Log z hijackthis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:44, on 2008-07-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Copy Handler\ch.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Mouse Driver\StartAutorun.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Mouse Driver\KMConfig.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
E:\Moje dokumenty\Setup\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Copy Handler] C:\Program Files\Copy Handler\ch.exe
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=FP9776Y9&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=FP9776Y9&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=FP9776Y9&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=FP9776Y9&id=menu_ie_exclude
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=FP9776Y9&id=menu_ie_report
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
--
End of file - 7080 bytes
Log z combofix
- Kod: Zaznacz wszystko
ComboFix 08-07-27.3 - mops 2008-07-27 22:08:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.651 [GMT 2:00]
Running from: C:\Documents and Settings\mops\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.
2008-07-27 22:02 . 2008-07-27 22:02 24,944 --a------ C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-07-27 21:47 . 2008-07-27 22:02 16,608 --a------ C:\WINDOWS\gdrv.sys
2008-07-27 16:48 . 2008-07-27 16:48 <DIR> d-------- C:\Documents and Settings\mops\Dane aplikacji\plan settings
2008-07-26 10:11 . 2008-07-26 10:11 <DIR> d-------- C:\Program Files\plan settings
2008-07-23 11:10 . 2008-07-23 11:10 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-07-21 14:40 . 2008-07-21 14:42 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-19 18:25 . 2008-07-19 18:25 <DIR> d-------- C:\Program Files\Mouse Driver
2008-07-19 17:51 . 2008-07-27 17:37 2,688 --a------ C:\WINDOWS\system32\settings.aaw
2008-07-19 17:51 . 2008-07-27 17:37 1,136 --a------ C:\WINDOWS\system32\history.aaw
2008-07-18 17:38 . 2008-07-23 10:03 <DIR> d-------- C:\Program Files\FlashGet
2008-07-18 00:14 . 2008-07-20 14:24 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-17 11:38 . 2008-07-17 11:38 <DIR> d-------- C:\Program Files\Smart MP3 Converter
2008-07-16 18:26 . 2008-07-18 19:42 <DIR> d-------- C:\Documents and Settings\mops\Dane aplikacji\DivX
2008-07-16 18:23 . 2008-07-16 18:24 <DIR> d-------- C:\Program Files\DivX
2008-07-15 02:32 . 2008-07-15 02:32 <DIR> d-------- C:\Documents and Settings\mops\SystemRequirementsLab
2008-07-14 23:11 . 2008-07-14 23:11 <DIR> d-------- C:\Documents and Settings\mops\Dane aplikacji\Media Player Classic
2008-07-14 23:10 . 2008-07-14 23:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 23:10 . 2008-07-14 23:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-13 21:54 . 2008-07-13 21:54 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-07-13 21:54 . 2008-07-13 21:54 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-07-13 20:09 . 2008-07-13 20:09 <DIR> d-------- C:\Program Files\Hamachi
2008-07-13 20:09 . 2008-07-13 21:10 <DIR> d-------- C:\Documents and Settings\mops\Dane aplikacji\Hamachi
2008-07-13 20:09 . 2008-07-13 20:09 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-07-13 19:39 . 2008-07-13 19:39 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-13 19:30 . 2008-07-13 19:30 106,496 --a------ C:\WINDOWS\DIIUnin.exe
2008-07-13 19:30 . 2008-07-20 22:12 27,045 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-13 19:30 . 2008-07-13 19:30 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-07-12 17:26 . 2008-07-12 17:26 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-07-12 17:26 . 2008-07-12 17:26 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-07-12 17:26 . 2008-05-29 12:33 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-07-12 10:44 . 2008-07-12 10:44 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-11 22:05 . 2008-07-11 22:05 31 --a------ C:\WINDOWS\idc.ini
2008-07-11 14:10 . 2007-02-10 02:04 14,336 --a------ C:\WINDOWS\system32\drivers\Amps2prt.sys
2008-07-11 14:10 . 2007-02-10 23:55 13,824 --a------ C:\WINDOWS\system32\drivers\Amusbprt.sys
2008-07-11 14:10 . 2006-04-11 13:56 10,240 --a------ C:\WINDOWS\system32\drivers\Arfumx86.sys
2008-07-11 14:10 . 2007-01-24 17:46 8,704 --a------ C:\WINDOWS\system32\drivers\Amfilter.sys
2008-07-10 22:44 . 2008-07-10 22:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 22:44 . 2008-07-10 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-07-10 18:47 . 2007-03-29 15:00 17,024 --a------ C:\WINDOWS\system32\drivers\KMWDFilter.SYS
2008-07-10 10:42 . 2008-07-10 10:42 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-08 12:23 . 2006-09-13 18:19 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-07-08 12:17 . 2008-07-08 12:35 <DIR> d-------- C:\Program Files\Aspell
2008-07-08 12:15 . 2008-07-08 12:15 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-08 12:14 . 2008-07-08 12:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-08 12:12 . 2008-07-08 12:12 427 --a------ C:\WINDOWS\ODBC.INI
2008-07-08 12:09 . 2008-07-08 12:11 <DIR> d-------- C:\WINDOWS\ShellNew
2008-07-08 12:09 . 2008-07-13 21:54 <DIR> d-------- C:\WINDOWS\Help
2008-07-08 12:03 . 2008-07-26 12:33 <DIR> d-------- C:\Documents and Settings\mops\Dane aplikacji\foobar2000
2008-07-08 11:55 . 2008-06-02 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-07-08 11:53 . 2008-07-08 11:53 10 --a------ C:\WINDOWS\WININIT.INI
2008-07-08 11:37 . 2007-08-10 16:26 693,712 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2008-07-08 11:36 . 2007-08-10 16:26 281,552 --a------ C:\WINDOWS\system32\cfosspeed.dll
2008-07-08 11:34 . 2008-07-08 11:34 <DIR> d-------- C:\Program Files\Real Alternative
2008-07-08 11:34 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-08 11:31 . 2008-07-08 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ad Muncher
2008-07-08 11:27 . 2008-07-08 11:27 <DIR> d-------- C:\Program Files\foobar2000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 20:08 --------- d-----w C:\Program Files\cFosSpeed
2008-07-27 19:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 19:47 --------- d-----w C:\Program Files\Gigabyte
2008-07-17 08:00 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-15 10:03 --------- d-----w C:\Documents and Settings\mops\Dane aplikacji\uTorrent
2008-07-14 10:59 --------- d-----w C:\Program Files\Unlocker
2008-07-10 20:44 --------- d-----w C:\Program Files\Lavasoft
2008-07-08 10:01 --------- d-----w C:\Program Files\Opera
2008-07-08 09:54 --------- d-----w C:\Program Files\Ad Muncher
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 00:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-11 00:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
------- Sigcheck -------
2007-01-04 15:05 812544 d636e397a813e0defa58359b676c4b41 C:\WINDOWS\system32\wininet.dll
2007-01-04 15:05 812544 d636e397a813e0defa58359b676c4b41 C:\WINDOWS\system32\dllcache\wininet.dll
2007-01-04 15:05 667648 b9cd00815effa790279a1d2f0d07323f C:\WINDOWS\VistaMizer\old\wininet.dll
2004-08-04 01:44 544256 87d414eba254e42649f4d0a00bb653c6 C:\WINDOWS\system32\winlogon.exe
2004-08-04 01:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\VistaMizer\old\winlogon.exe
2007-03-10 03:41 2317824 9b016013328b551f3a15ef18b16cddea C:\WINDOWS\system32\ntkrnlpa.exe
2007-03-10 03:41 2060544 f1b0ab04f3893688735e77dd8c79d8f4 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe
2007-03-10 03:32 2440576 1768c95276c3356545465537810bf25b C:\WINDOWS\system32\ntoskrnl.exe
2007-03-10 03:32 2183296 da47e147bc4628588e82fd7509fe2033 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe
2007-03-10 03:31 1551872 129fa277872f844471f35b40ef4d1249 C:\WINDOWS\explorer.exe
2007-03-10 03:31 1033728 05412646fa6ea684af560d9984ae4e88 C:\WINDOWS\VistaMizer\old\explorer.exe
2004-08-04 01:44 25088 36eab91ffd244d3202830e417c45e0a5 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 01:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 23:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 23:32 455168]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 05:15 83968]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"Copy Handler"="C:\Program Files\Copy Handler\ch.exe" [2005-01-31 17:18 146432]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-07-08 11:31 779776]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-08-10 16:26 846800]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2006-09-13 14:22 3229184]
"KMCONFIG"="C:\Program Files\Mouse Driver\StartAutorun.exe" [2007-03-06 14:51 212992]
"EasyTuneVI"="C:\Program Files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 15:05 20480]
C:\Documents and Settings\mops\Menu Start\Programy\Autostart\
PowerMenu.lnk - C:\Program Files\PowerMenu_1_5_1\PowerMenu.exe [2008-03-20 21:46:27 57344]
C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= "C:\WINDOWS\system32\RadExe.dll" [2005-04-27 03:49 200704]
[HKLM\~\startupfolder\^NTUSER.DAT]
path=\NTUSER.DAT
backup=C:\WINDOWS\pss\NTUSER.DATCommon Startup
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
backup=C:\WINDOWS\pss\ntuser.dat.LOGCommon Startup
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
backup=C:\WINDOWS\pss\ntuser.iniCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
--a------ 2005-05-24 23:41 503808 C:\Program Files\Konnekt\konnekt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
--a------ 2005-09-18 19:40 1421824 C:\Program Files\PeerGuardian2\pg2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Mouse Driver\KMWDSrv.exe [2007-04-05 10:29]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R4 atidgllk;atidgllk;C:\Program Files\GIGABYTE\ET6\atidgllk.sys [2006-07-19 12:25]
*Newly Created Service* - ATIDGLLK
*Newly Created Service* - GVTDRV
.
Contents of the 'Scheduled Tasks' folder
2008-07-27 C:\WINDOWS\Tasks\AC1C4CF8918BFFD0.job
- c:\docume~1\mops\daneap~1\planse~1\Five dupe exit.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AXIS TONS THE MP3 - C:\Documents and Settings\All Users\Dane aplikacji\Readme Live Axis Tons\Find boob.exe
MSConfigStartUp-Itch cast - C:\DOCUME~1\mops\DANEAP~1\PLANSE~1\barb amen.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www2.iesearch.com/
O8 -: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=FP9776Y9&id=menu_ie_frame
O8 -: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=FP9776Y9&id=menu_ie_image
O8 -: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=FP9776Y9&id=menu_ie_link
O8 -: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=FP9776Y9&id=menu_ie_exclude
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 -: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=1.0&pass=FP9776Y9&id=menu_ie_report
O8 -: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 -: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 22:08:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\mops\USTAWI~1\Temp\ASFWHide"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
.
Completion time: 2008-07-27 22:09:49
ComboFix-quarantined-files.txt 2008-07-27 20:09:40
Pre-Run: 15,173,414,912 bajtów wolnych
Post-Run: 15,217,520,640 bajtów wolnych
231
