / Vuze "
" C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe " = " C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 "
" C:\\Program Files\\eMule\\emule.exe " = " C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
" %windir%\\system32\\sessmgr.exe " = " %windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "
" %windir%\\Network Diagnostic\\xpnetdiag.exe " = " %windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 "
" C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe " = " C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare "
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Sun 12 Mar 2006 10,311,680 ..SH. --- " C:\Program Files\AVIConverter\MENCODER.EXE "
Sat 31 Dec 2005 8,578,048 ..SH. --- " C:\Program Files\AVIConverter\mencoder1.exe "
Wed 27 May 2009 39,936 ...H. --- " C:\Documents and Settings\J?zek\Dane aplikacji\Microsoft\Word\~WRL0005.tmp "
Thu 17 Sep 2009 241,664 ...H. --- " C:\Documents and Settings\J?zek\Dane aplikacji\Microsoft\Word\~WRL0200.tmp "
Tue 2 Jun 2009 27,136 ...H. --- " C:\Documents and Settings\J?zek\Dane aplikacji\Microsoft\Word\~WRL0796.tmp "
Thu 17 Sep 2009 243,712 ...H. --- " C:\Documents and Settings\J?zek\Dane aplikacji\Microsoft\Word\~WRL0895.tmp "
Tue 2 Jun 2009 27,136 ...H. --- " C:\Documents and Settings\J?zek\Dane aplikacji\Microsoft\Word\~WRL1361.tmp "
Thu 17 Sep 2009 241,664 ...H. --- " C:\Documents and Settings\J?zek\Dane aplikacji\Microsoft\Word\~WRL1445.tmp "
Tue 2 Jun 2009 23,552 ...H. --- " C:\Documents and Settings\J?zek\Dane aplikacji\Microsoft\Word\~WRL1455.tmp "
Wed 27 May 2009 73,728 ...H. --- " C:\Documents and Settings\J?zek\Dane aplikacji\Microsoft\Word\~WRL1999.tmp "
Tue 2 Jun 2009 26,112 ...H. --- " C:\Documents and Settings\J?zek\Dane aplikacji\Microsoft\Word\~WRL2291.tmp "
Tue 2 Jun 2009 32,256 ...H. --- " C:\Documents and Settings\J?zek\Dane aplikacji\Microsoft\Word\~WRL2967.tmp "
Tue 2 Jun 2009 29,696 ...H. --- " C:\Documents and Settings\J?zek\Dane aplikacji\Microsoft\Word\~WRL3164.tmp "
Fri 1 Oct 2010 0 A.SH. --- " C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\PlayReady\Cache\indiv01.tmp "
[b]Finished![/b]