Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...

bercik156 · Kwiecień 23, 2008

a nie sory pomyliło mi się z czymś innym

-=MagiK=- · Maj 5, 2008

ComboFix 08-05-01.3 - MagiK 2008-05-05 15:19:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.23 [GMT 2:00]
Running from: C:\Documents and Settings\MagiK\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdkpfxqw.dll
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\qadovnel.dll
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\wxdbpfvo.dll
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 14:33 . 2008-05-05 14:33 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-05 14:33 . 2008-05-05 14:33 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-05 07:35 . 2008-05-05 07:35 <DIR> d-------- C:\Documents and Settings\MagiK\Dane aplikacji\Sunbelt Software
2008-05-05 07:35 . 2008-05-05 07:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sunbelt Software
2008-05-05 07:34 . 2008-05-05 07:34 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-05-04 20:31 . 2008-05-04 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\uzkvsbax
2008-05-04 20:31 . 2008-04-30 18:19 258,048 --a------ C:\WINDOWS\gndarmblsnv.dll
2008-05-04 20:31 . 2008-05-04 20:31 106,496 --a------ C:\WINDOWS\system32\algfspgh.exe
2008-05-04 20:15 . 2008-05-04 20:15 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-04 20:10 . 2008-05-04 20:10 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-04 19:59 . 2008-05-04 20:13 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-04 19:55 . 2008-05-04 19:55 <DIR> dr-h----- C:\MSOCache
2008-05-04 18:29 . 2008-05-04 18:29 <DIR> d-------- C:\Documents and Settings\MagiK\Dane aplikacji\Bullzip
2008-05-04 18:22 . 2008-04-02 08:13 147,456 --a------ C:\WINDOWS\system32\bzpdfc.dll
2008-05-04 18:21 . 2008-05-04 18:21 <DIR> d-------- C:\Program Files\Bullzip
2008-05-04 18:21 . 2008-03-29 17:38 187,392 --a------ C:\WINDOWS\system32\bzpdf.dll
2008-05-04 13:29 . 2008-05-04 13:29 347 --a------ C:\WINDOWS\pdf2word.INI
2008-05-04 12:37 . 2008-05-04 18:05 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-03 22:40 . 2008-05-04 09:35 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-02 12:37 . 2008-05-02 12:37 <DIR> d-------- C:\Program Files\Illustrate
2008-05-02 12:37 . 2008-05-02 12:37 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-02 12:37 . 2008-05-02 12:36 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-05-02 12:37 . 2008-05-02 12:37 20,898 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-05-01 13:50 . 2008-05-01 13:50 <DIR> d-------- C:\Documents and Settings\MagiK\Dane aplikacji\NCH Swift Sound
2008-05-01 13:50 . 2008-05-01 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound
2008-05-01 13:48 . 2008-05-01 13:50 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-05-01 12:54 . 2008-05-01 12:56 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-01 12:54 . 2008-05-03 09:49 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-01 12:27 . 2008-05-01 12:27 0 -ra------ C:\logwmemory.bin
2008-05-01 12:24 . 2008-05-01 12:24 <DIR> d-------- C:\Documents and Settings\MagiK\Dane aplikacji\Soldat
2008-05-01 12:09 . 2008-05-01 12:09 <DIR> d-------- C:\Program Files\Mplayer
2008-05-01 12:08 . 1999-10-09 17:30 305,152 --a------ C:\WINDOWS\IsUninst.exe
2008-05-01 12:08 . 2008-05-01 12:10 525 --a------ C:\WINDOWS\QIII.INI
2008-04-29 18:27 . 2008-04-29 18:27 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-29 18:27 . 2008-04-29 18:27 <DIR> d-------- C:\Program Files\Ahead
2008-04-29 18:27 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-04-29 18:27 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-04-29 18:27 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-04-29 18:27 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-04-29 18:27 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-04-29 18:27 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-29 18:27 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-29 18:27 . 2008-04-29 18:27 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-27 17:32 . 2008-04-27 17:32 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-04-27 17:25 . 2008-04-27 17:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 15:28 . 2008-04-27 15:28 <DIR> d-------- C:\WINDOWS\Cache
2008-04-26 00:03 . 2008-04-26 00:03 <DIR> d-------- C:\Program Files\Movie Maker 2.6
2008-04-24 21:18 . 2008-04-24 21:18 <DIR> d-------- C:\# AMX
2008-04-24 21:16 . 2008-04-24 21:16 <DIR> d-------- C:\# MUZA
2008-04-24 17:16 . 2008-04-24 17:16 <DIR> d-------- C:\Program Files\ASQ
2008-04-24 16:43 . 2004-01-08 11:38 208,896 --a------ C:\Program Files\Common Files\lame_enc.dll
2008-04-19 08:46 . 2008-04-19 08:49 <DIR> d-------- C:\Program Files\Interplay
2008-04-18 21:37 . 2008-05-04 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-16 18:52 . 2008-04-16 18:52 <DIR> d-------- C:\WINDOWS\Pulpit
2008-04-16 18:48 . 2008-05-04 18:08 <DIR> d-------- C:\Program Files\Valve Hammer Editor
2008-04-13 13:52 . 2008-04-24 19:16 <DIR> d-------- C:\Program Files\Kopia CS
2008-04-09 21:24 . 2008-04-09 21:24 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-04-08 16:04 . 2008-04-08 16:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-07 14:34 . 2008-04-08 18:39 <DIR> d-------- C:\Program Files\Asprate
2008-04-07 13:09 . 2008-04-07 13:09 <DIR> d-------- C:\Program Files\JEJE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 13:25 9,072,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-05 13:24 355,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-05 13:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-04 20:45 33,932 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-04 20:45 121,364 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-04 16:54 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\uTorrent
2008-05-04 16:12 --------- d-----w C:\Program Files\ElcomSoft
2008-05-04 15:40 --------- d-----w C:\Program Files\AIMP2
2008-05-03 16:28 --------- d-----w C:\Program Files\Steam
2008-05-02 15:46 --------- d-----w C:\Program Files\Valve
2008-04-19 12:00 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-19 12:00 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-19 06:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 19:36 --------- d-----w C:\Program Files\IrfanView
2008-04-08 17:44 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-04 19:52 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
2008-04-02 16:52 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\Tibia
2008-04-02 16:50 --------- d-----w C:\Program Files\Kovloria
2008-03-31 20:23 --------- d-----w C:\Program Files\Audacity
2008-03-30 15:31 --------- d-----w C:\Program Files\CDA Converter Plus
2008-03-30 09:14 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\Media Player Classic
2008-03-30 09:11 --------- d-----w C:\Program Files\Real Alternative
2008-03-28 16:55 --------- d-----w C:\Program Files\GoD
2008-03-24 18:19 --------- d-----w C:\Program Files\HyCam2
2008-03-21 19:45 --------- d-----w C:\Program Files\sXe Injected
2008-03-16 20:38 --------- d-----w C:\Program Files\Java
2008-03-16 20:30 --------- d-----w C:\Program Files\Common Files\Java
2008-03-16 19:24 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-14 18:47 --------- d-----w C:\Program Files\abrViewer.NET
2008-03-14 15:07 --------- d-----w C:\Program Files\MSBuild
2008-03-14 14:49 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-14 07:56 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2008-03-14 07:55 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-03-14 07:55 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-03-14 07:54 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2008-03-14 07:54 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-03-14 07:54 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-03-14 07:53 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2008-03-14 07:53 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv
2008-03-14 07:53 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2008-03-14 07:52 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-03-14 07:52 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-14 07:47 --------- d-----w C:\Program Files\MarBit
2008-03-14 07:45 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\BESTplayer
2008-03-13 21:45 --------- d-----w C:\Program Files\uTorrent
2008-03-13 21:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-13 21:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-03-13 21:34 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-13 18:38 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\Teleca
2008-03-13 18:32 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-13 18:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-03-13 18:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-03-13 18:31 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-13 18:26 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm.sys
2008-03-13 18:26 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-03-13 18:26 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex.sys
2008-03-13 18:26 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-03-13 18:26 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-03-13 18:26 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-03-13 18:26 55,216 ----a-w C:\WINDOWS\system32\drivers\k750bus.sys
2008-03-13 18:26 5,744 ----a-w C:\WINDOWS\system32\drivers\k750whnt.sys
2008-03-13 18:26 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-03-13 18:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-13 18:08 --------- d-----w C:\Program Files\Win Rar
2008-03-13 17:47 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\Gadu-Gadu
2008-03-13 16:11 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-13 16:06 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C3169036-557E-45E1-840F-C845DC406C55}"= "C:\WINDOWS\wxdbpfvo.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{c3169036-557e-45e1-840f-c845dc406c55}]
[HKEY_CLASSES_ROOT\wxdbpfvo.1]
[HKEY_CLASSES_ROOT\TypeLib\{D95C697F-D985-4AB1-92B5-40DF04BBE322}]
[HKEY_CLASSES_ROOT\wxdbpfvo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2002-11-18 15:15 315392 C:\WINDOWS\system32\nwiz.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 13:51 218376]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R3 ctlsb16;Sterownik Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 22:19]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\instaluj.exe

*Newly Created Service* - SBCSSVC
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 15:24:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-05 15:29:10
ComboFix-quarantined-files.txt 2008-05-05 13:28:57

Pre-Run: 43,347,038,208 bajtów wolnych
Post-Run: 43,336,904,704 bajtów wolnych

237

/\ Combofix
\/ Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:16, on 2008-05-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: wxdbpfvo - {C3169036-557E-45E1-840F-C845DC406C55} - C:\WINDOWS\wxdbpfvo.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security Home Edition 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

--
End of file - 3378 bytes

Alliata · Maj 5, 2008

Fix :

C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdkpfxqw.dll
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\qadovnel.dll
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\wxdbpfvo.dll
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
C:\WINDOWS\system32\SBRC.dat
C:\WINDOWS\system32\SBFC.dat
C:\WINDOWS\system32\algfspgh.exe
C:\WINDOWS\system32\bzpdfc.dll
C:\WINDOWS\IsUninst.exe

-=MagiK=- · Maj 5, 2008

Combo Fix
ComboFix 08-05-01.3 - MagiK 2008-05-05 22:40:11.4 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\MagiK\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\MagiK\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 14:33 . 2008-05-05 14:33 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-05 14:33 . 2008-05-05 14:33 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-05 07:35 . 2008-05-05 07:35 <DIR> d-------- C:\Documents and Settings\MagiK\Dane aplikacji\Sunbelt Software
2008-05-05 07:35 . 2008-05-05 07:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sunbelt Software
2008-05-05 07:34 . 2008-05-05 07:34 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-05-04 20:31 . 2008-05-04 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\uzkvsbax
2008-05-04 20:31 . 2008-04-30 18:19 258,048 --a------ C:\WINDOWS\gndarmblsnv.dll
2008-05-04 20:31 . 2008-05-04 20:31 106,496 --a------ C:\WINDOWS\system32\algfspgh.exe
2008-05-04 20:15 . 2008-05-04 20:15 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-04 20:10 . 2008-05-04 20:10 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-04 19:59 . 2008-05-04 20:13 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-04 19:55 . 2008-05-04 19:55 <DIR> dr-h----- C:\MSOCache
2008-05-04 18:29 . 2008-05-04 18:29 <DIR> d-------- C:\Documents and Settings\MagiK\Dane aplikacji\Bullzip
2008-05-04 18:22 . 2008-04-02 08:13 147,456 --a------ C:\WINDOWS\system32\bzpdfc.dll
2008-05-04 18:21 . 2008-05-04 18:21 <DIR> d-------- C:\Program Files\Bullzip
2008-05-04 18:21 . 2008-03-29 17:38 187,392 --a------ C:\WINDOWS\system32\bzpdf.dll
2008-05-04 13:29 . 2008-05-04 13:29 347 --a------ C:\WINDOWS\pdf2word.INI
2008-05-04 12:37 . 2008-05-04 18:05 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-05-03 22:40 . 2008-05-04 09:35 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-02 12:37 . 2008-05-02 12:37 <DIR> d-------- C:\Program Files\Illustrate
2008-05-02 12:37 . 2008-05-02 12:37 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-02 12:37 . 2008-05-02 12:36 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-05-02 12:37 . 2008-05-02 12:37 20,898 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-05-01 13:50 . 2008-05-01 13:50 <DIR> d-------- C:\Documents and Settings\MagiK\Dane aplikacji\NCH Swift Sound
2008-05-01 13:50 . 2008-05-01 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound
2008-05-01 13:48 . 2008-05-01 13:50 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-05-01 12:54 . 2008-05-01 12:56 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-01 12:54 . 2008-05-03 09:49 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-01 12:27 . 2008-05-01 12:27 0 -ra------ C:\logwmemory.bin
2008-05-01 12:24 . 2008-05-01 12:24 <DIR> d-------- C:\Documents and Settings\MagiK\Dane aplikacji\Soldat
2008-05-01 12:09 . 2008-05-01 12:09 <DIR> d-------- C:\Program Files\Mplayer
2008-05-01 12:08 . 1999-10-09 17:30 305,152 --a------ C:\WINDOWS\IsUninst.exe
2008-05-01 12:08 . 2008-05-01 12:10 525 --a------ C:\WINDOWS\QIII.INI
2008-04-29 18:27 . 2008-04-29 18:27 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-29 18:27 . 2008-04-29 18:27 <DIR> d-------- C:\Program Files\Ahead
2008-04-29 18:27 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-04-29 18:27 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-04-29 18:27 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-04-29 18:27 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-04-29 18:27 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-04-29 18:27 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-29 18:27 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-29 18:27 . 2008-04-29 18:27 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-27 17:32 . 2008-04-27 17:32 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-04-27 17:25 . 2008-04-27 17:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 15:28 . 2008-04-27 15:28 <DIR> d-------- C:\WINDOWS\Cache
2008-04-26 00:03 . 2008-04-26 00:03 <DIR> d-------- C:\Program Files\Movie Maker 2.6
2008-04-24 21:18 . 2008-04-24 21:18 <DIR> d-------- C:\# AMX
2008-04-24 21:16 . 2008-04-24 21:16 <DIR> d-------- C:\# MUZA
2008-04-24 17:16 . 2008-04-24 17:16 <DIR> d-------- C:\Program Files\ASQ
2008-04-24 16:43 . 2004-01-08 11:38 208,896 --a------ C:\Program Files\Common Files\lame_enc.dll
2008-04-19 08:46 . 2008-04-19 08:49 <DIR> d-------- C:\Program Files\Interplay
2008-04-18 21:37 . 2008-05-04 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-16 18:52 . 2008-04-16 18:52 <DIR> d-------- C:\WINDOWS\Pulpit
2008-04-16 18:48 . 2008-05-04 18:08 <DIR> d-------- C:\Program Files\Valve Hammer Editor
2008-04-13 13:52 . 2008-04-24 19:16 <DIR> d-------- C:\Program Files\Kopia CS
2008-04-09 21:24 . 2008-04-09 21:24 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-04-08 16:04 . 2008-04-08 16:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-07 14:34 . 2008-04-08 18:39 <DIR> d-------- C:\Program Files\Asprate
2008-04-07 13:09 . 2008-04-07 13:09 <DIR> d-------- C:\Program Files\JEJE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 20:32 9,130,272 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-05 20:29 357,664 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-05 20:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-05 19:59 --------- d-----w C:\Program Files\AIMP2
2008-05-05 13:54 34,460 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-05 13:54 122,708 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-04 16:54 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\uTorrent
2008-05-04 16:12 --------- d-----w C:\Program Files\ElcomSoft
2008-05-03 16:28 --------- d-----w C:\Program Files\Steam
2008-05-02 15:46 --------- d-----w C:\Program Files\Valve
2008-04-19 12:00 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-19 12:00 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-19 06:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 19:36 --------- d-----w C:\Program Files\IrfanView
2008-04-08 17:44 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-04 19:52 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
2008-04-02 16:52 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\Tibia
2008-04-02 16:50 --------- d-----w C:\Program Files\Kovloria
2008-03-31 20:23 --------- d-----w C:\Program Files\Audacity
2008-03-30 15:31 --------- d-----w C:\Program Files\CDA Converter Plus
2008-03-30 09:14 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\Media Player Classic
2008-03-30 09:11 --------- d-----w C:\Program Files\Real Alternative
2008-03-28 16:55 --------- d-----w C:\Program Files\GoD
2008-03-24 18:19 --------- d-----w C:\Program Files\HyCam2
2008-03-21 19:45 --------- d-----w C:\Program Files\sXe Injected
2008-03-16 20:38 --------- d-----w C:\Program Files\Java
2008-03-16 20:30 --------- d-----w C:\Program Files\Common Files\Java
2008-03-16 19:24 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-14 18:47 --------- d-----w C:\Program Files\abrViewer.NET
2008-03-14 15:07 --------- d-----w C:\Program Files\MSBuild
2008-03-14 14:49 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-14 07:56 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2008-03-14 07:55 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-03-14 07:55 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-03-14 07:54 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2008-03-14 07:54 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-03-14 07:54 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-03-14 07:53 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2008-03-14 07:53 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv
2008-03-14 07:53 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2008-03-14 07:52 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-03-14 07:52 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-14 07:47 --------- d-----w C:\Program Files\MarBit
2008-03-14 07:45 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\BESTplayer
2008-03-13 21:45 --------- d-----w C:\Program Files\uTorrent
2008-03-13 21:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-13 21:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-03-13 21:34 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-13 18:38 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\Teleca
2008-03-13 18:32 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-13 18:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-03-13 18:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-03-13 18:31 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-13 18:26 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm.sys
2008-03-13 18:26 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-03-13 18:26 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex.sys
2008-03-13 18:26 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-03-13 18:26 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-03-13 18:26 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-03-13 18:26 55,216 ----a-w C:\WINDOWS\system32\drivers\k750bus.sys
2008-03-13 18:26 5,744 ----a-w C:\WINDOWS\system32\drivers\k750whnt.sys
2008-03-13 18:26 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-03-13 18:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-13 18:08 --------- d-----w C:\Program Files\Win Rar
2008-03-13 17:47 --------- d-----w C:\Documents and Settings\MagiK\Dane aplikacji\Gadu-Gadu
2008-03-13 16:11 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-13 16:06 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((( snapshot@2008-05-05_15.26.34.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 05:26:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-05 20:37:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C3169036-557E-45E1-840F-C845DC406C55}"= "C:\WINDOWS\wxdbpfvo.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{c3169036-557e-45e1-840f-c845dc406c55}]
[HKEY_CLASSES_ROOT\wxdbpfvo.1]
[HKEY_CLASSES_ROOT\TypeLib\{D95C697F-D985-4AB1-92B5-40DF04BBE322}]
[HKEY_CLASSES_ROOT\wxdbpfvo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2002-11-18 15:15 315392 C:\WINDOWS\system32\nwiz.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 13:51 218376]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

S3 ctlsb16;Sterownik Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 22:19]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\instaluj.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 22:43:48
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-05 22:46:15
ComboFix-quarantined-files.txt 2008-05-05 20:46:09
ComboFix2.txt 2008-05-05 13:29:17

Pre-Run: 43,471,376,384 bajtów wolnych
Post-Run: 43,461,255,168 bajtów wolnych

205

SDFIX

SDFix: Version 1.179
Run by MagiK on 2008-05-05 at 22:53

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\DOCUME~1\MagiK\Pulpit\SDFIX\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\gndarmblsnv.dll - Deleted
C:\WINDOWS\system32\msvchost.exe - Deleted
C:\WINDOWS\system32\winsystem.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 23:09:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g?˘wny"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\DOCUME~1\MagiK\Pulpit\SDFIX\SDFix\backups\backups.zip

Files with Hidden Attributes :

Finished!

Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49:27, on 2008-05-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security Home Edition 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

--
End of file - 3474 bytes

areq32 · Maj 8, 2008

Kod:

Logfile of HijackThis v1.99.1
 Scan saved at 22:31:05, on 2008-05-08
 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.5730.0013)
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\WINDOWS\system32\IoctlSvc.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\RTHDCPL.EXE
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Konnekt\konnekt.exe
 C:\Program Files\foobar2000\foobar2000.exe
 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Documents and Settings\All Users\Dane aplikacji\xenwridc\xylchopq.exe
 C:\Program Files\HijackThis\HijackThis.exe
 
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://go.microsoft.com/fwlink/?LinkId=74005[/url]
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
 O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O11 - Options group: [INTERNATIONAL] International*
 O11 - Options group: [TABS] Tabbed Browsing
 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
 O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
 O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
 O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

Podejrzewam że mam trojana...

Chodzi mi głownie o plik

Kod:

C:\Documents and Settings\All Users\Dane aplikacji\xenwridc\xylchopq.exe

Można od razu napisać jak go usunąć przez ComboFix??

Dorzucam LOG z ComboFIX:
ComboFix 08-05-07.2 - Administrator 2008-05-08 22:36:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.618 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdkpfxqw.dll
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\qadovnel.dll
C:\WINDOWS\spwoqbmv.exe
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\xbaqktfv.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-04 12:13 . 2008-05-04 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\xenwridc
2008-05-04 12:13 . 2008-05-04 12:13 4,096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-05-03 23:40 . 2008-05-03 23:40 <DIR> d-------- C:\Program Files\Total Video Converter
2008-05-03 23:40 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-05-03 18:28 . 2008-05-05 21:41 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Dev-Cpp
2008-05-03 18:28 . 2008-05-03 18:28 <DIR> d-------- C:\Dev-Cpp
2008-05-02 21:21 . 2008-05-02 21:21 <DIR> d-------- C:\Program Files\uTorrent
2008-05-02 21:21 . 2008-05-07 22:56 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-05-02 16:31 . 2008-05-03 18:57 316 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-01 19:14 . 2008-04-14 00:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-01 12:26 . 2008-05-01 12:26 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic
2008-05-01 12:26 . 2008-05-08 17:26 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-01 09:58 . 2008-05-01 09:58 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2008-05-01 09:58 . 2008-05-01 09:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-01 09:57 . 2008-04-14 00:02 196,224 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008-05-01 09:57 . 2008-04-15 00:50 187,904 --a--c--- C:\WINDOWS\system32\dllcache\cmprops.dll
2008-05-01 09:57 . 2008-04-15 00:50 187,904 --a------ C:\WINDOWS\system32\cmprops.dll
2008-05-01 09:57 . 2008-04-15 00:50 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2008-05-01 09:57 . 2008-04-15 00:50 58,880 --a--c--- C:\WINDOWS\system32\dllcache\licwmi.dll
2008-05-01 09:57 . 2008-04-14 22:52 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-05-01 09:57 . 2008-04-15 00:50 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2008-05-01 09:57 . 2008-04-15 00:50 17,920 --a--c--- C:\WINDOWS\system32\dllcache\mmfutil.dll
2008-04-25 16:09 . 2008-04-25 16:09 1,571,840 --a------ C:\WINDOWS\system32\sfcfiles.dll
2008-04-25 16:09 . 2008-04-25 16:09 999,936 --a------ C:\WINDOWS\system32\syssetup.dll
2008-04-25 16:07 . 2008-04-25 16:07 2,603,008 --a------ C:\WINDOWS\system32\wpdshext.dll
2008-04-15 01:16 . 2008-04-15 01:16 1,804 --a------ C:\WINDOWS\system32\Dcache.bin
2008-04-15 00:56 . 2008-04-15 00:56 332,288 --a------ C:\WINDOWS\system32\netsetup.exe
2008-04-15 00:56 . 2008-04-15 00:56 332,288 --a--c--- C:\WINDOWS\system32\dllcache\netsetup.exe
2008-04-15 00:55 . 2008-04-15 00:55 1,202,774 --a--c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-15 00:55 . 2008-04-15 00:55 785,972 --a--c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-15 00:55 . 2008-04-15 00:55 204,396 --a--c--- C:\WINDOWS\system32\dllcache\msimain.sdb
2008-04-15 00:55 . 2008-04-15 00:55 85,628 --a--c--- C:\WINDOWS\system32\dllcache\apps.chm
2008-04-15 00:55 . 2008-04-15 00:55 9,424 --a--c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-04-15 00:54 . 2008-04-15 00:54 237,870 --a--c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-15 00:52 . 2008-04-15 00:52 4,190,352 --a--c--- C:\WINDOWS\system32\dllcache\luna.mst
2008-04-15 00:52 . 2008-04-15 00:52 299,520 --a------ C:\WINDOWS\system32\drmclien.dll
2008-04-15 00:52 . 2008-04-15 00:52 299,520 --a--c--- C:\WINDOWS\system32\dllcache\drmclien.dll
2008-04-15 00:52 . 2008-04-15 00:52 92,424 --a------ C:\WINDOWS\system32\rdpdd.dll
2008-04-15 00:52 . 2008-04-15 00:52 92,424 --a--c--- C:\WINDOWS\system32\dllcache\rdpdd.dll
2008-04-15 00:52 . 2008-04-15 00:52 12,168 --a------ C:\WINDOWS\system32\tsddd.dll
2008-04-15 00:52 . 2008-04-15 00:52 12,168 --a--c--- C:\WINDOWS\system32\dllcache\tsddd.dll
2008-04-15 00:49 . 2008-04-15 00:49 1,852,928 --a--c--- C:\WINDOWS\system32\dllcache\acgenral.dll
2008-04-15 00:48 . 2008-04-15 00:48 1,449,472 --a------ C:\WINDOWS\system32\winntbbu.dll
2008-04-15 00:48 . 2008-04-15 00:48 1,449,472 --a--c--- C:\WINDOWS\system32\dllcache\winntbbu.dll
2008-04-15 00:48 . 2008-04-15 00:48 219,648 --a------ C:\WINDOWS\system32\sysmon.ocx
2008-04-15 00:48 . 2008-04-15 00:48 219,648 --a--c--- C:\WINDOWS\system32\dllcache\sysmon.ocx
2008-04-15 00:48 . 2008-04-15 00:48 5,632 --a------ C:\WINDOWS\system32\wmi.dll
2008-04-15 00:48 . 2008-04-15 00:48 5,632 --a--c--- C:\WINDOWS\system32\dllcache\wmi.dll
2008-04-15 00:47 . 2008-04-15 00:47 103,424 --a------ C:\WINDOWS\system32\dpcdll.dll
2008-04-15 00:47 . 2008-04-15 00:47 103,424 --a--c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-04-15 00:47 . 2008-04-15 00:47 86,016 --a------ C:\WINDOWS\system32\sl_anet.acm
2008-04-15 00:47 . 2008-04-15 00:47 81,920 --a------ C:\WINDOWS\system32\proctexe.ocx
2008-04-15 00:47 . 2008-04-15 00:47 81,920 --a--c--- C:\WINDOWS\system32\dllcache\proctexe.ocx
2008-04-15 00:47 . 2008-04-15 00:47 57,375 --a------ C:\WINDOWS\system32\odbcji32.dll
2008-04-15 00:47 . 2008-04-15 00:47 57,375 --a--c--- C:\WINDOWS\system32\dllcache\odbcji32.dll
2008-04-15 00:46 . 2008-04-15 00:46 110,592 --a------ C:\WINDOWS\system32\msscript.ocx
2008-04-15 00:46 . 2008-04-15 00:46 110,592 --a--c--- C:\WINDOWS\system32\dllcache\msscript.ocx
2008-04-15 00:43 . 2008-04-15 00:43 847,386 --a------ C:\WINDOWS\system32\msdxm.ocx
2008-04-15 00:43 . 2008-04-15 00:43 847,386 --a--c--- C:\WINDOWS\system32\dllcache\msdxm.ocx
2008-04-15 00:43 . 2008-04-15 00:43 177,152 --a------ C:\WINDOWS\system32\MSCTFIME.IME
2008-04-15 00:43 . 2008-04-15 00:43 177,152 --a--c--- C:\WINDOWS\system32\dllcache\msctfime.ime
2008-04-15 00:43 . 2008-04-15 00:43 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2008-04-15 00:43 . 2008-04-15 00:43 4,126 --a--c--- C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-15 00:42 . 2008-04-15 00:42 294,912 --a------ C:\WINDOWS\system32\msaud32.acm
2008-04-15 00:42 . 2008-04-15 00:42 14,848 --a------ C:\WINDOWS\system32\msadp32.acm
2008-04-15 00:42 . 2008-04-15 00:42 3,584 --a------ C:\WINDOWS\system32\msafd.dll
2008-04-15 00:42 . 2008-04-15 00:42 3,584 --a--c--- C:\WINDOWS\system32\dllcache\msafd.dll
2008-04-15 00:40 . 2008-04-15 00:40 290,816 --a------ C:\WINDOWS\system32\l3codeca.acm
2008-04-15 00:36 . 2008-04-15 00:36 16,384 --a------ C:\WINDOWS\system32\imaadp32.acm
2008-04-15 00:36 . 2008-04-15 00:36 3,584 --a------ C:\WINDOWS\system32\icmp.dll
2008-04-15 00:36 . 2008-04-15 00:36 3,584 --a--c--- C:\WINDOWS\system32\dllcache\icmp.dll
2008-04-15 00:35 . 2008-04-15 00:35 569,856 --a------ C:\WINDOWS\system32\gpedit.dll
2008-04-15 00:35 . 2008-04-15 00:35 569,856 --a--c--- C:\WINDOWS\system32\dllcache\gpedit.dll
2008-04-15 00:35 . 2008-04-15 00:35 545,280 --a------ C:\WINDOWS\system32\hhctrl.ocx
2008-04-15 00:35 . 2008-04-15 00:35 545,280 --a--c--- C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-04-15 00:35 . 2008-04-15 00:35 9,344 --a------ C:\WINDOWS\system32\framebuf.dll
2008-04-15 00:35 . 2008-04-15 00:35 9,344 --a--c--- C:\WINDOWS\system32\dllcache\framebuf.dll
2008-04-15 00:33 . 2008-04-15 00:33 24,064 --a------ C:\WINDOWS\system32\pidgen.dll
2008-04-15 00:33 . 2008-04-15 00:33 24,064 --a--c--- C:\WINDOWS\system32\dllcache\pidgen.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a--c--- C:\WINDOWS\system32\dllcache\dpnlobby.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a--c--- C:\WINDOWS\system32\dllcache\dpnaddr.dll
2008-04-15 00:32 . 2008-04-15 00:32 153,088 --a--c--- C:\WINDOWS\system32\dllcache\daxctle.ocx
2008-04-15 00:32 . 2008-04-15 00:32 153,088 --a------ C:\WINDOWS\system32\daxctle.ocx
2008-04-15 00:31 . 2008-04-15 00:31 16,896 --a--c--- C:\WINDOWS\system32\dllcache\cfgmgr32.dll
2008-04-15 00:31 . 2008-04-15 00:31 16,896 --a------ C:\WINDOWS\system32\cfgmgr32.dll
2008-04-15 00:30 . 2008-04-15 00:30 285,696 --a--c--- C:\WINDOWS\system32\dllcache\atmfd.dll
2008-04-15 00:30 . 2008-04-15 00:30 285,696 --a------ C:\WINDOWS\system32\atmfd.dll
2008-04-15 00:29 . 2008-04-15 00:29 115,200 --a--c--- C:\WINDOWS\system32\dllcache\asctrls.ocx
2008-04-15 00:29 . 2008-04-15 00:29 115,200 --a------ C:\WINDOWS\system32\asctrls.ocx
2008-04-15 00:05 . 2008-04-15 00:05 144,776 --a--c--- C:\WINDOWS\system32\dllcache\archvapp.inf
2008-04-15 00:05 . 2008-04-15 00:05 1,950 --a------ C:\WINDOWS\system32\pid.inf
2008-04-15 00:05 . 2008-04-15 00:05 1,950 --a--c--- C:\WINDOWS\system32\dllcache\pid.inf
2008-04-15 00:03 . 2008-04-15 00:03 120,320 --a------ C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-15 00:03 . 2008-04-15 01:09 80,256 --a------ C:\WINDOWS\system32\drivers\parport.sys
2008-04-15 00:03 . 2008-04-15 00:03 68,608 --a------ C:\WINDOWS\system32\drivers\pci.sys
2008-04-15 00:03 . 2008-04-15 01:09 46,848 --a------ C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 23:59 . 2008-04-14 23:59 2,146,816 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 23:59 . 2008-04-15 01:09 2,025,472 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 23:55 . 2008-04-14 23:55 4,096 --a------ C:\WINDOWS\system32\dsprpres.dll
2008-04-14 23:55 . 2008-04-14 23:55 4,096 --a--c--- C:\WINDOWS\system32\dllcache\dsprpres.dll
2008-04-14 23:52 . 2008-04-14 23:52 800,000 --a------ C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 23:52 . 2008-04-14 23:52 800,000 --a--c--- C:\WINDOWS\system32\dllcache\dmboot.sys
2008-04-14 23:52 . 2008-04-14 23:52 153,856 --a------ C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 23:52 . 2008-04-14 23:52 153,856 --a--c--- C:\WINDOWS\system32\dllcache\dmio.sys
2008-04-14 23:52 . 2008-04-14 23:52 89,600 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-04-14 23:52 . 2008-04-14 23:52 89,600 --a--c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 23:50 . 2008-04-14 23:50 80,896 --a------ C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 23:50 . 2008-04-14 23:50 80,896 --a--c--- C:\WINDOWS\system32\dllcache\msshamsg.dll
2008-04-14 23:50 . 2008-04-14 23:50 24,960 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 23:48 . 2008-04-14 23:48 37,632 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 23:47 . 2008-04-15 01:09 40,832 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 23:46 . 2008-04-14 23:46 40,448 --a------ C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 23:43 . 2008-04-14 23:43 563,200 --a------ C:\WINDOWS\system32\shdoclc.dll
2008-04-14 23:43 . 2008-04-14 23:43 563,200 --a--c--- C:\WINDOWS\system32\dllcache\shdoclc.dll
2008-04-14 23:41 . 2008-04-14 23:41 65,280 --a------ C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 23:41 . 2008-04-14 23:41 53,248 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 23:37 . 2008-04-14 23:37 10,240 --a------ C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 23:37 . 2008-04-14 23:37 10,240 --a--c--- C:\WINDOWS\system32\dllcache\gpkrsrc.dll
2008-04-14 23:35 . 2008-04-14 23:35 1,845,888 --a------ C:\WINDOWS\system32\win32k.sys
2008-04-14 23:35 . 2008-04-14 23:35 1,845,888 --a--c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-04-14 23:35 . 2008-04-14 23:35 67,584 --a--c--- C:\WINDOWS\system32\dllcache\browselc.dll
2008-04-14 23:35 . 2008-04-14 23:35 67,584 --a------ C:\WINDOWS\system32\browselc.dll
2008-04-14 23:33 . 2008-04-14 23:33 44,672 --a------ C:\WINDOWS\system32\drivers\fips.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 15:38 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\foobar2000
2008-05-02 17:04 --------- d-----w C:\Program Files\Konnekt
2008-05-01 09:16 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-01 08:59 --------- d-----w C:\Program Files\GoldWave
2008-05-01 08:56 --------- d-----w C:\Program Files\Skype
2008-05-01 08:51 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-01 08:51 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Nero
2008-05-01 08:50 --------- d-----w C:\Program Files\Nero
2008-05-01 08:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-05-01 08:46 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-01 08:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-05-01 08:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-01 08:44 --------- d-----w C:\Program Files\IrfanView
2008-05-01 08:41 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\ATI
2008-05-01 08:38 --------- d-----w C:\Program Files\ATI Technologies
2008-05-01 08:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 08:37 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-05-01 08:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 08:31 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-05-01 08:29 --------- d-----w C:\Program Files\Realtek
2008-05-01 08:25 --------- d-----w C:\Program Files\Microsoft Works
2008-05-01 08:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-05-01 08:24 --------- d-----w C:\Program Files\MSBuild
2008-05-01 08:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\stamina
2008-05-01 08:19 --------- d-----w C:\Program Files\foobar2000
2008-05-01 08:17 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-01 08:17 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools
2008-05-01 08:16 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Talkback
2008-05-01 08:14 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-01 08:14 --------- d-----w C:\Program Files\Corel
2008-05-01 08:14 --------- d-----w C:\Program Files\Common Files\Corel
2008-05-01 08:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-05-01 08:14 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Corel
2008-05-01 08:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-01 08:00 --------- d-----w C:\Program Files\Usługi online
2008-04-25 14:07 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
2008-04-15 01:04 1,246,357 ----a-r C:\WINDOWS\SET3.tmp
2008-04-15 00:56 16,825 ----a-r C:\WINDOWS\SET8.tmp
2008-04-15 00:56 1,088,840 ----a-r C:\WINDOWS\SET4.tmp
2008-04-14 22:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 22:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 22:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 22:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 22:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 22:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 22:39 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll
2008-04-14 22:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 21:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 21:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 20:51 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
2008-04-14 20:51 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
2008-04-14 20:50 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
2008-04-14 00:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 00:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 00:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 00:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 00:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 00:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 00:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 00:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 00:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 00:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 00:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 00:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 00:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 00:15 59,520 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-14 00:15 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-04-14 00:15 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-04-14 00:15 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
2008-04-14 00:15 20,608 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
2008-04-14 00:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-14 00:15 143,872 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
2008-04-14 00:15 10,368 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-14 00:03 129,792 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 22:15 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 22:15 56,576 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-13 22:15 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-13 22:15 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys
2008-04-13 22:15 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-13 22:15 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-13 22:09 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-13 22:09 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-13 22:09 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-13 20:09 142,592 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 00:51 15360]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 23:41 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 10:56 16261632 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 00:51 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"DW1G0FY3io"= C:\Documents and Settings\All Users\Dane aplikacji\xenwridc\xylchopq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 09:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-03-21 10:30 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 18:24 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tnvkdaoz]
C:\WINDOWS\system32\vgtspgzq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP111
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 22:37:41
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-08 22:37:57
ComboFix-quarantined-files.txt 2008-05-08 20:37:55

Pre-Run: 16,381,480,960 bajtów wolnych
Post-Run: 17,117,032,448 bajtów wolnych

328 --- E O F --- 2008-05-01 08:55:02

eldiego · Maj 10, 2008

mogę prosić i sprawdzenie loga, złapałem jakieś gówno amvo czy jakoś tak i jeszcze nie jedno tam sie znajdzie pewnie ;P

Logfile of HijackThis v1.99.1
Scan saved at 19:46:17, on 2008-05-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B16CC9A-B1E2-4947-9291-71C5CB341CFF}: NameServer = 80.240.162.70 80.240.162.114
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Alliata · Maj 10, 2008

Log z Combo i SDFix.

Fix :

Kod:

O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

Damiano1412 · Maj 11, 2008

Proszę o sprawdzenie LOGA !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:34, on 2008-05-11
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{938E25B0-9B0F-4E07-BDDC-89F56BCD49C0}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7552 bytes

feelblue · Maj 11, 2008

Ja też poproszę o sprawdzenie. I z góry dziękuję.

Kod:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:05, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.cnn.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080;https=localhost:8080
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S94.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Startup: The Proxomitron.lnk = C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url]http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab[/url]
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Usługa Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - c:\WINDOWS\system32\o2flash.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9338 bytes

dorianmas · Maj 12, 2008

Damiano1412

Fix:

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

feelblue

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O18 - Filter hijack: text/html - (no CLSID) - (no file)

eldiego · Maj 13, 2008

log z combofixa tego amvo nie udalo mi sie hijackiem usunąć

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\ja\Dane aplikacji\ShoppingReport
C:\Documents and Settings\ja\Dane aplikacji\ShoppingReport\cs\Config.xml
C:\Documents and Settings\ja\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\ja\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\ja\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\ja\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\ja\Dane aplikacji\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\ja\Dane aplikacji\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\fsmgmt.dll
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-08 17:56 . 2002-04-26 12:04 95,484 --a------ C:\WINDOWS\system32\drivers\KMM4XNT.SYS
2008-05-08 17:56 . 2002-04-26 12:04 24,576 --a------ C:\WINDOWS\system32\KMM4XNTD.DLL
2008-05-08 17:46 . 2008-05-08 17:46 <DIR> d-------- C:\Program Files\Athenasoft
2008-05-05 20:38 . 2008-05-05 20:38 <DIR> d-------- C:\Program Files\illiminable
2008-05-05 20:38 . 2008-05-06 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\YAHOO
2008-05-05 20:38 . 2006-04-06 23:02 151,552 --------- C:\WINDOWS\system32\pxwma.dll
2008-05-05 20:36 . 2008-05-06 17:31 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-03 01:31 . 2008-05-08 18:02 49,066 --a------ C:\acadminidump.dmp
2008-04-29 20:38 . 2008-04-22 19:52 103,762 -r-hs---- C:\tym8a.exe
2008-04-19 19:41 . 2008-04-19 19:41 136 --a------ C:\WINDOWS\system32\acdb.err

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 19:45 --------- d-----w C:\Program Files\Minilyrics
2008-05-11 14:52 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-05-08 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 18:34 --------- d-----w C:\Program Files\Thomson
2008-04-09 15:20 --------- d-----w C:\Program Files\PITy
2008-04-07 21:28 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-22 14:23 --------- d-----w C:\Program Files\BridgeIt
2008-03-16 12:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\stamina
2008-03-16 12:11 --------- d-----w C:\Program Files\Konnekt
2008-03-16 09:58 --------- d-----w C:\Program Files\Apple Software Update
2008-03-16 09:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 17:44 8429568]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-03-23 13:06 888832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-23 23:54:11 528384]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2006-11-16 11:05 1953792 C:\WINDOWS\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamerOSD]
--a------ 2007-02-14 09:42 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2006-10-30 14:44 36864 C:\WINDOWS\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
--a------ 2005-05-24 23:41 503808 C:\Program Files\Konnekt\konnekt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2005-07-19 10:05 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-07-19 10:05 135168 C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-12 17:44 8429568 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-12 17:44 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-12 17:44 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--------- 2006-07-13 07:12 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2006-12-18 15:34 868352 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-04-25 17:44 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"ForcewareWebInterface"=2 (0x2)
"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\system32\drivers\Kmm4xNT.sys [2002-04-26 12:04]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\tym8a.exe
\Shell\explore\Command - C:\tym8a.exe
\Shell\open\Command - C:\tym8a.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\tym8a.exe
\Shell\explore\Command - D:\tym8a.exe
\Shell\open\Command - D:\tym8a.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\tym8a.exe
\Shell\explore\Command - E:\tym8a.exe
\Shell\open\Command - E:\tym8a.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d05ca54-ff3a-11dc-8efb-000e504ac48d}]
\Shell\AutoRun\command - L:\uisvkqr.exe
\Shell\explore\Command - L:\uisvkqr.exe
\Shell\open\Command - L:\uisvkqr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b481365-51cb-11dc-bce9-806d6172696f}]
\Shell\AutoRun\command - J:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c22a2be-c4fe-11dc-8e75-001bfc8d3fe0}]
\Shell\AutoRun\command - K:\EXPLORER.EXE
\Shell\explore\Command - K:\EXPLORER.EXE
\Shell\open\Command - K:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70ee42de-51c4-11dc-8d8d-001bfc8d3fe0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{717230b0-7596-11dc-8dd2-001bfc8d3fe0}]
\Shell\AutoRun\command - G:\tym8a.exe
\Shell\explore\Command - G:\tym8a.exe
\Shell\open\Command - G:\tym8a.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14ab332-ea33-11dc-8ed1-000e504ac48d}]
\Shell\Auto\command - K:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2dd2c8d-edf7-11dc-8ed9-000e504ac48d}]
\Shell\Auto\command - L:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 20:37:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-06 19:41:40 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1189016387.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 21:04:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2008-05-13 21:05:26 - machine was rebooted [ja]
ComboFix-quarantined-files.txt 2008-05-13 19:05:23

Pre-Run: 4,734,111,744 bajtów wolnych
Post-Run: 4,845,277,184 bajt˘w wolnych

227 --- E O F --- 2007-08-26 18:47:48

ciucia3 · Maj 22, 2008

Proszę o przejrzenie loga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:22, on 2008-05-22
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
C:\Program Files\WapSter\AQQ\AQQ.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Asia\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VistaFirewallControl] C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe

--
End of file - 6428 bytes

Lukaszb163 · Maj 24, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:29, on 2008-05-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drivers\services.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [CreateCD] D:\gry\POKEMO~2\POKEMO~1.EXE -r
O4 - HKLM\..\Run: [msm] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{75A822AA-3531-40FA-84FF-23B5B9ABDE37}: NameServer = 192.168.10.1,194.204.159.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5725 bytes

scofield_123 · Maj 24, 2008

Logfile of HijackThis v1.99.1
Scan saved at 14:23:12, on 2008-05-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\Ati2evxx.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\AVG\AVG8\avgam.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\system32\WgaTray.exe
G:\Tomek\gadu gadu\Gadu-Gadu\gg.exe
E:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\Program Files\Common Files\Teleca Shared\Generic.exe
E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
E:\Program Files\Folder Lock\Uninstall.exe
E:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
E:\Documents and Settings\Tom\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MaxCrypt] E:\Program Files\MaxCrypt v1.10\MaxCrypt.exe
O4 - HKLM\..\RunOnce: [FLuninst] E:\WINDOWS\system32\FLKill.exe
O4 - HKCU\..\Run: [BitComet] "E:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_31.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe

kkkss · Maj 25, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:28, on 2008-05-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Task Killer\taskkiller.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Task Killer] C:\Program Files\Task Killer\taskkiller.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8456 bytes

I jak?

nitr0 · Maj 25, 2008

Kod:

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

śmieeeci xD
a tak to czysto.

meteor-666 · Czerwiec 7, 2008

Logfile of HijackThis v1.99.1
Scan saved at 18:14:06, on 2008-06-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\OneStepSearch\onestep.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\OneStepSearch\onestep.exe
D:\WINDOWS\system32\RunDll32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
d:\program files\winamp\winamp.exe
D:\Program Files\Azureus\Azureus.exe
D:\Program Files\Java\jre1.6.0_02\bin\javaw.exe
D:\Program Files\FreeCommander\FreeCommander.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PDM Agent] D:\Program Files\PDM\PDM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [svhosst] D:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Catcher] D:\Documents and Settings\Mati\Pulpit\Catcher\Catcher.exe
O4 - HKCU\..\Run: [amva] D:\WINDOWS\system32\amvo.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B9FCD05-219F-4D47-AD92-9AA42CF913E6}: NameServer = 82.160.37.4,194.204.159.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EB580C6-C59A-4E13-9552-C15FD2BE4E48}: NameServer = 82.160.37.4 217.98.81.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - D:\Program Files\usr/MYSQL/bin/mysqld.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: OneStep Search Service - Unknown owner - D:\Program Files\OneStepSearch\onestep.exe" "D:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

I jak?

Bonen · Czerwiec 7, 2008

Logfile of HijackThis v1.99.1
Scan saved at 23:28:46, on 2008-06-07
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\OfcpfwSvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Budzik\budzik.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Mozilla Firefox\firefox.exe
D:\Steam\Steam.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Bonebreaker\Pulpit\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [OfcpfwSvcs.exe] C:\WINDOWS\system32\OfcpfwSvcs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Budzik.lnk = C:\Program Files\Budzik\budzik.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

mentab · Czerwiec 14, 2008

Logfile of HijackThis v1.99.1
Scan saved at 13:37:47, on

2008-06-14
Platform: Windows XP Dodatek SP2

(WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\opsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil

Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program

Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program

Files\Thomson\SpeedTouch

USB\Dragdiag.exe
C:\Program Files\ATI

Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDi

sp.exe
C:\Program

Files\Java\jre1.6.0_06\bin\jusche

d.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\DAEMON Tools

Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI

Technologies\ATI.ACE\CLI.exe
C:\Program

Files\Opiekun\optray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program

Files\HijackThis\HijackThis.exe

R0 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://runonce.msn.com/?v=msgrv75
R0 -

HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName

= Łącza
O2 - BHO: Groove GFS Browser

Helper -

{72853161-30C5-4D22-B7F9-0BBC1D38

A37E} -

C:\PROGRA~1\MICROS~2\Office12\GRA

8E1~1.DLL
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D9

2D43} - C:\Program

Files\Java\jre1.6.0_06\bin\ssv.dl

l
O2 - BHO: (no name) -

{7E853D72-626A-48EC-A868-BA8D5E23

E045} - (no file)
O2 - BHO: Windows Live Sign-in

Helper -

{9030D464-4C02-4ABF-8ECC-51647608

63C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SpeedTouch USB

Diagnostics] "C:\Program

Files\Thomson\SpeedTouch

USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA]

C:\Program Files\ATI

Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC]

"C:\Program Files\ATI

Technologies\ATI.ACE\cli.exe"

runtime
O4 - HKLM\..\Run: [avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDi

sp.exe
O4 - HKLM\..\Run:

[SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_06\bin\jusche

d.exe"
O4 - HKLM\..\Run: [SoundMan]

SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor]

"C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe

"
O4 - HKLM\..\Run:

[NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent]

"C:\Program

Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Gadu-Gadu]

"C:\Program

Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools

Lite] "C:\Program Files\DAEMON

Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr]

"C:\Program Files\MSN

Messenger\MsnMsgr.Exe"

/background
O4 - Startup: Tworzenie wycinków

ekranu i uruchamianie programu

OneNote 2007.lnk = C:\Program

Files\Microsoft

Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ATI CATALYST

System Tray.lnk = C:\Program

Files\ATI

Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item:

E&ksportuj do programu Microsoft

Excel -

res://C:\PROGRA~1\MICROS~2\Office

12\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} - C:\Program

Files\Java\jre1.6.0_06\bin\ssv.dl

l
O9 - Extra 'Tools' menuitem: Sun

Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} - C:\Program

Files\Java\jre1.6.0_06\bin\ssv.dl

l
O9 - Extra button: Wyślij do

programu OneNote -

{2670000A-7350-4f3c-8081-5663EE0C

6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONB

ttnIE.dll
O9 - Extra 'Tools' menuitem:

Wyślij &do programu OneNote -

{2670000A-7350-4f3c-8081-5663EE0C

6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONB

ttnIE.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A

8263} -

C:\PROGRA~1\MICROS~2\Office12\REF

IEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F79

5683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F79

5683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock

LSP: c:\program

files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock

LSP:

c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock

LSP:

c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock

LSP:

c:\windows\system32\oplsp.dll
O10 - Unknown file in Winsock

LSP:

c:\windows\system32\oplsp.dll
O17 -

HKLM\System\CCS\Services\Tcpip\..

\{300B2E0C-6148-4336-86A4-3A4309C

EBEC6}: NameServer =

213.241.79.37 83.238.255.76
O17 -

HKLM\System\CS1\Services\Tcpip\..

\{300B2E0C-6148-4336-86A4-3A4309C

EBEC6}: NameServer =

213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS -

{88FED34C-F0CA-4636-A375-3CB6248B

04CD} -

C:\PROGRA~1\MICROS~2\Office12\GR9

9D3~1.DLL
O18 - Protocol: livecall -

{828030A1-22C1-4009-854F-8E305202

313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help -

{314111C7-A502-11D2-BBCA-00C04F8E

C294} - C:\Program Files\Common

Files\Microsoft

Shared\Help\hxds.dll
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202

313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml -

{807563E5-5146-11D5-A672-00B0D022

E945} -

C:\PROGRA~1\COMMON~1\MICROS~1\OFF

ICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4

Control Service (aswUpdSv) -

ALWIL Software - C:\Program

Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller

- ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart -

Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus -

ALWIL Software - C:\Program

Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail

Scanner - Unknown owner -

C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe"

/service (file missing)
O23 - Service: avast! Web Scanner

- Unknown owner - C:\Program

Files\Alwil

Software\Avast4\ashWebSv.exe"

/service (file missing)
O23 - Service:

##Id_String1.6844F930_1628_4223_B

5CC_5BB94B879762## (Bonjour

Service) - Apple Computer, Inc. -

C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing

Service - Macrovision Europe Ltd.

- C:\Program Files\Common

Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Opiekun (OpSrv) -

SoftStory -

C:\WINDOWS\system32\opsrv.exe

Rado^^ · Czerwiec 16, 2008

Mam taki oto komunikat "System error! Attention... Some dangerous trojan horses detected on your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\Windows. Download protection software now. Click ok to download the antispyware... (Recommended)"
Nie wiem jak je usunąć, proszę o pomoc.

Kod:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:25, on 2008-06-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://galeria-polnet.us.to/[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {5F920865-38C9-40DA-8FCF-D9DC83F84EC5} - C:\WINDOWS\system32\pupdfan.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pcg: C:\Program Files\Internet Explorer\Plugins\nppcgplg.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{08319343-BC7F-4272-8A5D-40A62F32192C}: NameServer = 217.8.168.244 157.25.5.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{08319343-BC7F-4272-8A5D-40A62F32192C}: NameServer = 217.8.168.244 157.25.5.18
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 5247 bytes

Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik

Użytkownik