- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:12, on 2008-06-19
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Keyboard Driver\KMWDSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\Domino.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.tcz.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.onet.pl
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Keyboard Driver\KMWDSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 6718 bytes
COMBO
- Kod: Zaznacz wszystko
ComboFix 08-06-16.5 - Kamil 2008-06-19 21:18:32.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.572 [GMT 2:00]
Running from: C:\Documents and Settings\Kamil\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.
2008-06-13 18:03 . 2008-06-16 16:02 <DIR> d-------- C:\Program Files\EA SPORTS
2008-06-11 14:36 . 2008-06-11 14:36 <DIR> d-------- C:\Program Files\QuickTime
2008-06-11 14:36 . 2008-06-11 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-11 14:03 . 2008-04-14 18:00 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 14:03 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 15:44 . 2008-06-10 15:44 <DIR> d-------- C:\Program Files\MarBit
2008-06-09 21:00 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-06-09 21:00 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-06-09 21:00 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-06-09 21:00 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-06-09 21:00 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-06-09 21:00 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-06-09 21:00 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-06-07 22:11 . 2008-06-07 22:11 <DIR> dr-h----- C:\Documents and Settings\Kamil\Dane aplikacji\SecuROM
2008-05-30 14:38 . 2008-05-30 14:38 1,158,739 --a------ C:\WINDOWS\BDANT.cab
2008-05-30 14:37 . 2008-05-30 14:37 1,694,728 --a------ C:\WINDOWS\dsetup32.dll
2008-05-30 14:36 . 2008-05-30 14:36 13,267,416 --a------ C:\WINDOWS\dxnt.cab
2008-05-30 14:36 . 2008-05-30 14:36 4,165,878 --a------ C:\WINDOWS\Apr2006_MDX1_x86_Archive.cab
2008-05-30 14:36 . 2008-05-30 14:36 1,805,306 --a------ C:\WINDOWS\Nov2007_d3dx9_36_x64.cab
2008-05-30 14:36 . 2008-05-30 14:36 1,803,408 --a------ C:\WINDOWS\AUG2007_d3dx9_35_x64.cab
2008-05-30 14:34 . 2008-05-30 14:34 528,392 --a------ C:\WINDOWS\DXSETUP.exe
2008-05-29 19:01 . 2008-05-29 19:04 <DIR> d-------- C:\Documents and Settings\Kamil\Dane aplikacji\Winamp
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-22 18:28 . 2008-05-22 18:28 <DIR> d-------- C:\Program Files\Electronic Arts
2008-05-21 16:57 . 2008-05-21 16:57 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-05-21 16:57 . 2008-05-21 16:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 16:57 . 2008-05-21 16:57 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-05-20 17:47 . 2008-05-20 17:47 <DIR> d-------- C:\Program Files\Lavalys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 19:22 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Skype
2008-06-19 18:47 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\skypePM
2008-06-19 12:56 --------- d-----w C:\Program Files\DC++
2008-06-18 18:49 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-18 18:49 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-17 15:45 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-14 09:03 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\gtk-2.0
2008-06-13 10:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 09:51 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-30 12:35 97,288 ----a-w C:\WINDOWS\DSETUP.dll
2008-05-29 17:01 --------- d-----w C:\Program Files\Winamp
2008-05-27 12:08 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\BearShare
2008-05-23 10:50 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.org2
2008-05-22 10:51 --------- d-----w C:\Program Files\Sunbelt Software
2008-05-16 15:32 1,431 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 18:04 --------- d-----w C:\Program Files\ESET
2008-05-05 13:55 --------- d-----w C:\Program Files\GIMP-2.0
2008-04-30 16:45 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-25 15:12 --------- d-----w C:\Program Files\Activision
2008-04-24 17:25 --------- d-----w C:\Program Files\Kolekcja Klasyki
2008-04-24 14:27 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 20:37 811,064 ----a-w C:\WINDOWS\system32\imjp81k.dll
2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll
2008-04-14 20:34 7,168 ----a-w C:\WINDOWS\system32\f3ahvoas.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 19:45 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:39 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 19:29 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 22:13 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 22:10 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 22:08 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 22:05 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-27 15:13 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-01-01 21:01 47,360 ----a-w C:\Documents and Settings\Kamil\Dane aplikacji\pcouffin.sys
2007-12-11 11:51 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 10:58 49152]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [ ]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"Domino"="C:\WINDOWS\Domino.EXE" [2006-06-28 17:54 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-01-27 17:32:35 622592]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kamil^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Kamil\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 C:\Program Files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2006-06-28 17:54 49152 C:\WINDOWS\Domino.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCD]
E:\Run.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 15:51 212992 C:\Program Files\Keyboard Driver\StartAutorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCS Firewall 6]
C:\Program Files\MCS Studios\MCS Firewall 6\mcsfw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 22:51 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7537:TCP"= 7537:TCP:BitComet 7537 TCP
"7537:UDP"= 7537:UDP:BitComet 7537 UDP
"9206:TCP"= 9206:TCP:BitComet 9206 TCP
"9206:UDP"= 9206:UDP:BitComet 9206 UDP
"22132:TCP"= 22132:TCP:BitComet 22132 TCP
"22132:UDP"= 22132:UDP:BitComet 22132 UDP
"18756:TCP"= 18756:TCP:BitComet 18756 TCP
"18756:UDP"= 18756:UDP:BitComet 18756 UDP
"8487:TCP"= 8487:TCP:BitComet 8487 TCP
"8487:UDP"= 8487:UDP:BitComet 8487 UDP
"8809:TCP"= 8809:TCP:BitComet 8809 TCP
"8809:UDP"= 8809:UDP:BitComet 8809 UDP
R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 18:41]
R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 17:49]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Keyboard Driver\KMWDSrv.exe [2007-04-05 11:29]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 10:57]
S2 ip_fw;ipfw kernel-mode driver;C:\Program Files\MCS Studios\MCS Firewall 6\system\ip_fw.sys []
S2 ipfw;ipfw_helper;C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe []
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-08-28 09:48]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 netr73;TL-WN321G Wireless USB Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-04 10:41]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 06:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 21:22:24
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-19 21:23:44
ComboFix-quarantined-files.txt 2008-06-19 19:23:39
Pre-Run: 6,226,153,472 bajtów wolnych
Post-Run: 6,254,501,888 bajtów wolnych
264 --- E O F --- 2008-06-11 12:30:12
Od pewnego czasu mam problemy typu:
http://www.forum.instalki.pl/viewtopic.php?t=14851
http://www.forum.instalki.pl/viewtopic. ... 9076#79076
