Log z HiJack
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:26, on 2009-02-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\pawel\Dane aplikacji\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DF1FC94-4D4A-4BA3-8AF4-DE077C09BF94}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 7813 bytes
log z combo
- Kod: Zaznacz wszystko
ComboFix 09-02-24.01 - pawel 2009-02-24 22:04:05.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.767.479 [GMT 1:00]
Uruchomiony z: d:\pobrane pliki\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090224-0] *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\History\search
c:\windows\olinkinfo.dll
c:\windows\system32\ammppg.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-24 do 2009-02-24 )))))))))))))))))))))))))))))))
.
2009-02-24 21:58 . 2009-02-24 21:58 <DIR> d-------- c:\program files\Trend Micro
2009-02-21 11:34 . 2009-02-21 11:34 260 --a------ c:\windows\game.ini
2009-02-21 11:26 . 2009-02-21 11:26 <DIR> d--hs---- c:\windows\ftpcache
2009-02-17 14:45 . 2009-02-17 14:45 <DIR> d-------- C:\output
2009-02-10 14:40 . 2009-02-10 14:40 <DIR> d-------- c:\windows\Easy CD-DA Extractor 12
2009-02-10 14:29 . 2009-02-10 14:29 <DIR> d-------- C:\My Convertings
2009-02-10 14:25 . 2009-02-10 14:27 29 --a------ c:\windows\wordpad.ini
2009-02-10 13:50 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-10 13:50 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\dllcache\usbccgp.sys
2009-02-04 11:02 . 2004-08-03 23:08 26,496 --a------ c:\windows\system32\dllcache\usbstor.sys
2009-02-03 20:26 . 2009-02-03 20:26 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\Search Settings
2009-02-02 12:46 . 2009-02-20 21:25 69 --a------ c:\windows\NeroDigital.ini
2009-01-31 14:11 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-01-31 14:11 . 2008-07-10 11:00 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-01-31 14:11 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-01-31 14:11 . 2008-07-30 06:20 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2009-01-31 14:11 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-01-31 14:11 . 2008-07-30 06:20 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2009-01-31 14:11 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-01-31 14:11 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-01-31 14:10 . 2009-01-31 14:10 <DIR> d-------- c:\windows\Logs
2009-01-31 14:10 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2009-01-30 19:58 . 2009-01-30 19:58 <DIR> d-------- c:\windows\speech
2009-01-30 19:58 . 2009-01-30 19:58 <DIR> d-------- c:\program files\ivo
2009-01-30 17:16 . 2009-01-30 17:16 <DIR> d-------- c:\program files\IVT Corporation
2009-01-30 14:30 . 2009-01-30 14:31 <DIR> dr-h----- c:\documents and settings\pawel\Dane aplikacji\SecuROM
2009-01-30 14:30 . 2009-01-30 14:30 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-30 14:21 . 2009-01-30 14:21 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-30 14:21 . 2009-01-30 14:21 <DIR> d-------- c:\program files\Ahead
2009-01-30 14:21 . 2004-07-20 16:24 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-01-30 14:21 . 2004-07-20 16:24 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-01-30 14:21 . 2004-07-20 16:24 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-01-30 14:21 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-01-30 14:21 . 2004-07-20 16:24 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-01-30 14:21 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-30 14:21 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-01-30 14:21 . 2001-06-26 07:15 38,912 --------- c:\windows\system32\picn20.dll
2009-01-29 18:58 . 2009-01-29 18:58 <DIR> d-------- c:\program files\uTorrent
2009-01-29 18:58 . 2009-01-29 18:58 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\uTorrent
2009-01-29 18:41 . 2009-01-29 18:41 <DIR> d-------- c:\program files\uTorrent Acceleration Tool
2009-01-29 18:38 . 2009-01-29 18:38 <DIR> d-------- c:\program files\Odkurzacz
2009-01-28 20:34 . 2009-01-28 20:34 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\ATI
2009-01-28 20:31 . 2009-01-28 20:31 <DIR> d-------- c:\program files\DHzer0point 0.68
2009-01-27 22:38 . 2009-01-27 22:38 <DIR> d-------- C:\Downloads
2009-01-27 22:37 . 2009-01-27 22:37 <DIR> d-------- c:\program files\BitComet
2009-01-27 22:18 . 2009-01-27 22:18 <DIR> d-------- c:\program files\DNA
2009-01-27 22:18 . 2009-01-27 22:18 <DIR> d-------- c:\program files\AskSearch
2009-01-27 22:18 . 2009-01-27 22:18 <DIR> d-------- c:\program files\AskBarDis
2009-01-27 22:18 . 2009-01-27 22:18 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\DNA
2009-01-25 21:36 . 2009-01-25 21:36 <DIR> d-------- c:\program files\Search Settings
2009-01-25 21:36 . 2009-01-25 21:36 <DIR> d-------- c:\program files\Dealio
2009-01-25 21:36 . 2009-01-25 21:36 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\Dealio
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 17:10 23,524 ----a-w c:\windows\system32\drivers\GVTDrv.sys
2009-02-24 15:13 110,080 ----a-w c:\windows\Help\CO30MIN.EXE
2009-02-24 15:13 1,941,504 ----a-w c:\windows\Help\M2 MULTIHACK 1.84 (BETA) .EXE
2009-01-18 14:25 --------- d-----w c:\program files\Smart Projects
2009-01-16 22:00 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-01-16 21:56 --------- d-----w c:\program files\Bonjour
2009-01-16 21:49 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-15 21:54 --------- d-----w c:\program files\Teamspeak2_RC2
2009-01-15 21:54 --------- d-----w c:\documents and settings\pawel\Dane aplikacji\teamspeak2
2009-01-11 12:24 --------- d-----w c:\documents and settings\pawel\Dane aplikacji\Microsoft Web Folders
2009-01-10 20:27 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-09 13:08 --------- d-----w c:\program files\MIKSOFT
2009-01-09 10:39 --------- d-----w c:\documents and settings\pawel\Dane aplikacji\Media Player Classic
2009-01-09 10:38 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-08 22:45 --------- d-----w c:\program files\MSXML 4.0
2009-01-06 20:11 --------- d-----w c:\program files\Common Files\DirectX
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2009-01-03 08:07 81,920 ----a-w c:\windows\system32\frapsvid.dll
2009-01-01 10:08 --------- d-----w c:\documents and settings\pawel\Dane aplikacji\Apple Computer
2009-01-01 09:44 --------- d-----w c:\program files\QuickTime
2009-01-01 09:44 --------- d-----w c:\program files\Common Files\Apple
2009-01-01 09:44 --------- d-----w c:\program files\Apple Software Update
2009-01-01 09:44 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-01-01 09:44 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple
2008-12-30 17:11 --------- d-----w c:\program files\Google
2008-12-30 12:05 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-30 12:05 --------- d-----w c:\program files\Java
2008-12-28 16:15 --------- d-----w c:\documents and settings\pawel\Dane aplikacji\DAEMON Tools Pro
2008-12-28 16:15 --------- d-----w c:\documents and settings\pawel\Dane aplikacji\DAEMON Tools
2008-12-28 16:15 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2008-12-28 16:14 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-28 16:12 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-28 16:12 --------- d-----w c:\documents and settings\pawel\Dane aplikacji\DAEMON Tools Lite
2008-12-28 16:00 --------- d-----w c:\program files\AviSynth 2.5
2008-12-28 16:00 --------- d-----w c:\program files\AnMing
2008-12-28 12:01 --------- d-----w c:\program files\MOBILedit!
2008-12-28 11:20 --------- d-----w c:\program files\VIA
2008-12-28 11:04 --------- d-----w c:\program files\Common Files\Teleca Shared
2008-12-28 11:04 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\My Pictures
2008-12-27 21:58 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson
2008-12-27 21:57 --------- d-----w c:\program files\Sony Ericsson
2008-12-27 20:22 --------- d-----w c:\program files\Lavalys
2008-12-27 19:33 --------- d-----w c:\documents and settings\pawel\Dane aplikacji\Gadu-Gadu
2008-12-27 19:32 --------- d-----w c:\program files\Gadu-Gadu
2008-12-27 19:28 --------- d-----w c:\documents and settings\pawel\Dane aplikacji\Nowe Gadu-Gadu
2008-12-27 19:03 --------- d-----w c:\program files\Common Files\Adobe
2008-12-27 18:28 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Bluetooth
2008-12-27 18:16 --------- d-----w c:\program files\Winamp
2008-12-27 18:16 --------- d-----w c:\documents and settings\pawel\Dane aplikacji\Winamp
2008-12-27 18:11 --------- d-----w c:\program files\Alwil Software
2008-12-27 17:30 --------- d-----w c:\program files\VIAudioi
2008-12-27 17:22 --------- d-----w c:\program files\GigaByte
2008-12-27 17:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 17:16 --------- d-----w c:\program files\ATI Technologies
2008-12-27 17:15 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-27 17:05 --------- d-----w c:\program files\microsoft frontpage
2008-12-27 17:04 --------- d-----w c:\program files\Usługi online
2008-12-12 17:36 3,081,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
2005-02-25 02:22 208,896 ----a-w c:\windows\inf\MSI\SlowDownCPU\SlowDownCPU.exe
2005-02-22 06:47 39,040 ----a-w c:\windows\inf\MSI\SlowDownCPU\RushTop.sys
2005-02-22 06:47 143,360 ----a-w c:\windows\inf\MSI\SlowDownCPU\RushTop.dll
2004-11-01 09:12 23,424 ----a-w c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS
2004-11-01 09:11 94,208 ----a-w c:\windows\inf\MSI\SlowDownCPU\GLM7x.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-27 342848]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 270336]
"HydraVisionViewport"="c:\program files\ATI Technologies\ATI HydraVision\HydraMD.exe" [2003-04-01 364544]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2004-09-17 552960]
"SlowDownCPU"="c:\windows\INF\MSI\SlowDownCPU\SlowDownCPU.exe" [2005-02-25 208896]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-09-30 7957504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-30 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent Acceleration Tool]
--a------ 2008-12-05 11:27 723968 c:\program files\uTorrent Acceleration Tool\uTorrent Acceleration Tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Gadu-Gadu\\GG.EXE"=
"d:\\counter strke\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Vietcong\\vietcong.exe"=
"d:\\counter strke\\hlds.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25731:TCP"= 25731:TCP:BitComet 25731 TCP
"25731:UDP"= 25731:UDP:BitComet 25731 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-27 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-27 20560]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2008-12-27 23524]
R3 SlowDownCPU;SlowDownCPU;c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS [2008-12-27 23424]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [2008-12-28 28704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20e0762a-d43e-11dd-8f56-806d6172696f}]
\Shell\AutoRun\command - F:\autorun.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-BearShare - d:\program files\BearShare\BearShare.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Compare Prices with &Dealio - c:\documents and settings\pawel\Dane aplikacji\Dealio\kb127\res\DealioSearch.html
TCP: {5DF1FC94-4D4A-4BA3-8AF4-DE077C09BF94} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\pawel\Dane aplikacji\Mozilla\Firefox\Profiles\azrur6r5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\picasa3\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 22:05:02
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-02-24 22:05:43
ComboFix-quarantined-files.txt 2009-02-24 21:05:42
Przed: 749 887 488 bajtów wolnych
Po: 2,567,421,952 bajtów wolnych
250 --- E O F --- 2009-01-08 22:48:58
Pomocy
