W Blue Screen zapisałem czego dotyczyło:
0x000000F4
0x00000003
0x897377F8
0x8973796C
0x805FA160
takie coś.....
Umieszam logi z HijackThis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:11, on 2008-05-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\V0420Mon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\RALINK\Common\RaUI.exe
E:\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\HPZipm12.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] E:\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = E:\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185214374340
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE55B6B-F324-4266-97C7-74F3492D7CF1}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 11168 bytes
Combofix
- Kod: Zaznacz wszystko
ComboFix 08-05-21.2 - AruSieK 2008-05-22 15:44:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1482 [GMT 2:00]
Running from: C:\Documents and Settings\AruSieK\Pulpit\instalki\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Cache\[u]0[/u]7F4C005
C:\Program Files\FunWebProducts\ScreenSaver\Cache\[u]0[/u]80759EC.jpg
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]7F3743B.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]7F4BD17.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]7F53091.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]80788AC.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]01EDDCB
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]7F27DC5.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]7F289DB.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]7F2911F.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]7F297A6.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Recycled\Recycled
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\msettings.ini
C:\WINDOWS\system32\f3PSSavr.scr
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ODBCASVC
-------\Service_odbcasvc
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.
2008-05-21 20:09 . 2008-05-22 00:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-05-18 14:15 . 2008-05-18 14:15 <DIR> d-------- C:\Documents and Settings\AruSieK\Dane aplikacji\DivX
2008-05-18 14:03 . 2008-05-18 14:03 <DIR> d-------- C:\Program Files\Haali
2008-05-18 14:03 . 2008-05-18 14:03 <DIR> d-------- C:\Program Files\Codec
2008-05-18 14:01 . 2008-05-18 14:01 <DIR> d-------- C:\Program Files\Gabest
2008-05-18 09:47 . 2008-05-18 09:47 <DIR> d-------- C:\Documents and Settings\AruSieK\Dane aplikacji\Aegisub
2008-05-14 14:18 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-14 14:18 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-10 00:14 . 2008-05-10 00:14 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-05 10:59 . 2008-05-05 10:59 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-05-04 22:47 . 2008-05-04 22:48 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-04 22:47 . 2006-05-03 11:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-04 22:46 . 2008-05-04 22:46 <DIR> d-------- C:\ATI
2008-05-04 22:12 . 2008-05-04 22:12 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-30 21:20 . 2005-07-15 14:41 2,337,488 --a------ C:\WINDOWS\system\d3dx9_25.dll
2008-04-24 16:48 . 2008-04-24 16:48 <DIR> d-------- C:\Documents and Settings\AruSieK\Dane aplikacji\Vision Thing
2008-04-24 16:42 . 1998-11-12 13:06 48,128 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-04-24 16:31 . 2008-04-24 16:31 <DIR> d-------- C:\Documents and Settings\AruSieK\Dane aplikacji\fltk.org
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 13:48 --------- d-----w C:\Program Files\Trojan Remover
2008-05-22 13:48 --------- d-----w C:\Program Files\cFosSpeed
2008-05-22 13:48 --------- d-----w C:\Documents and Settings\AruSieK\Dane aplikacji\uTorrent
2008-05-22 13:48 --------- d-----w C:\Documents and Settings\AruSieK\Dane aplikacji\DMCache
2008-05-22 13:42 --------- d-----w C:\Program Files\GetRight
2008-05-22 10:15 --------- d-----w C:\Documents and Settings\AruSieK\Dane aplikacji\AVG7
2008-05-22 08:04 --------- d-----w C:\Documents and Settings\AruSieK\Dane aplikacji\MegauploadToolbar
2008-05-21 21:28 --------- d-----w C:\Documents and Settings\AruSieK\Dane aplikacji\Skype
2008-05-21 13:00 --------- d-----w C:\Program Files\FlashGet
2008-05-19 19:03 --------- d-----w C:\Program Files\uTorrent
2008-05-18 12:15 --------- d-----w C:\Program Files\Media Player Classic
2008-05-18 12:03 --------- d-----w C:\Program Files\ffdshow
2008-05-18 07:47 --------- d-----w C:\Program Files\Aegisub
2008-05-17 10:33 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-05-15 15:15 --------- d-----w C:\Documents and Settings\AruSieK\Dane aplikacji\Image Zone Express
2008-05-14 12:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 20:52 --------- d-----w C:\Documents and Settings\AruSieK\Dane aplikacji\ATI
2008-05-04 20:16 --------- d-----w C:\Documents and Settings\AruSieK\Dane aplikacji\BYOND
2008-04-27 08:35 180,224 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-04-27 08:33 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-04-17 09:40 --------- d-----w C:\Documents and Settings\AruSieK\Dane aplikacji\Sony Corporation
2008-04-17 09:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Corporation
2008-04-10 18:48 --------- d-----w C:\Program Files\2MScreenSaver
2008-04-10 17:16 --------- d-----w C:\Program Files\LittleFighter2
2008-04-03 15:27 --------- d-----w C:\Documents and Settings\AruSieK\Dane aplikacji\Ahead
2008-04-03 15:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-04-03 15:23 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-03 15:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-04-03 15:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-03 15:17 --------- d-----w C:\Program Files\Nero
2008-04-03 15:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-03 15:13 --------- d-----w C:\Program Files\Ahead
2008-03-29 17:06 --------- d-----w C:\Documents and Settings\AruSieK\Dane aplikacji\Tlen.pl
2008-03-29 17:05 --------- d-----w C:\Program Files\Tlen.pl
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-21 19:30 524,288 ----a-w C:\WINDOWS\system32\divxsm.exe
2008-03-21 19:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 19:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 19:28 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-10 18:52 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-02-29 13:47 81,920 ----a-w C:\Documents and Settings\AruSieK\Dane aplikacji\ezpinst.exe
2008-02-29 13:47 47,360 ----a-w C:\Documents and Settings\AruSieK\Dane aplikacji\pcouffin.sys
2007-11-21 19:50 23 ----a-w C:\Program Files\hfkud16.sys
2008-01-26 18:10 23 --sha-w C:\WINDOWS\system32\aeccead8_r.dll
2007-12-01 09:20 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-12-15 14:54 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-12-15 14:54 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\dllcache\tcpip.sys
2007-12-15 14:54 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-08-05 20:06 218624]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-09 00:00 2577840]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 15:01 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SMSTray"="E:\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 09:23 132624]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 08:33 45056]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-08-10 16:26 846800]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-02 16:18 524368]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 03:00 32768]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 08:50 579584]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-10 19:46 219136]
C:\Documents and Settings\AruSieK\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Picture Motion Browser Media Check Tool.lnk - E:\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-04-17 11:29:58 344064]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-07-31 11:19:00 118784]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-12-05 15:18:32 614400]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BYOND\\bin\\byond.exe"=
"D:\\BYOND\\bin\\byond.exe"=
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"E:\\BearShare\\BearShare.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"E:\\Gadu-Gadu\\gg.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 12:43]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38]
S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
S3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 03:32]
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-21 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-21 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-21 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-21 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-21 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-21 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-21 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-21 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-21 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-21 22:00:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-21 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 00:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 01:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 02:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 03:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 04:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 05:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 09:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 10:00:01 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 11:00:01 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 12:00:01 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-21 14:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-21 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-21 16:00:00 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-21 17:00:04 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-21 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-21 19:00:02 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-21 20:00:00 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-21 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\2H6HeB5R.exe
"2008-05-22 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
"2008-05-22 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\System32\7tT4J7yP.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 15:48:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-05-22 15:51:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 13:51:30
ComboFix2.txt 2007-11-13 21:58:35
Pre-Run: 4,007,264,256 bajtów wolnych
Post-Run: 4,503,941,120 bajt˘w wolnych
375 --- E O F --- 2007-12-12 02:04:43
pzdr i proszę o pomoc
