Wiem że mam na kompie plik(keylogger) dzieki ktoremu mnie hackują w grze Metin2. Niemogę go znalezc w logu z Hijckthisa. Prosze o znalezienie go.
To log z Hijacka:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:46, on 2009-03-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
D:\Avira\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
D:\Jetico\fwsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Gadu-Gadu\gg.exe
D:\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JeticoPFStartup] "D:\Jetico\fwsrv.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\acrobat9\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Avira\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Usługa Google Update (gupdate1c9ac6bfaa3b762) (gupdate1c9ac6bfaa3b762) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9129 bytes
Dodano Dzisiaj, 01:13:
\Yayo napisał(a):Witam.
Wiem że mam na kompie plik(keylogger) dzieki ktoremu mnie hackują w grze Metin2. Niemogę go znalezc w logu z Hijckthisa. Prosze o znalezienie go.
To log z Hijacka:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:46, on 2009-03-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
D:\Avira\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
D:\Jetico\fwsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Gadu-Gadu\gg.exe
D:\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JeticoPFStartup] "D:\Jetico\fwsrv.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\acrobat9\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Avira\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Usługa Google Update (gupdate1c9ac6bfaa3b762) (gupdate1c9ac6bfaa3b762) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9129 bytes
Tu z Combofixa:
- Kod: Zaznacz wszystko
ComboFix 09-03-26.03 - Paweł i Krzyś 2009-03-28 1:04:53.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1023.624 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Paweł i Krzyś\Pulpit\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((( Pliki utworzone od 2009-02-28 do 2009-03-28 )))))))))))))))))))))))))))))))
.
2009-03-24 11:31 . 2009-03-24 11:33 <DIR> d-------- c:\program files\Google
2009-03-24 11:31 . 2009-03-27 17:27 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Google Updater
2009-03-18 15:07 . 2009-03-18 15:07 <DIR> d-------- c:\program files\Windows Installer Clean Up
2009-03-18 15:06 . 2009-03-18 15:06 <DIR> d-------- c:\program files\MSECACHE
2009-03-17 17:54 . 2009-03-17 17:54 <DIR> d-------- c:\windows\Logs
2009-03-09 17:30 . 2009-03-09 17:30 <DIR> d-------- c:\windows\Cache
2009-03-09 16:32 . 1998-11-13 10:55 306,688 --a------ c:\windows\IsUn0804.exe
2009-03-09 16:32 . 1998-11-13 10:54 306,688 --a------ c:\windows\IsUn0404.exe
2009-03-05 23:12 . 2009-03-05 23:12 <DIR> d-------- c:\documents and settings\Administrator\Ulubione
2009-03-05 23:12 . 2009-03-05 23:12 <DIR> d-------- c:\documents and settings\Administrator\Pulpit
2009-03-05 23:12 . 2009-03-05 23:12 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty
2009-03-05 23:12 . 2009-03-05 23:12 <DIR> dr------- c:\documents and settings\Administrator\Menu Start
2009-03-05 22:11 . 2009-03-28 00:48 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne
2009-03-05 22:11 . 2009-03-05 23:06 <DIR> d--h----- c:\documents and settings\Administrator\Szablony
2009-03-05 22:11 . 2009-03-05 23:06 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji
2009-03-05 22:11 . 2009-03-05 23:12 <DIR> d-------- c:\documents and settings\Administrator
2009-03-01 21:17 . 2009-03-01 21:19 <DIR> d-------- c:\documents and settings\Paweł i Krzyś\Dane aplikacji\Tibia
2009-02-28 13:39 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-28 13:39 . 2009-02-28 13:39 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-28 13:39 . 2009-02-28 13:39 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-28 13:37 . 2009-02-28 13:37 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Nokia
2009-02-28 13:35 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-02-28 13:35 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-02-28 13:35 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-02-28 13:35 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-02-28 13:35 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-28 13:34 . 2009-03-01 12:11 <DIR> d-------- c:\program files\Nokia
2009-02-28 13:34 . 2009-02-28 13:34 <DIR> d-------- c:\program files\MSXML 6.0
2009-02-28 13:33 . 2009-02-28 13:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Installations
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 13:15 --------- d-----w c:\program files\Lx_cats
2009-03-18 14:10 --------- d-----w c:\program files\Common Files\Adobe
2009-03-12 20:13 --------- d-----w c:\documents and settings\Paweł i Krzyś\Dane aplikacji\Skype
2009-02-24 18:57 33,824 ----a-w c:\windows\system32\drivers\oreans32.sys
2009-02-22 21:32 --------- d-----w c:\documents and settings\Paweł i Krzyś\Dane aplikacji\Ulead Systems
2009-02-22 21:24 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ulead Systems
2009-02-22 21:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 21:23 --------- d-----w c:\program files\Common Files\InterVideo
2009-02-22 21:23 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\InterVideo
2009-02-22 21:22 --------- d-----w c:\program files\Windows Media Components
2009-02-22 21:22 --------- d-----w c:\program files\Common Files\Ulead Systems
2009-02-22 16:34 --------- d-----w c:\documents and settings\Paweł i Krzyś\Dane aplikacji\DMCache
2009-02-14 12:44 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Avira
2009-02-12 14:59 --------- d-----w c:\documents and settings\Paweł i Krzyś\Dane aplikacji\Apple Computer
2009-02-12 14:59 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-02-12 14:09 --------- d-----w c:\program files\DivX
2009-02-05 20:38 --------- d-----w c:\documents and settings\Paweł i Krzyś\Dane aplikacji\uTorrent
2009-02-04 13:12 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-01 09:02 --------- d-----w c:\program files\Java
2009-02-01 08:22 2,829 ----a-w c:\windows\War3Unin.pif
2009-02-01 08:22 126,976 ----a-w c:\windows\War3Unin.exe
2008-12-19 18:43 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 18:43 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 18:43 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 18:43 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 18:43 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-05_19.52.06.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 14:01:30 1,847,808 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:57:12 19,320 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:57:13 234,360 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:57:12 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:57:15 763,256 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:57:23 398,200 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 07:01:52 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:21:28 19,320 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:21:28 234,360 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:21:28 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:40:47 763,256 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:40:47 398,200 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-07-09 07:57:12 19,320 ----a-w c:\windows\$hf_mig$\KB960715\spmsg.dll
+ 2008-07-09 07:57:13 234,360 ----a-w c:\windows\$hf_mig$\KB960715\spuninst.exe
+ 2008-07-09 07:57:12 26,488 ----a-w c:\windows\$hf_mig$\KB960715\update\spcustom.dll
+ 2008-11-15 17:19:17 763,256 ----a-w c:\windows\$hf_mig$\KB960715\update\update.exe
+ 2008-07-09 07:57:23 398,200 ----a-w c:\windows\$hf_mig$\KB960715\update\updspapi.dll
+ 2008-06-17 19:04:53 8,490,496 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:57:12 19,320 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:57:13 234,360 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:57:12 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:57:15 763,256 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:57:23 398,200 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2008-07-09 07:57:13 234,360 -c----w c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe
+ 2008-07-09 07:57:23 398,200 -c----w c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll
+ 2008-04-14 17:20:47 8,489,984 -c----w c:\windows\$NtUninstallKB967715$\shell32.dll
+ 2008-07-09 07:57:13 234,360 -c----w c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe
+ 2008-07-09 07:57:23 398,200 -c----w c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll
+ 2002-03-11 08:45:04 1,708,856 ----a-w c:\windows\Cache\Adobe Reader 6.0.1\POLBIG\instmsia.exe
+ 2002-03-11 09:06:30 1,822,520 ----a-w c:\windows\Cache\Adobe Reader 6.0.1\POLBIG\instmsiw.exe
+ 2004-07-07 13:50:29 217,088 ------w c:\windows\Cache\Adobe Reader 6.0.1\POLBIG\setup.exe
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 16:00:28 157,696 ----a-w c:\windows\ERUNT\ERUNT.EXE
+ 2009-02-28 12:35:15 3,262 ----a-r c:\windows\Installer\{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}\ARPPRODUCTICON.exe
+ 2009-03-24 10:33:54 363,246 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\ARPPRODUCTICON.exe
+ 2009-03-24 10:33:54 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-03-24 10:33:54 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-03-24 10:33:54 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-03-24 10:33:54 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-03-24 10:33:54 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2007-12-12 14:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1045-7B44-A90000000001}\SC_Reader.exe
+ 2009-02-28 12:35:02 3,262 ----a-r c:\windows\Installer\{D99C322D-C21B-40C7-AE71-EE51AA096B6E}\ARPPRODUCTICON.exe
+ 2009-02-22 21:22:55 292,878 ----a-r c:\windows\Installer\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\ARPPRODUCTICON.exe
- 1997-08-26 10:06:34 315,904 ----a-w c:\windows\IsUninst.exe
+ 1998-10-29 14:45:06 306,688 ----a-w c:\windows\IsUninst.exe
+ 2009-03-05 22:05:29 270,336 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
+ 2007-03-12 15:42:30 1,123,696 ----a-w c:\windows\system32\D3DCompiler_33.dll
+ 2007-05-16 15:45:16 1,124,720 ----a-w c:\windows\system32\D3DCompiler_34.dll
+ 2007-07-19 17:14:42 1,358,192 ----a-w c:\windows\system32\D3DCompiler_35.dll
+ 2007-10-12 14:14:00 1,374,232 ----a-w c:\windows\system32\D3DCompiler_36.dll
+ 2008-03-05 14:56:58 1,420,824 ----a-w c:\windows\system32\D3DCompiler_37.dll
+ 2008-05-30 13:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll
+ 2008-07-10 10:00:58 1,493,528 ----a-w c:\windows\system32\D3DCompiler_39.dll
+ 2008-10-10 03:52:38 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
+ 2007-03-15 15:57:58 443,752 ----a-w c:\windows\system32\d3dx10_33.dll
+ 2007-05-16 15:45:16 443,752 ----a-w c:\windows\system32\d3dx10_34.dll
+ 2007-07-19 17:14:42 444,776 ----a-w c:\windows\system32\d3dx10_35.dll
+ 2007-10-02 08:56:34 444,776 ----a-w c:\windows\system32\d3dx10_36.dll
+ 2008-02-05 22:07:36 462,864 ----a-w c:\windows\system32\d3dx10_37.dll
+ 2008-05-30 13:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll
+ 2008-07-10 10:01:00 467,984 ----a-w c:\windows\system32\d3dx10_39.dll
+ 2008-10-10 03:52:38 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
+ 2007-10-12 14:14:00 3,734,536 ----a-w c:\windows\system32\d3dx9_36.dll
+ 2008-05-30 13:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll
+ 2008-07-10 10:00:58 3,851,784 ----a-w c:\windows\system32\D3DX9_39.dll
+ 2008-10-10 03:52:38 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
+ 2004-09-03 23:34:08 94,208 ----a-w c:\windows\system32\divxdec_0407.dll
+ 2004-09-03 23:34:08 94,208 ----a-w c:\windows\system32\divxdec_040c.dll
+ 2004-09-03 23:25:12 94,208 ----a-w c:\windows\system32\divxdec_0411.dll
+ 2008-12-05 06:57:24 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
+ 2008-06-17 19:03:15 8,489,984 -c----w c:\windows\system32\dllcache\shell32.dll
+ 2008-04-13 19:45:36 26,112 -c--a-w c:\windows\system32\dllcache\usbser.sys
- 2008-09-15 15:27:56 1,846,656 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:07:49 1,847,040 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2004-09-03 17:33:33 290,816 ----a-w c:\windows\system32\dpu10.dll
+ 2004-09-03 17:37:38 602,112 ----a-w c:\windows\system32\dpuGUI10.dll
+ 2004-09-01 15:49:16 335,872 ----a-w c:\windows\system32\dpus10.dll
+ 2004-09-01 15:49:16 53,248 ----a-w c:\windows\system32\dpv10.dll
- 2008-01-21 16:12:56 41,792 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-05-09 11:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
- 2008-07-19 11:02:59 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
- 2008-04-13 18:45:36 26,112 ----a-w c:\windows\system32\drivers\usbser.sys
+ 2008-04-13 19:45:36 26,112 ----a-w c:\windows\system32\drivers\usbser.sys
- 2006-11-02 05:22:54 492,000 ------w c:\windows\system32\drivers\wdf01000.sys
+ 2008-03-27 15:27:46 503,008 ------w c:\windows\system32\drivers\wdf01000.sys
- 2006-11-02 05:22:52 32,224 ------w c:\windows\system32\drivers\wdfldr.sys
+ 2008-03-27 15:27:48 35,040 ------w c:\windows\system32\drivers\wdfldr.sys
+ 2008-09-15 06:56:24 17,664 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_BCC7B353E4C97600259A2CADE869842C38E1062D\ccdcmb.sys
+ 2008-09-15 06:56:26 91,136 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_BCC7B353E4C97600259A2CADE869842C38E1062D\nmwcdcls.dll
+ 2008-09-15 06:56:26 659,968 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_BCC7B353E4C97600259A2CADE869842C38E1062D\nmwcdcocls.dll
+ 2008-09-15 06:29:28 1,112,288 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_BCC7B353E4C97600259A2CADE869842C38E1062D\wdfcoinstaller01007.dll
+ 2008-09-15 06:56:34 8,064 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbcj_BCC7B353E4C97600259A2CADE869842C38E1062D\usbser_lowerfltj.sys
+ 2008-09-15 06:56:24 8,064 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbm_BCC7B353E4C97600259A2CADE869842C38E1062D\usbser_lowerflt.sys
+ 2008-09-15 06:56:24 22,016 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbo_BCC7B353E4C97600259A2CADE869842C38E1062D\ccdcmbo.sys
+ 2008-02-01 14:17:12 138,112 -c--a-w c:\windows\system32\DRVSTORE\nmwcdnsu_44DA5D9994D88495A1C1116BFFF6763CF67ABD72\nmwcdnsu.sys
+ 2008-02-01 14:17:06 8,320 -c--a-w c:\windows\system32\DRVSTORE\nmwcdnsuc_44DA5D9994D88495A1C1116BFFF6763CF67ABD72\nmwcdnsuc.sys
- 2008-03-28 17:41:32 7,680 ----a-w c:\windows\system32\ff_vfw.dll
+ 2008-06-12 18:36:38 7,680 ----a-w c:\windows\system32\ff_vfw.dll
- 2009-01-04 20:58:29 195,368 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-12 10:32:57 217,656 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2007-03-27 18:56:06 26,136 ----a-w c:\windows\system32\IVIresize.dll
+ 2007-03-27 18:56:08 206,360 ----a-w c:\windows\system32\IVIresizeA6.dll
+ 2007-03-27 18:56:10 198,168 ----a-w c:\windows\system32\IVIresizeM6.dll
+ 2007-03-27 18:56:12 198,168 ----a-w c:\windows\system32\IVIresizeP6.dll
+ 2007-03-27 18:56:14 194,072 ----a-w c:\windows\system32\IVIresizePX.dll
+ 2007-03-27 18:56:16 210,456 ----a-w c:\windows\system32\IVIresizeW7.dll
+ 2009-02-12 14:09:31 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
+ 2003-09-04 13:14:28 94,208 ----a-w c:\windows\system32\Macromed\Flash\GetFlash.exe
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 20:54:59 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2008-05-02 08:58:16 90,624 ----a-w c:\windows\system32\nmwcdcls.dll
+ 2008-09-15 06:56:26 91,136 ----a-w c:\windows\system32\nmwcdcls.dll
- 2008-12-11 06:30:39 163,056 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-28 12:44:38 163,560 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-11 06:30:39 213,708 ----a-w c:\windows\system32\perfc015.dat
+ 2009-02-28 12:44:38 214,380 ----a-w c:\windows\system32\perfc015.dat
- 2008-12-11 06:30:39 529,848 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-28 12:44:38 530,736 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-11 06:30:39 687,532 ----a-w c:\windows\system32\perfh015.dat
+ 2009-02-28 12:44:38 688,888 ----a-w c:\windows\system32\perfh015.dat
+ 2004-09-01 15:49:17 3,375,104 ----a-w c:\windows\system32\qt-mt331.dll
+ 2009-03-05 22:12:48 459,148 ----a-w c:\windows\system32\Restore\rstrlog.dat
- 2008-04-14 17:20:45 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:57:24 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-04-14 17:20:47 8,489,984 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:03:15 8,489,984 ----a-w c:\windows\system32\shell32.dll
- 2007-11-30 12:40:46 19,320 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:21:28 19,320 ------w c:\windows\system32\spmsg.dll
+ 2004-08-31 22:11:34 245,408 ----a-w c:\windows\system32\unicows.dll
- 2008-09-15 15:27:56 1,846,656 ----a-w c:\windows\system32\win32k.sys
+ 2009-02-09 14:07:49 1,847,040 ----a-w c:\windows\system32\win32k.sys
+ 2006-02-03 07:41:26 14,032 ----a-w c:\windows\system32\x3daudio1_0.dll
+ 2007-03-05 11:42:18 15,128 ----a-w c:\windows\system32\x3daudio1_1.dll
+ 2007-10-22 02:37:16 17,928 ----a-w c:\windows\system32\X3DAudio1_2.dll
+ 2008-03-05 15:00:06 25,608 ----a-w c:\windows\system32\X3DAudio1_3.dll
+ 2008-05-30 13:17:00 25,608 ----a-w c:\windows\system32\X3DAudio1_4.dll
+ 2008-10-27 09:04:16 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
+ 2006-02-03 07:42:06 230,096 ----a-w c:\windows\system32\xactengine2_0.dll
+ 2006-03-31 11:39:48 229,584 ----a-w c:\windows\system32\xactengine2_1.dll
+ 2007-10-22 02:39:54 267,272 ----a-w c:\windows\system32\xactengine2_10.dll
+ 2006-05-31 06:24:16 230,168 ----a-w c:\windows\system32\xactengine2_2.dll
+ 2006-07-28 08:30:32 236,824 ----a-w c:\windows\system32\xactengine2_3.dll
+ 2006-09-28 15:05:56 237,848 ----a-w c:\windows\system32\xactengine2_4.dll
+ 2006-12-08 11:02:00 251,672 ----a-w c:\windows\system32\xactengine2_5.dll
+ 2007-01-24 14:27:30 255,848 ----a-w c:\windows\system32\xactengine2_6.dll
+ 2007-04-04 17:55:00 261,480 ----a-w c:\windows\system32\xactengine2_7.dll
+ 2007-06-20 19:46:04 266,088 ----a-w c:\windows\system32\xactengine2_8.dll
+ 2007-07-19 23:57:12 267,112 ----a-w c:\windows\system32\xactengine2_9.dll
+ 2008-03-05 15:03:20 238,088 ----a-w c:\windows\system32\xactengine3_0.dll
+ 2008-05-30 13:18:52 238,088 ----a-w c:\windows\system32\xactengine3_1.dll
+ 2008-07-30 05:20:54 238,088 ----a-w c:\windows\system32\xactengine3_2.dll
+ 2008-10-27 09:04:16 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
+ 2008-05-30 13:17:30 65,032 ----a-w c:\windows\system32\XAPOFX1_0.dll
+ 2008-07-30 05:20:56 68,616 ----a-w c:\windows\system32\XAPOFX1_1.dll
+ 2008-10-27 09:04:14 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
+ 2008-03-05 15:03:54 479,752 ----a-w c:\windows\system32\XAudio2_0.dll
+ 2008-05-30 13:19:18 507,400 ----a-w c:\windows\system32\XAudio2_1.dll
+ 2008-07-30 05:20:56 509,448 ----a-w c:\windows\system32\XAudio2_2.dll
+ 2008-10-27 09:04:18 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
+ 2006-03-31 11:39:24 62,672 ----a-w c:\windows\system32\xinput1_1.dll
+ 2006-07-28 08:30:14 62,744 ----a-w c:\windows\system32\xinput1_2.dll
- 2008-01-10 12:15:30 755,027 ----a-w c:\windows\system32\xvidcore.dll
+ 2004-06-05 11:56:16 679,936 ----a-w c:\windows\system32\xvidcore.dll
- 2008-01-10 12:16:20 159,839 ----a-w c:\windows\system32\xvidvfw.dll
+ 2004-06-06 11:53:42 155,648 ----a-w c:\windows\system32\xvidvfw.dll
+ 2009-03-28 00:07:35 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7f4.dat
+ 2002-03-17 00:00:00 7,420 ----a-w c:\windows\UA000088.DLL
+ 2005-09-22 22:48:08 1,015,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_f75eb16c\msvcm80d.dll
+ 2005-09-22 22:48:08 1,028,096 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_f75eb16c\msvcp80d.dll
+ 2005-09-22 22:48:08 1,171,456 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_f75eb16c\msvcr80d.dll
+ 2005-09-23 00:16:02 2,375,680 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_c8452471\mfc80d.dll
+ 2005-09-23 00:16:06 2,379,264 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_c8452471\mfc80ud.dll
+ 2005-09-23 00:16:10 114,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_c8452471\mfcm80d.dll
+ 2005-09-23 00:16:12 102,400 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_c8452471\mfcm80ud.dll
+ 2005-09-23 00:35:10 102,400 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugOpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_66b81908\vcompd.dll
+ 2005-09-23 00:35:10 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
+ 2008-04-15 17:51:49 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-24 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"JeticoPFStartup"="d:\jetico\fwsrv.exe" [2005-07-19 118784]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"avgnt"="d:\avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="d:\acrobat9\Reader\Reader_sl.exe" [2008-06-12 34672]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Oprogramowanie Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Oprogramowanie Kodak EasyShare.lnk
backup=c:\windows\pss\Oprogramowanie Kodak EasyShare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Paweł i Krzyś^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=c:\documents and settings\Paweł i Krzyś\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Paweł i Krzyś^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
path=c:\documents and settings\Paweł i Krzyś\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk
backup=c:\windows\pss\UniSpiker-2.6.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--------- 2006-07-26 12:48 3305472 d:\program files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 18:21 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--------- 2008-02-14 00:09 486856 d:\daemon tools\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2005-07-12 10:36 299008 c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 01:12 488984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 01:13 774168 c:\program files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
--a------ 2005-07-21 01:17 192512 c:\program files\Lexmark 3300 Series\LXCCmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--------- 2008-03-03 13:44 266240 d:\odkurzacz\Odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 16:46 25445928 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--------- 2005-10-26 16:17 159744 d:\sony ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-09-12 12:17 340136 d:\ulead videostudio 11\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--------- 2008-07-09 22:33 36352 d:\winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Valve\\hl.exe"=
"d:\\Gadu-Gadu\\gg.exe"=
"d:\\Valve\\hlds.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"d:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\lxcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\utorrent\\uTorrent.exe"=
"d:\\fifa\\FIFA09.exe"=
"d:\\BitComet\\BitComet.exe"=
"d:\\Warcraft 3\\Warcraft III\\Warcraft III.exe"=
"d:\\Warcraft 3\\Warcraft III\\War3.exe"=
"d:\\Ganja\\metin2.bin"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\DSJ2.1\\Counter-Strike Source\\hl2.exe"=
"d:\\PES\\PES 2009\\pes2009.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"21651:TCP"= 21651:TCP:BitComet 21651 TCP
"21651:UDP"= 21651:UDP:BitComet 21651 UDP
S2 gupdate1c9ac6bfaa3b762;Usługa Google Update (gupdate1c9ac6bfaa3b762);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 133104]
S3 ddsxeiservice;ddsxeiservice2;d:\sxe\ddsxei.sys [2009-02-22 50560]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2008-10-22 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2008-10-22 85696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87f24d26-1226-11dd-ab17-000e50b3d86c}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
.
Zawartość folderu 'Zaplanowane zadania'
2009-03-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 11:31]
2009-03-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 11:33]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-Ad Muncher - d:\ad-muncher\Ad Muncher\AdMunch.exe
MSConfigStartUp-Adobe Reader Speed Launcher - d:\adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-EdHTML - d:\edhtmlv5.0\EdHTML.exe
.
------- Skan uzupełniający -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
IE: E&ksport do programu Microsoft Excel - d:\office~1\OFFICE11\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocą BitComet - d:\bitcomet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - d:\bitcomet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - d:\bitcomet\BitComet.exe/AddLink.htm
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
FF - ProfilePath - c:\documents and settings\Paweł i Krzyś\Dane aplikacji\Mozilla\Firefox\Profiles\wj06pfi2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Paweł i Krzyś\Dane aplikacji\Mozilla\Firefox\Profiles\wj06pfi2.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 01:09:17
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
d:\avira\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\rundll32.exe
d:\avira\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-28 1:10:45 - komputer został uruchomiony ponownie [Paweł i Krzyś]
ComboFix-quarantined-files.txt 2009-03-28 00:10:42
ComboFix2.txt 2009-02-22 11:33:22
ComboFix3.txt 2009-02-13 21:02:15
ComboFix4.txt 2009-02-05 18:52:36
Przed: 27 179 487 232 bajtów wolnych
Po: 27,112,906,752 bajtów wolnych
424 --- E O F --- 2009-03-16 13:08:18
