LOG Z COMBOFIXA
- Kod: Zaznacz wszystko
ComboFix 08-05-15.3 - Andrzej 2008-05-18 1:13:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.507 [GMT 2:00]
Running from: C:\Documents and Settings\Andrzej\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\newdotnet
C:\WINDOWS\cookies.ini
C:\WINDOWS\hosts
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ecdlpygs.ini
C:\WINDOWS\system32\HPrBLUtv.ini
C:\WINDOWS\system32\HPrBLUtv.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nmfsblnd.ini
C:\WINDOWS\system32\pdtalcnf.ini
C:\WINDOWS\system32\raelxhnb.ini
C:\WINDOWS\system32\uosxepgd.ini
C:\WINDOWS\system32\ygwdxynh.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_IPRIP
-------\Legacy_NNSERV
-------\Service_6to4
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.
2008-05-17 16:47 . 2008-05-17 16:47 <DIR> d-------- C:\Program Files\ESET
2008-05-17 16:47 . 2008-05-17 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-05-17 15:44 . 2008-05-17 15:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-17 15:44 . 2008-05-17 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-05-17 15:25 . 2008-05-17 15:58 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-05-17 14:59 . 2008-05-17 14:59 116,224 --a------ C:\WINDOWS\system32\sgypldce.dll
2008-05-17 14:54 . 2008-05-17 14:54 125,952 --a------ C:\WINDOWS\system32\vnshvull.dll
2008-05-17 14:09 . 2008-05-17 14:09 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-17 14:09 . 2008-05-17 14:09 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-17 14:07 . 2008-05-17 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-17 14:06 . 2008-05-17 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-05-17 13:50 . 2008-05-17 13:50 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7
2008-05-17 13:50 . 2008-05-17 14:01 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\AVG7
2008-05-17 13:50 . 2008-05-17 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\avg7
2008-05-17 13:42 . 2008-05-17 13:42 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-17 13:33 . 2008-05-17 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2008-05-17 13:33 . 2008-05-17 13:33 57,344 --a------ C:\WINDOWS\system32\vtUomkkH.dll
2008-05-17 13:21 . 2008-05-17 13:21 116,224 --a------ C:\WINDOWS\system32\dgpexsou.dll
2008-05-17 13:17 . 2008-05-17 13:17 125,952 --a------ C:\WINDOWS\system32\ejfvdqlf.dll
2008-05-17 13:17 . 2008-05-17 13:17 57,344 --a------ C:\WINDOWS\system32\ljJBsrpO.dll
2008-05-17 13:11 . 2008-05-17 13:11 125,952 --a------ C:\WINDOWS\system32\fjtjssur.dll
2008-05-17 13:08 . 2008-05-17 13:08 57,344 --a------ C:\WINDOWS\system32\byXOfebc.dll
2008-05-17 10:47 . 2008-05-17 10:47 125,952 --a------ C:\WINDOWS\system32\qprbcdns.dll
2008-05-17 10:09 . 2008-05-17 14:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-17 10:09 . 2008-05-17 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-05-17 03:26 . 2008-05-17 03:26 125,952 --a------ C:\WINDOWS\system32\dhhpcolq.dll
2008-05-17 03:26 . 2008-05-18 01:20 109,803 --a------ C:\WINDOWS\BMc70d6187.xml
2008-05-16 15:17 . 2008-05-16 15:17 370,688 --a------ C:\WINDOWS\system32\vtULBrPH.dll
2008-05-16 15:16 . 2008-05-16 15:16 58,880 --a------ C:\WINDOWS\system32\awtqnooO.dll
2008-05-16 15:12 . 2008-05-16 15:12 58,880 --a------ C:\WINDOWS\system32\jkkIApoo.dll
2008-05-16 15:11 . 2008-05-16 15:11 58,880 --a------ C:\WINDOWS\system32\jkkLEULE.dll
2008-05-15 20:30 . 2008-05-17 16:04 424 --ah----- C:\Metallica.-.Live.in.Uniondale,.NY..(2005).avi.ini
2008-05-15 19:15 . 2008-05-15 20:11 962,772,394 --a------ C:\Metallica.-.Live.in.Uniondale,.NY..(2005).avi
2008-05-15 19:09 . 2008-05-15 19:09 2,855,658 --a------ C:\Photoshop dla fotografa.pdf
2008-05-15 19:08 . 2008-05-15 19:09 13,449,436 --a------ C:\Adobe.Photoshop.7.PL.podrecznik.uzytkownika.pdf
2008-05-14 22:29 . 2008-05-14 22:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-14 22:29 . 2008-05-14 22:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-13 09:55 . 2008-05-15 01:36 <DIR> d-------- C:\House M.D. Season 4
2008-05-10 14:00 . 2008-05-10 14:02 <DIR> d-------- C:\OFFICE2007PL
2008-05-07 17:19 . 2008-05-07 17:19 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-05 22:18 . 2008-05-05 22:25 <DIR> d-------- C:\Program Files\SkanerOnline
2008-05-05 22:12 . 2008-05-16 11:26 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-05 22:12 . 2008-05-05 22:12 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-27 21:01 . 2008-04-27 21:03 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-04-27 20:55 . 2008-04-27 21:17 <DIR> d-------- C:\Program Files\Corel
2008-04-27 19:57 . 2008-04-27 19:58 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\Corel
2008-04-27 19:56 . 2008-04-27 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-04-27 18:53 . 2008-04-27 18:53 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-27 18:53 . 2008-04-27 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-04-27 18:52 . 2008-04-27 18:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-27 13:02 . 2008-04-27 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-04-27 12:42 . 2008-04-27 20:37 <DIR> d-------- C:\corel 12 pl
2008-04-27 01:46 . 2008-04-27 01:46 12,800 --ahs---- C:\Thumbs.db
2008-04-27 01:46 . 2008-04-27 14:52 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-27 01:00 . 2008-04-27 01:00 3,605 --a------ C:\marchef.jpg
2008-04-25 01:48 . 2008-04-25 01:48 <DIR> d-------- C:\Program Files\Media Player Classic
2008-04-25 01:48 . 2008-04-25 01:48 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\Media Player Classic
2008-04-23 23:31 . 2008-04-27 18:01 88 -r-hs---- C:\WINDOWS\system32\33F1509572.sys
2008-04-23 23:12 . 2008-05-14 22:51 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-23 23:08 . 2008-04-23 23:08 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 22:41 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Tlen.pl
2008-05-17 22:28 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\uTorrent
2008-05-17 14:32 --------- d-----w C:\Program Files\eMule
2008-05-17 14:25 --------- d-----w C:\Program Files\Opera
2008-05-17 13:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 13:00 --------- d-----w C:\Program Files\Wiedźmin
2008-05-17 08:43 --------- d-----w C:\Program Files\VVSN
2008-05-07 15:19 --------- d-----w C:\Program Files\DC++
2008-05-05 21:01 --------- d-----w C:\Program Files\themexp
2008-05-05 20:46 --------- d-----w C:\Program Files\Guitar Pro 5rms
2008-04-27 11:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-24 23:48 --------- d-----w C:\Program Files\Real Alternative
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
2008-05-16 15:11 58880 --a------ C:\WINDOWS\system32\jkkLEULE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FEA4D46-E872-43A1-85EF-14A9F7DD8A5B}]
2008-05-18 01:25 371712 --a------ C:\WINDOWS\system32\xxyvtQiJ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1BCE94C-C6E5-4996-BC75-0606565580F5}]
2008-05-16 15:17 370688 --a------ C:\WINDOWS\system32\vtULBrPH.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 09:47 67072 C:\WINDOWS\SOUNDMAN.EXE]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2007-03-04 00:22 823296]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"VVSN"="C:\Program Files\VVSN\VVSN.exe" [ ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"c43e521b"="C:\WINDOWS\system32\sgypldce.dll" [2008-05-17 14:59 116224]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 14:00 159744]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 09:26 1410304]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
"BMc70d6187"="C:\WINDOWS\system32\vmcylheq.dll" [2008-05-18 01:27 125952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"WinUpdating"= WinUpdating.exe
"Windows Printing Driver"= WinSpooler.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{522E0112-EDD9-413D-A99E-C311A54B6676}"= C:\WINDOWS\system32\jkkLEULE.dll [2008-05-16 15:11 58880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLEULE]
jkkLEULE.dll 2008-05-16 15:11 58880 C:\WINDOWS\system32\jkkLEULE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\xxyvtQiJ
[HKLM\~\startupfolder\C:^Documents and Settings^Andrzej^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Andrzej\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 15:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-08-04 01:55 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 20:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\instalki\\WYPALONE\\utorrent.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"39763:TCP"= 39763:TCP:39763
"20023:UDP"= 20023:UDP:20023
"4662:TCP"= 4662:TCP:4662
"4242:TCP"= 4242:TCP:4242
"3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows
"3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 09:27]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2006-10-23 09:00]
S3 p2pgasvc;Uwierzytelnianie grup sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
S3 p2pimsvc;Menedżer tożsamości sieci równorzędnej;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
S3 p2psvc;Sieć równorzędna;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
S3 PNRPSvc;Protokół PNRP (Peer Name Resolution Protocol);C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c14c806-cc0d-11dc-866b-00c026a92893}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a49ffe86-c985-11db-83ac-000d61ebc71c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c80ff56c-98ff-11dc-85e8-00c026a92893}]
\Shell\AutoRun\command - I:\USBNB.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 01:21:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\explorer.exe [1796] 0x862653C0
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\jkkLEULE.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\sgypldce.dll
-> C:\WINDOWS\system32\vmcylheq.dll
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-18 1:29:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 23:28:45
Pre-Run: 22,510,567,424 bajtów wolnych
Post-Run: 22,883,012,608 bajt˘w wolnych
261
LOG Z HIJACK
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:39:49, on 2008-05-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [c43e521b] rundll32.exe "C:\WINDOWS\system32\sgypldce.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [BMc70d6187] Rundll32.exe "C:\WINDOWS\system32\uofobqkr.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
--
End of file - 6984 bytes
Stronki się nie otwierają itd.
