22 Kwi 2008, 22:08
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:32, on 2008-04-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\usr\MYSQL\bin\mysqld.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\PROGRA~1\WapSter\AQQ\AQQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5422 bytes
23 Kwi 2008, 04:45
23 Kwi 2008, 05:14
ComboFix 08-04-20.5 - Administrator 2008-04-23 4:59:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2503 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-22 22:20 . 2008-04-22 22:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-22 22:20 . 2008-04-22 22:20 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-22 22:20 . 2008-04-22 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-22 22:00 . 2008-04-22 22:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-17 21:52 . 2008-04-17 21:53 <DIR> d-------- C:\usr
2008-04-16 19:08 . 2008-04-16 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PHP Designer 2007
2008-04-15 19:18 . 2008-04-15 19:18 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\NASA
2008-04-15 19:17 . 2008-04-15 19:17 <DIR> d-------- C:\Program Files\NASA
2008-04-10 18:33 . 2008-04-10 18:35 <DIR> d-------- C:\Program Files\uTorrent
2008-04-10 18:33 . 2008-04-22 20:27 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-04-10 17:40 . 2008-04-10 17:41 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-04-10 17:40 . 2008-04-10 17:41 1,905 --a------ C:\WINDOWS\diagerr.xml
2008-04-10 07:46 . 2008-04-10 07:46 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-04-09 19:02 . 2008-04-09 19:02 421 --a------ C:\WINDOWS\ODBC.INI
2008-04-09 19:00 . 2008-04-09 19:00 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-09 18:13 . 2008-04-09 18:13 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-09 18:09 . 2008-04-09 19:00 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-09 18:02 . 2005-02-25 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-04-09 18:02 . 2005-02-25 00:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2008-04-09 18:02 . 2005-02-25 00:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2008-04-09 17:57 . 2004-11-25 07:07 79,679 --a------ C:\WINDOWS\system32\E_FLMAGE.DLL
2008-04-09 17:57 . 2003-05-21 04:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBAGE.DLL
2008-04-09 17:57 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-04-09 17:57 . 2000-06-07 03:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHAGE.DLL
2008-04-09 17:56 . 2008-04-09 18:02 <DIR> d-------- C:\Program Files\EPSON
2008-04-06 21:28 . 2008-04-06 21:28 <DIR> d-------- C:\Program Files\WapSter
2008-04-06 21:28 . 2008-04-06 21:28 <DIR> d-------- C:\Documents and Settings\Administrator\WapSter
2008-04-06 13:48 . 2008-04-06 13:48 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-06 13:48 . 2008-04-06 13:49 <DIR> d-------- C:\Documents and Settings\Administrator\Gadu-Gadu
2008-04-06 13:00 . 2008-04-23 05:01 6,971,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-06 13:00 . 2008-04-22 20:29 73,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-06 12:58 . 2008-04-06 12:58 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-06 12:57 . 2008-04-06 12:57 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-06 12:57 . 2008-04-06 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2008-04-06 12:54 . 2008-04-23 04:57 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-06 12:49 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-06 12:49 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-06 12:45 . 2008-04-09 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-06 11:22 . 2008-04-06 11:22 <DIR> d-------- C:\Program Files\TEXTware
2008-04-06 11:22 . 2008-04-06 11:22 <DIR> d-------- C:\Program Files\IDM
2008-04-06 11:22 . 1998-10-22 05:01 1,888,744 --a------ C:\WINDOWS\system32\VCL40.BPL
2008-04-06 11:22 . 2003-04-29 19:09 205,312 --a------ C:\WINDOWS\system32\Illprs.dll
2008-04-06 11:22 . 2002-08-01 16:44 160,768 --a------ C:\WINDOWS\system32\ILLKRN.DLL
2008-04-06 11:22 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-04-06 11:22 . 2004-06-10 11:29 48,128 --a------ C:\WINDOWS\system32\QFClient.ILX
2008-04-06 11:21 . 2008-04-06 11:22 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-04-06 11:21 . 2008-04-06 11:22 <DIR> d-------- C:\Program Files\QuickTime
2008-04-06 11:21 . 2008-04-17 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\QuickTime
2008-04-06 10:15 . 2008-04-06 10:15 <DIR> d-------- C:\Program Files\MobMapUpdater
2008-04-05 22:32 . 2008-04-05 22:32 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-05 22:27 . 2008-04-05 22:27 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic
2008-04-05 15:52 . 2008-04-05 15:52 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-05 15:50 . 2008-04-05 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-04-05 06:50 . 2008-04-05 06:50 <DIR> d-------- C:\Logs
2008-04-04 22:12 . 2008-04-04 22:12 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-04 21:55 . 2008-04-04 21:55 <DIR> d-------- C:\Program Files\ThreatFire
2008-04-04 21:55 . 2008-04-04 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools
2008-04-04 21:55 . 2007-09-13 07:22 52,032 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-04-04 21:55 . 2007-09-13 07:23 38,720 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-04-04 21:55 . 2007-09-13 07:22 34,624 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-04-04 21:55 . 2007-09-13 07:22 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-04-04 21:51 . 2008-04-04 21:51 <DIR> d-------- C:\Program Files\BillP Studios
2008-04-04 21:51 . 2008-04-04 21:51 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\WinPatrol
2008-04-04 21:30 . 2008-04-04 21:30 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-04 21:29 . 2008-04-04 21:29 <DIR> d-------- C:\Cambridge
2008-04-04 19:28 . 2001-06-14 10:30 1,044,480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-04-04 19:28 . 1996-11-08 02:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-04-04 19:28 . 2004-02-04 14:16 163,840 --a------ C:\WINDOWS\system32\egusound.ocx
2008-04-04 19:28 . 1999-05-07 01:00 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-04-04 19:28 . 1999-03-13 00:00 127,488 --a------ C:\WINDOWS\system32\Ccrpsld.ocx
2008-04-04 19:28 . 2004-05-12 09:31 49,152 --a------ C:\WINDOWS\system32\Inetwh32.dll
2008-04-04 18:50 . 2008-04-11 22:42 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-04 18:49 . 2008-04-04 18:49 <DIR> d-------- C:\Program Files\Colin McRae 2005 Polish language add-on
2008-04-04 18:49 . 2008-04-04 18:49 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-04-04 18:43 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-04-04 18:43 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-04-04 18:43 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-04-04 18:25 . 2008-04-04 18:55 <DIR> d-------- C:\Program Files\Winamp
2008-04-04 18:22 . 2008-04-04 18:22 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-04-04 18:22 . 2008-04-04 18:22 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-04 18:21 . 2008-04-04 18:21 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-04 18:21 . 2008-04-04 18:21 96,256 --a------ C:\WINDOWS\system32\drivers\sptd3581.sys
2008-04-04 18:18 . 2008-04-04 21:57 <DIR> d-------- C:\Program Files\ESET
2008-04-04 18:18 . 2008-04-04 18:18 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-04-04 18:18 . 2008-04-04 18:18 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-04-04 18:17 . 2004-08-10 17:05 14,240 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-04 18:17 . 2004-08-10 17:05 14,240 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-04 18:17 . 2004-08-10 17:05 14,240 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-04 18:15 . 2008-04-04 18:15 <DIR> d-------- C:\Program Files\Sygate
2008-04-04 18:15 . 2008-04-04 22:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 18:15 . 2003-12-24 14:44 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-04 18:15 . 2004-08-10 16:51 59,984 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-04 18:15 . 2004-08-10 16:53 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-04 18:15 . 2004-08-10 17:05 14,240 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-04 18:05 . 2008-04-04 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-04-04 17:18 . 2008-04-04 17:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-04 17:18 . 2008-04-04 18:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-04 17:11 . 2008-04-04 17:11 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead
2008-04-04 17:09 . 2008-04-04 17:09 <DIR> d-------- C:\Program Files\Nero
2008-04-04 17:09 . 2008-04-04 17:09 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-04 17:03 . 2008-04-04 17:03 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-04-04 17:03 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2008-04-04 17:03 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2008-04-03 23:15 . 2008-04-03 23:15 <DIR> d-------- C:\WINDOWS\nview
2008-04-03 23:15 . 2007-06-28 18:43 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-03 23:15 . 2008-04-03 23:17 127,254 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-03 23:15 . 2007-06-28 18:43 17,463 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-03 23:15 . 2007-06-28 18:43 17,254 --a------ C:\WINDOWS\system32\nvwsapps.xml
2008-04-03 23:13 . 2008-04-03 23:13 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-03 23:13 . 2008-04-03 23:13 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-03 23:13 . 2008-04-03 23:13 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-03 23:13 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-03 23:13 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-04-03 23:11 . 2008-04-03 23:12 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-04-03 23:11 . 2008-04-03 23:11 <DIR> d-------- C:\Program Files\Realtek
2008-04-03 23:11 . 2008-04-06 11:22 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-03 23:10 . 2005-04-16 16:20 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2008-04-03 23:06 . 2008-04-06 11:22 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-03 23:06 . 2006-03-23 19:51 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-03 23:05 . 2005-03-09 08:53 36,352 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 20:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-03 20:50 --------- d-----w C:\Program Files\Usługi online
2008-03-13 21:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 21:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-06 12:58 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-06 12:58 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-06 12:58 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 14:18 2351864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 08:27 16207872 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05 2532576]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-04 18:18 917504]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-19 11:39 35328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-23 19:30 292152]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2007-09-13 07:22 1230144]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-06 11:22 98304]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 06:00 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S3 oflpydin;oflpydin;C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\oflpydin.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 14:00]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 05:01:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-23 5:01:46
ComboFix-quarantined-files.txt 2008-04-23 03:01:41
Pre-Run: 13,308,551,168 bajtów wolnych
Post-Run: 13,336,690,688 bajtów wolnych
215
23 Kwi 2008, 05:26