16 Maj 2008, 16:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:57, on 2008-05-16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\PROGRA~1\MediaKey\KPDrv4XP.EXE
C:\PROGRA~1\MediaKey\MMKeybd.EXE
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nasza-klasa.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\mrcmgr.exe,
O2 - BHO: MddApp Class - {1A4F919F-4334-4abf-BF47-0836A8B5A54B} - C:\WINDOWS\System32\ddr7xm.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HujApp Class - {8E9F39F8-40EE-4dd2-A439-2A90224E5DB5} - C:\WINDOWS\System32\prxsmr.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: BhoApp Class - {AAD1C6AD-10AB-4cae-97FB-0AADDEC8A14B} - C:\WINDOWS\System32\hmlphl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Aero skin - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - interns32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MediaKey\KPDrv4XP.EXE
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MMKeybd.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\28647.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\mrcmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{280C39ED-7C8A-4D71-B085-DF15B38A1BB8}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10725 bytes
Scan saved at 16:14:57, on 2008-05-16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\PROGRA~1\MediaKey\KPDrv4XP.EXE
C:\PROGRA~1\MediaKey\MMKeybd.EXE
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nasza-klasa.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\mrcmgr.exe,
O2 - BHO: MddApp Class - {1A4F919F-4334-4abf-BF47-0836A8B5A54B} - C:\WINDOWS\System32\ddr7xm.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HujApp Class - {8E9F39F8-40EE-4dd2-A439-2A90224E5DB5} - C:\WINDOWS\System32\prxsmr.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: BhoApp Class - {AAD1C6AD-10AB-4cae-97FB-0AADDEC8A14B} - C:\WINDOWS\System32\hmlphl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Aero skin - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - interns32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MediaKey\KPDrv4XP.EXE
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MMKeybd.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\28647.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\mrcmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{280C39ED-7C8A-4D71-B085-DF15B38A1BB8}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10725 bytes
16 Maj 2008, 16:23
fix w hijackthis
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
O2 - BHO: MddApp Class - {1A4F919F-4334-4abf-BF47-0836A8B5A54B} - C:\WINDOWS\System32\ddr7xm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HujApp Class - {8E9F39F8-40EE-4dd2-A439-2A90224E5DB5} - C:\WINDOWS\System32\prxsmr.dll
O2 - BHO: BhoApp Class - {AAD1C6AD-10AB-4cae-97FB-0AADDEC8A14B} - C:\WINDOWS\System32\hmlphl.dll
O2 - BHO: Aero skin - {FFFFFFFF-B432-46fc-9143-B82B832B1B14} - interns32.dll (file missing)
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\28647.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\mrcmgr.exe
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
- Kod:
File::
C:\WINDOWS\System32\mrcmgr.exe
C:\WINDOWS\28647.exe
C:\WINDOWS\System32\ddr7xm.dll
C:\WINDOWS\System32\hmlphl.dll
C:\WINDOWS\System32\prxsmr.dll
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
16 Maj 2008, 16:53
ComboFix 08-05-15.3 - Kiszka 2008-05-16 16:40:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.147 [GMT 2:00]
Running from: C:\Documents and Settings\Kiszka\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kiszka\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Kiszka\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\28647.exe
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-16 16:42 . 2007-06-20 14:48 18,224 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-05-16 16:11 . 2008-05-16 16:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 20:02 . 2002-11-14 21:44 219,648 --a------ C:\WINDOWS\system32\srrstr.dll
2008-05-15 20:02 . 2002-11-14 21:44 219,648 --a--c--- C:\WINDOWS\system32\dllcache\srrstr.dll
2008-05-15 20:00 . 2008-05-15 20:08 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2008-05-15 20:00 . 2003-08-02 06:14 25,600 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-05-15 20:00 . 2008-05-15 20:08 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-15 19:50 . 2008-05-15 19:50 <DIR> d-------- C:\Program Files\CCleaner
2008-05-15 14:37 . 2008-05-15 14:37 45,568 --a------ C:\WINDOWS\system32\interns32.dll
2008-05-15 14:37 . 2008-05-15 14:38 16,252 --a------ C:\WINDOWS\system32\es.dat
2008-05-15 11:53 . 2008-05-15 11:53 <DIR> d-------- C:\Documents and Settings\Kiszka\Dane aplikacji\Apple Computer
2008-05-15 11:19 . 2008-05-15 11:19 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-15 11:01 . 2008-05-15 11:01 58 --a------ C:\WINDOWS\wininit.ini
2008-05-15 10:59 . 2008-05-15 11:00 32 --a------ C:\WINDOWS\system87sG.dat
2008-05-15 00:03 . 2008-05-15 00:03 0 -ra------ C:\WINDOWS\system32\TFTP3140
2008-05-14 14:37 . 2008-05-14 14:39 <DIR> d-------- C:\Program Files\Screamer Radio
2008-05-14 12:53 . 2008-05-14 12:53 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-05-14 12:53 . 2008-05-14 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-05-14 12:53 . 2008-05-14 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-05-14 12:52 . 2008-05-14 12:53 <DIR> d-------- C:\Program Files\Winamp Remote
2008-05-14 12:50 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-14 11:42 . 2008-05-15 21:23 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-14 00:58 . 2008-05-14 00:58 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-14 00:57 . 2004-07-02 00:10 360,448 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-05-14 00:57 . 2004-07-02 00:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-05-14 00:57 . 2004-07-02 00:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-05-14 00:57 . 2004-07-02 00:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-05-14 00:57 . 2004-07-02 00:10 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-05-14 00:57 . 2004-07-02 00:10 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-05-14 00:57 . 2004-07-02 00:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-05-14 00:57 . 2004-07-02 00:10 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-05-14 00:53 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-05-14 00:53 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-05-14 00:53 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-05-14 00:53 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-05-14 00:53 . 2004-08-03 14:04 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-05-14 00:53 . 2004-08-03 14:03 170,264 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-05-14 00:53 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-05-13 21:45 . 2008-05-13 21:45 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-13 21:45 . 2008-05-13 21:45 <DIR> d-------- C:\Program Files\ffdshow
2008-05-13 21:45 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-13 21:45 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-13 21:45 . 2008-03-28 19:40 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-05-13 21:45 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-13 21:27 . 2008-05-14 12:42 <DIR> d-------- C:\Documents and Settings\Kiszka\Dane aplikacji\Media Player Classic
2008-05-13 17:04 . 2004-05-14 17:12 1,916,928 --------- C:\WINDOWS\UNNVEContent.exe
2008-05-13 17:04 . 2004-11-30 19:14 67,990 --------- C:\WINDOWS\UNNVEContent.cfg
2008-05-13 17:03 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNMRW.exe
2008-05-13 17:03 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\NuNinst.exe
2008-05-13 17:03 . 2005-01-27 19:08 99,200 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2008-05-13 17:03 . 2005-09-28 13:17 58,039 --------- C:\WINDOWS\NuNinst.cfg
2008-05-13 17:03 . 2005-09-28 13:17 55,617 --------- C:\WINDOWS\UNMRW.cfg
2008-05-13 17:03 . 2005-01-27 19:07 28,928 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2008-05-13 17:03 . 2005-01-27 19:08 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2008-05-13 17:02 . 2008-05-13 17:02 <DIR> d-------- C:\WINDOWS\InCD
2008-05-13 17:02 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2008-05-13 17:02 . 2005-09-28 13:17 49,870 --------- C:\WINDOWS\UNNMP.cfg
2008-05-13 17:02 . 2005-01-27 19:07 27,776 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2008-05-13 17:00 . 2005-07-12 19:06 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
2008-05-13 17:00 . 2005-09-28 13:17 154,581 --------- C:\WINDOWS\UNNeroVision.cfg
2008-05-13 16:58 . 2004-11-17 23:29 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-05-13 16:58 . 2004-11-17 23:29 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-05-13 15:10 . 2008-05-13 15:11 <DIR> d-------- C:\Program Files\totalcmd
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-05-13 15:10 . 2008-05-13 15:13 460 --a------ C:\WINDOWS\wincmd.ini
2008-05-13 09:38 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 09:38 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-12 15:36 . 2008-05-15 17:20 74 --a------ C:\WINDOWS\MediaManager.INI
2008-05-12 14:23 . 2008-05-12 14:23 <DIR> d-------- C:\Program Files\MP3 Player Utilities 4.13
2008-05-11 23:57 . 2008-05-11 23:58 <DIR> d-------- C:\Documents and Settings\Kiszka\Dane aplikacji\ArcSoft
2008-05-11 17:00 . 2008-05-11 17:00 <DIR> d-------- C:\Program Files\Audacity
2008-05-11 16:45 . 2008-05-11 16:45 <DIR> d-------- C:\WINDOWS\Sun
2008-05-11 16:36 . 2008-05-11 16:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-11 16:36 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-11 14:33 . 2008-05-11 14:33 <DIR> d-------- C:\WinFast WorkArea
2008-05-11 14:31 . 2008-05-11 14:32 <DIR> d-------- C:\WFDB
2008-05-11 14:31 . 2008-05-11 14:31 <DIR> d-------- C:\Program Files\WinFast
2008-05-11 14:31 . 2008-05-11 14:31 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-05-11 14:26 . 2008-05-11 14:26 <DIR> d-------- C:\WINDOWS\system32\WinFox
2008-05-11 14:26 . 2008-05-11 14:26 <DIR> d-------- C:\WINDOWS\system32\WinFast
2008-05-11 14:26 . 2003-09-05 09:57 9,469 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys
2008-05-11 13:50 . 2008-05-11 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-05-11 13:49 . 2008-05-11 13:49 <DIR> d-------- C:\Program Files\CyberLink
2008-05-11 13:02 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-11 13:02 . 2008-05-11 13:02 421 --a------ C:\WINDOWS\ODBC.INI
2008-05-11 13:00 . 2008-05-11 13:00 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-11 12:58 . 2008-05-11 13:00 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-11 12:54 . 2008-05-11 12:54 <DIR> dr-h----- C:\MSOCache
2008-05-11 11:07 . 2008-05-11 11:43 <DIR> d-------- C:\Documents and Settings\Kiszka\Dane aplikacji\COWON
2008-05-11 01:22 . 2008-05-11 01:22 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-11 01:22 . 2008-05-11 01:22 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-11 01:22 . 2008-05-11 01:27 <DIR> d-------- C:\Documents and Settings\Kiszka\Contacts
2008-05-11 01:21 . 2008-05-13 17:36 <DIR> d-------- C:\WINDOWS\Pliki Instalatora aktualizacji Windows Update
2008-05-11 01:21 . 2008-05-13 17:38 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-11 01:21 . 2008-05-11 01:21 <DIR> d-------- C:\WINDOWS\Historia
2008-05-11 01:06 . 2008-05-13 21:16 <DIR> d-------- C:\Program Files\DivX
2008-05-11 00:53 . 2008-05-11 00:53 <DIR> d---s---- C:\Documents and Settings\Kiszka\UserData
2008-05-11 00:44 . 2001-08-17 22:02 33,152 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2008-05-11 00:44 . 2001-08-17 22:02 33,152 --a--c--- C:\WINDOWS\system32\dllcache\hidclass.sys
2008-05-11 00:44 . 2001-08-17 22:02 23,680 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2008-05-11 00:44 . 2001-08-17 22:02 23,680 --a--c--- C:\WINDOWS\system32\dllcache\hidparse.sys
2008-05-11 00:44 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-11 00:44 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-11 00:43 . 2003-01-17 03:27 52 -ra------ C:\WINDOWS\THKB_E.ini
2008-05-11 00:42 . 2008-05-11 00:42 <DIR> d-------- C:\WUTemp
2008-05-11 00:35 . 2008-05-11 00:38 <DIR> d-------- C:\Program Files\MediaKey
2008-05-11 00:35 . 2001-10-26 17:29 19,456 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-11 00:35 . 2001-10-26 17:29 19,456 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-11 00:35 . 2001-10-26 16:48 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-11 00:35 . 2001-10-26 16:48 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-05-11 00:35 . 2008-05-11 00:38 77 --a------ C:\WINDOWS\MMKEYBD.UNI
2008-05-11 00:35 . 2008-05-11 00:35 0 --a------ C:\WINDOWS\SelSet.INI
2008-05-11 00:34 . 2004-08-03 13:59 185,624 --a------ C:\WINDOWS\system32\iuengine.dll
2008-05-11 00:34 . 2004-08-03 13:59 185,624 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2008-05-11 00:34 . 2001-08-17 22:03 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-11 00:34 . 2001-08-17 22:03 24,960 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-10 22:49 . 2001-08-17 22:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-10 22:42 . 2008-05-10 22:42 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-10 22:37 . 2008-05-10 22:37 <DIR> d-------- C:\Program Files\Ares
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 14:42 --------- d-----w C:\Program Files\Kalendarz XP
2008-05-16 11:56 --------- d-----w C:\Program Files\English Translator 3
2008-05-15 20:07 --------- d-----w C:\Program Files\ooVoo
2008-05-14 17:46 61,440 --sha-w C:\Program Files\Thumbs.db
2008-05-13 16:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-05-13 15:04 --------- d-----w C:\Documents and Settings\Kiszka\Dane aplikacji\Ahead
2008-05-13 15:03 --------- d-----w C:\Program Files\Ahead
2008-05-13 07:38 --------- d-----w C:\Program Files\Picasa2
2008-05-11 12:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 21:33 --------- d-----w C:\Documents and Settings\Kiszka\Dane aplikacji\ooVoo Details
2008-05-10 20:13 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-10 19:53 --------- d-----w C:\Documents and Settings\Kiszka\Dane aplikacji\Snapfish
2008-05-10 19:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-05-10 19:50 --------- d-----w C:\Documents and Settings\Kiszka\Dane aplikacji\Simple Star
2008-05-10 19:48 --------- d-----w C:\Program Files\IVT Corporation
2008-05-10 19:48 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-05-10 19:47 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-10 19:45 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-10 19:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-05-10 19:42 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-05-10 19:42 --------- d-----w C:\Program Files\ArcSoft
2008-05-10 19:41 --------- d-----w C:\Program Files\Common Files\snp2std
2008-05-10 19:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 19:33 --------- d-----w C:\Program Files\Realtek AC97
2008-05-10 19:23 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-10 19:20 --------- d-----w C:\Program Files\Usługi online
2005-04-15 11:19 880,676 ----a-w C:\Program Files\UXThemeMulti-Patcher(NeowinEdition)4.0.exe
.
------- Sigcheck -------
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\6365088f85b501588ee599470d0e71a8\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A4F919F-4334-4abf-BF47-0836A8B5A54B}]
2001-10-26 18:49 49152 --a------ C:\WINDOWS\System32\ddr7xm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E9F39F8-40EE-4dd2-A439-2A90224E5DB5}]
2001-10-26 18:49 36864 --a------ C:\WINDOWS\System32\prxsmr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAD1C6AD-10AB-4cae-97FB-0AADDEC8A14B}]
2001-10-26 18:49 37376 --a------ C:\WINDOWS\System32\hmlphl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-B432-46fc-9143-B82B832B1B14}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29 13312]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-26 02:28 212992]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 17:03 68856]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-13 02:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 02:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-13 02:50 81920]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-11-02 14:04 258048]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-15 13:21 675840]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"autoclk"="autoclk.exe" []
"adiras"="adiras.exe" []
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55 32768]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 15:15 455984]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"KPDrv4XP"="C:\PROGRA~1\MediaKey\KPDrv4XP.EXE" [2003-01-17 03:25 32768]
"MediaKey"="C:\PROGRA~1\MediaKey\MMKeybd.EXE" [2003-01-17 03:25 172032]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 18:16 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 16:22 397312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-27 19:17 1381376]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 19:29 13312]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-05-10 21:49:00 1183744]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-10 22:12:59 839680]
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-05-10 23:26:33 882176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\explorer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28681:TCP"= 28681:TCP:port
"31198:TCP"= 31198:TCP:port
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\System32\DRIVERS\PavProc.sys [2007-07-12 13:49]
R2 USBKBFlt;Dritek USB Keyboard Filter;C:\WINDOWS\System32\DRIVERS\USBKBFlt.SYS [2003-01-17 03:25]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [2006-11-08 14:57]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 16:55]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-09-15 11:07]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 20:35:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 16:42:26
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-16 16:43:22
ComboFix-quarantined-files.txt 2008-05-16 14:43:03
Pre-Run: 15,507,922,944 bajtów wolnych
Post-Run: 15,506,980,864 bajtów wolnych
276 --- E O F --- 2008-05-15 23:22:31
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.147 [GMT 2:00]
Running from: C:\Documents and Settings\Kiszka\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kiszka\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Kiszka\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\28647.exe
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-16 16:42 . 2007-06-20 14:48 18,224 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-05-16 16:11 . 2008-05-16 16:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 20:02 . 2002-11-14 21:44 219,648 --a------ C:\WINDOWS\system32\srrstr.dll
2008-05-15 20:02 . 2002-11-14 21:44 219,648 --a--c--- C:\WINDOWS\system32\dllcache\srrstr.dll
2008-05-15 20:00 . 2008-05-15 20:08 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2008-05-15 20:00 . 2003-08-02 06:14 25,600 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-05-15 20:00 . 2008-05-15 20:08 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-15 19:50 . 2008-05-15 19:50 <DIR> d-------- C:\Program Files\CCleaner
2008-05-15 14:37 . 2008-05-15 14:37 45,568 --a------ C:\WINDOWS\system32\interns32.dll
2008-05-15 14:37 . 2008-05-15 14:38 16,252 --a------ C:\WINDOWS\system32\es.dat
2008-05-15 11:53 . 2008-05-15 11:53 <DIR> d-------- C:\Documents and Settings\Kiszka\Dane aplikacji\Apple Computer
2008-05-15 11:19 . 2008-05-15 11:19 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-15 11:01 . 2008-05-15 11:01 58 --a------ C:\WINDOWS\wininit.ini
2008-05-15 10:59 . 2008-05-15 11:00 32 --a------ C:\WINDOWS\system87sG.dat
2008-05-15 00:03 . 2008-05-15 00:03 0 -ra------ C:\WINDOWS\system32\TFTP3140
2008-05-14 14:37 . 2008-05-14 14:39 <DIR> d-------- C:\Program Files\Screamer Radio
2008-05-14 12:53 . 2008-05-14 12:53 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-05-14 12:53 . 2008-05-14 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-05-14 12:53 . 2008-05-14 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-05-14 12:52 . 2008-05-14 12:53 <DIR> d-------- C:\Program Files\Winamp Remote
2008-05-14 12:50 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-14 11:42 . 2008-05-15 21:23 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-14 00:58 . 2008-05-14 00:58 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-14 00:57 . 2004-07-02 00:10 360,448 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-05-14 00:57 . 2004-07-02 00:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-05-14 00:57 . 2004-07-02 00:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-05-14 00:57 . 2004-07-02 00:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-05-14 00:57 . 2004-07-02 00:10 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-05-14 00:57 . 2004-07-02 00:10 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-05-14 00:57 . 2004-07-02 00:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-05-14 00:57 . 2004-07-02 00:10 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-05-14 00:53 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-05-14 00:53 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-05-14 00:53 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-05-14 00:53 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-05-14 00:53 . 2004-08-03 14:04 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-05-14 00:53 . 2004-08-03 14:03 170,264 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-05-14 00:53 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-05-13 21:45 . 2008-05-13 21:45 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-13 21:45 . 2008-05-13 21:45 <DIR> d-------- C:\Program Files\ffdshow
2008-05-13 21:45 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-13 21:45 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-13 21:45 . 2008-03-28 19:40 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-05-13 21:45 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-13 21:27 . 2008-05-14 12:42 <DIR> d-------- C:\Documents and Settings\Kiszka\Dane aplikacji\Media Player Classic
2008-05-13 17:04 . 2004-05-14 17:12 1,916,928 --------- C:\WINDOWS\UNNVEContent.exe
2008-05-13 17:04 . 2004-11-30 19:14 67,990 --------- C:\WINDOWS\UNNVEContent.cfg
2008-05-13 17:03 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNMRW.exe
2008-05-13 17:03 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\NuNinst.exe
2008-05-13 17:03 . 2005-01-27 19:08 99,200 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2008-05-13 17:03 . 2005-09-28 13:17 58,039 --------- C:\WINDOWS\NuNinst.cfg
2008-05-13 17:03 . 2005-09-28 13:17 55,617 --------- C:\WINDOWS\UNMRW.cfg
2008-05-13 17:03 . 2005-01-27 19:07 28,928 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2008-05-13 17:03 . 2005-01-27 19:08 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2008-05-13 17:02 . 2008-05-13 17:02 <DIR> d-------- C:\WINDOWS\InCD
2008-05-13 17:02 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2008-05-13 17:02 . 2005-09-28 13:17 49,870 --------- C:\WINDOWS\UNNMP.cfg
2008-05-13 17:02 . 2005-01-27 19:07 27,776 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2008-05-13 17:00 . 2005-07-12 19:06 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
2008-05-13 17:00 . 2005-09-28 13:17 154,581 --------- C:\WINDOWS\UNNeroVision.cfg
2008-05-13 16:58 . 2004-11-17 23:29 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-05-13 16:58 . 2004-11-17 23:29 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-05-13 15:10 . 2008-05-13 15:11 <DIR> d-------- C:\Program Files\totalcmd
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-05-13 15:10 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-05-13 15:10 . 2008-05-13 15:13 460 --a------ C:\WINDOWS\wincmd.ini
2008-05-13 09:38 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 09:38 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-12 15:36 . 2008-05-15 17:20 74 --a------ C:\WINDOWS\MediaManager.INI
2008-05-12 14:23 . 2008-05-12 14:23 <DIR> d-------- C:\Program Files\MP3 Player Utilities 4.13
2008-05-11 23:57 . 2008-05-11 23:58 <DIR> d-------- C:\Documents and Settings\Kiszka\Dane aplikacji\ArcSoft
2008-05-11 17:00 . 2008-05-11 17:00 <DIR> d-------- C:\Program Files\Audacity
2008-05-11 16:45 . 2008-05-11 16:45 <DIR> d-------- C:\WINDOWS\Sun
2008-05-11 16:36 . 2008-05-11 16:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-11 16:36 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-11 14:33 . 2008-05-11 14:33 <DIR> d-------- C:\WinFast WorkArea
2008-05-11 14:31 . 2008-05-11 14:32 <DIR> d-------- C:\WFDB
2008-05-11 14:31 . 2008-05-11 14:31 <DIR> d-------- C:\Program Files\WinFast
2008-05-11 14:31 . 2008-05-11 14:31 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-05-11 14:26 . 2008-05-11 14:26 <DIR> d-------- C:\WINDOWS\system32\WinFox
2008-05-11 14:26 . 2008-05-11 14:26 <DIR> d-------- C:\WINDOWS\system32\WinFast
2008-05-11 14:26 . 2003-09-05 09:57 9,469 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys
2008-05-11 13:50 . 2008-05-11 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-05-11 13:49 . 2008-05-11 13:49 <DIR> d-------- C:\Program Files\CyberLink
2008-05-11 13:02 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-11 13:02 . 2008-05-11 13:02 421 --a------ C:\WINDOWS\ODBC.INI
2008-05-11 13:00 . 2008-05-11 13:00 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-11 12:58 . 2008-05-11 13:00 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-11 12:54 . 2008-05-11 12:54 <DIR> dr-h----- C:\MSOCache
2008-05-11 11:07 . 2008-05-11 11:43 <DIR> d-------- C:\Documents and Settings\Kiszka\Dane aplikacji\COWON
2008-05-11 01:22 . 2008-05-11 01:22 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-11 01:22 . 2008-05-11 01:22 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-11 01:22 . 2008-05-11 01:27 <DIR> d-------- C:\Documents and Settings\Kiszka\Contacts
2008-05-11 01:21 . 2008-05-13 17:36 <DIR> d-------- C:\WINDOWS\Pliki Instalatora aktualizacji Windows Update
2008-05-11 01:21 . 2008-05-13 17:38 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-11 01:21 . 2008-05-11 01:21 <DIR> d-------- C:\WINDOWS\Historia
2008-05-11 01:06 . 2008-05-13 21:16 <DIR> d-------- C:\Program Files\DivX
2008-05-11 00:53 . 2008-05-11 00:53 <DIR> d---s---- C:\Documents and Settings\Kiszka\UserData
2008-05-11 00:44 . 2001-08-17 22:02 33,152 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2008-05-11 00:44 . 2001-08-17 22:02 33,152 --a--c--- C:\WINDOWS\system32\dllcache\hidclass.sys
2008-05-11 00:44 . 2001-08-17 22:02 23,680 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2008-05-11 00:44 . 2001-08-17 22:02 23,680 --a--c--- C:\WINDOWS\system32\dllcache\hidparse.sys
2008-05-11 00:44 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-11 00:44 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-11 00:43 . 2003-01-17 03:27 52 -ra------ C:\WINDOWS\THKB_E.ini
2008-05-11 00:42 . 2008-05-11 00:42 <DIR> d-------- C:\WUTemp
2008-05-11 00:35 . 2008-05-11 00:38 <DIR> d-------- C:\Program Files\MediaKey
2008-05-11 00:35 . 2001-10-26 17:29 19,456 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-11 00:35 . 2001-10-26 17:29 19,456 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-11 00:35 . 2001-10-26 16:48 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-11 00:35 . 2001-10-26 16:48 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-05-11 00:35 . 2008-05-11 00:38 77 --a------ C:\WINDOWS\MMKEYBD.UNI
2008-05-11 00:35 . 2008-05-11 00:35 0 --a------ C:\WINDOWS\SelSet.INI
2008-05-11 00:34 . 2004-08-03 13:59 185,624 --a------ C:\WINDOWS\system32\iuengine.dll
2008-05-11 00:34 . 2004-08-03 13:59 185,624 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2008-05-11 00:34 . 2001-08-17 22:03 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-11 00:34 . 2001-08-17 22:03 24,960 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-10 22:49 . 2001-08-17 22:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-10 22:42 . 2008-05-10 22:42 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-10 22:37 . 2008-05-10 22:37 <DIR> d-------- C:\Program Files\Ares
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 14:42 --------- d-----w C:\Program Files\Kalendarz XP
2008-05-16 11:56 --------- d-----w C:\Program Files\English Translator 3
2008-05-15 20:07 --------- d-----w C:\Program Files\ooVoo
2008-05-14 17:46 61,440 --sha-w C:\Program Files\Thumbs.db
2008-05-13 16:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-05-13 15:04 --------- d-----w C:\Documents and Settings\Kiszka\Dane aplikacji\Ahead
2008-05-13 15:03 --------- d-----w C:\Program Files\Ahead
2008-05-13 07:38 --------- d-----w C:\Program Files\Picasa2
2008-05-11 12:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 21:33 --------- d-----w C:\Documents and Settings\Kiszka\Dane aplikacji\ooVoo Details
2008-05-10 20:13 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-10 19:53 --------- d-----w C:\Documents and Settings\Kiszka\Dane aplikacji\Snapfish
2008-05-10 19:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-05-10 19:50 --------- d-----w C:\Documents and Settings\Kiszka\Dane aplikacji\Simple Star
2008-05-10 19:48 --------- d-----w C:\Program Files\IVT Corporation
2008-05-10 19:48 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-05-10 19:47 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-10 19:45 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-10 19:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-05-10 19:42 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-05-10 19:42 --------- d-----w C:\Program Files\ArcSoft
2008-05-10 19:41 --------- d-----w C:\Program Files\Common Files\snp2std
2008-05-10 19:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 19:33 --------- d-----w C:\Program Files\Realtek AC97
2008-05-10 19:23 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-10 19:20 --------- d-----w C:\Program Files\Usługi online
2005-04-15 11:19 880,676 ----a-w C:\Program Files\UXThemeMulti-Patcher(NeowinEdition)4.0.exe
.
------- Sigcheck -------
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\6365088f85b501588ee599470d0e71a8\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A4F919F-4334-4abf-BF47-0836A8B5A54B}]
2001-10-26 18:49 49152 --a------ C:\WINDOWS\System32\ddr7xm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E9F39F8-40EE-4dd2-A439-2A90224E5DB5}]
2001-10-26 18:49 36864 --a------ C:\WINDOWS\System32\prxsmr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAD1C6AD-10AB-4cae-97FB-0AADDEC8A14B}]
2001-10-26 18:49 37376 --a------ C:\WINDOWS\System32\hmlphl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-B432-46fc-9143-B82B832B1B14}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29 13312]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-26 02:28 212992]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 961024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 17:03 68856]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-13 02:50 4112384]
"nwiz"="nwiz.exe" [2004-07-13 02:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-13 02:50 81920]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-11-02 14:04 258048]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-15 13:21 675840]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"autoclk"="autoclk.exe" []
"adiras"="adiras.exe" []
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55 32768]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 15:15 455984]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"KPDrv4XP"="C:\PROGRA~1\MediaKey\KPDrv4XP.EXE" [2003-01-17 03:25 32768]
"MediaKey"="C:\PROGRA~1\MediaKey\MMKeybd.EXE" [2003-01-17 03:25 172032]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 18:16 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 16:22 397312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-27 19:17 1381376]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 19:29 13312]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-05-10 21:49:00 1183744]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-10 22:12:59 839680]
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-05-10 23:26:33 882176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\explorer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28681:TCP"= 28681:TCP:port
"31198:TCP"= 31198:TCP:port
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\System32\DRIVERS\PavProc.sys [2007-07-12 13:49]
R2 USBKBFlt;Dritek USB Keyboard Filter;C:\WINDOWS\System32\DRIVERS\USBKBFlt.SYS [2003-01-17 03:25]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [2006-11-08 14:57]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 16:55]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-09-15 11:07]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 20:35:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 16:42:26
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-16 16:43:22
ComboFix-quarantined-files.txt 2008-05-16 14:43:03
Pre-Run: 15,507,922,944 bajtów wolnych
Post-Run: 15,506,980,864 bajtów wolnych
276 --- E O F --- 2008-05-15 23:22:31
16 Maj 2008, 17:02
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
Wklej do notatnika:
- Kod:
File::
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A4F919F-4334-4abf-BF47-0836A8B5A54B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E9F39F8-40EE-4dd2-A439-2A90224E5DB5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAD1C6AD-10AB-4cae-97FB-0AADDEC8A14B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-B432-46fc-9143-B82B832B1B14}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"autoclk"=-
"adiras"=-
"SunJavaUpdateSched"=-
"InCD"=-
"WinampAgent"=-
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.