przez Superpippo 26 Gru 2007, 03:07
przez wojtas 26 Gru 2007, 11:54
przez Superpippo 26 Gru 2007, 14:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:22, on 2007-12-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Michael007\gry\NFS Pro street\PB\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Michael\Pulpit\log\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PLAsim plugin - {F60777DA-D6A6-40F6-B665-6F361C1017B6} - C:\WINDOWS\poswin.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E5553EF-A5CE-4220-9034-AECB2BFE7B9B}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{5E5553EF-A5CE-4220-9034-AECB2BFE7B9B}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Michael007\gry\NFS Pro street\PB\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 6071 bytes"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"BootSkin Startup Jobs" = ""C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs" [empty string]
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{F60777DA-D6A6-40F6-B665-6F361C1017B6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PLAsim plugin"
\InProcServer32\(Default) = "C:\WINDOWS\poswin.dll" ["Kodack"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{8903F6C9-25E3-40AC-A98F-E6D35CD0469C}" = "PSPad"
-> {HKLM...CLSID} = "PSPad"
\InProcServer32\(Default) = "C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL" [null data]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
PSPad\(Default) = "{8903F6C9-25E3-40AC-A98F-E6D35CD0469C}"
-> {HKLM...CLSID} = "PSPad"
\InProcServer32\(Default) = "C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Michael\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "Michael" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"]
PunkBuster, PnkBstrA, ""D:\Michael007\gry\NFS Pro street\PB\PnkBstrA.exe"" [null data]
StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]
WinFast(R) Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
---------- (launch time: 2007-12-26 13:55:32)
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 101 seconds.
---------- (total run time: 155 seconds)
przez wojtas 26 Gru 2007, 15:06
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"**del.DisableTaskMgr"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableTaskMgr"=dword:00000000
przez Superpippo 26 Gru 2007, 15:45
SDFix: Version 1.119
Run by Michael on 2007-12-26 at 14:20
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\alxvdvm.dll - Deleted
C:\WINDOWS\bvtqfvx.dll - Deleted
C:\WINDOWS\fvkwdrt.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 14:23:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b0,65,20,c1,f5,ed,cf,72,82,67,10,39,9c,22,b6,8c,3b,65,61,1e,ff,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f1,36,fb,7a,3e,b4,07,95,d1,bd,c2,9e,2f,40,55,8c,57,..
"khjeh"=hex:c2,c8,d1,a8,54,4f,85,d0,77,19,6e,89,92,8c,85,d9,8c,c0,d4,43,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:38,e4,5d,53,3c,fd,03,de,42,be,a2,49,15,e3,a9,1b,2c,05,c1,f5,4d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:2a,72,71,64,a4,f5,8c,5d,00,10,8c,7d,24,b8,5f,25,33,17,6c,b7,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b0,65,20,c1,f5,ed,cf,72,82,67,10,39,9c,22,b6,8c,3b,65,61,1e,ff,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f1,36,fb,7a,3e,b4,07,95,d1,bd,c2,9e,2f,40,55,8c,57,..
"khjeh"=hex:c2,c8,d1,a8,54,4f,85,d0,77,19,6e,89,92,8c,85,d9,8c,c0,d4,43,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:38,e4,5d,53,3c,fd,03,de,42,be,a2,49,15,e3,a9,1b,2c,05,c1,f5,4d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:2a,72,71,64,a4,f5,8c,5d,00,10,8c,7d,24,b8,5f,25,33,17,6c,b7,a0,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Michael007\\gry\\Fifa 08\\FIFA08.exe"="D:\\Michael007\\gry\\Fifa 08\\FIFA08.exe:*:Enabled:FIFA 08"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 11 Aug 2007 232,230 A..H. --- "C:\Documents and Settings\Michael\Pulpit\unlimited rapid\USDownloader\RS_ServerSwitch.exe"
Finished!
ComboFix 07-12-21.4 - Michael 2007-12-26 14:41:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.669 [GMT 1:00]
Running from: C:\Problemy z robakami\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
.
((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.
2007-12-26 14:35 . 2006-09-13 18:18 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2007-12-26 14:34 . 2006-09-13 18:17 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2007-12-26 14:33 . 2006-09-13 18:17 899,530 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-12-26 14:32 . 2005-05-25 22:02 3,885,440 --a------ C:\WINDOWS\system32\OLD541.tmp
2007-12-26 14:31 . 2001-07-22 01:23 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2007-12-26 14:30 . 2001-10-26 20:28 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-12-26 14:29 . 2006-09-13 18:16 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2007-12-26 14:28 . 2006-09-13 18:14 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
2007-12-26 14:27 . 2001-10-26 20:28 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2007-12-26 14:26 . 2006-09-13 18:19 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-12-26 14:25 . 2007-12-26 14:34 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-26 14:23 . 2007-12-26 14:23 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-12-26 14:23 . 2007-12-26 14:23 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-12-26 14:22 . 2007-12-26 14:36 <DIR> d--hs---- C:\WINDOWS\system32\dllcache
2007-12-26 14:19 . 2007-12-26 14:20 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-26 14:11 . 2007-12-26 14:40 <DIR> d-------- C:\Problemy z robakami
2007-12-26 02:13 . 2007-12-26 02:28 <DIR> d-------- C:\Program Files\Files-Secure
2007-12-26 01:04 . 2007-12-26 01:04 <DIR> d-------- C:\Documents and Settings\Michael\.jpi_cache
2007-12-26 01:04 . 2007-12-26 01:04 <DIR> d-------- C:\Documents and Settings\Michael\.java
2007-12-26 00:55 . 2007-12-26 00:55 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Talkback
2007-12-26 00:49 . 2007-12-26 02:33 <DIR> d-------- C:\Program Files\MediaSupplyCodec
2007-12-26 00:47 . 2007-12-26 00:53 225,792 --a------ C:\WINDOWS\poswin.dll
2007-12-25 20:34 . 2007-12-25 20:34 <DIR> d-------- C:\Downloads
2007-12-24 22:41 . 2007-12-24 22:41 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Ahead
2007-12-24 21:39 . 2007-12-26 12:22 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\OpenOffice.org2
2007-12-24 21:38 . 2007-12-24 21:38 <DIR> d-------- C:\Program Files\Edgard Multimedia
2007-12-24 21:35 . 2007-12-24 21:35 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Winamp
2007-12-24 21:29 . 2007-12-24 21:30 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Gadu-Gadu
2007-12-24 21:28 . 2007-12-24 14:01 <DIR> d--h----- C:\Documents and Settings\Ewelina.SUPERPIPPO\Ustawienia lokalne
2007-12-24 21:28 . 2007-12-24 21:28 <DIR> dr------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Ulubione
2007-12-24 21:28 . 2007-12-24 13:07 <DIR> d--h----- C:\Documents and Settings\Ewelina.SUPERPIPPO\Szablony
2007-12-24 21:28 . 2007-12-25 11:22 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Pulpit
2007-12-24 21:28 . 2007-12-24 21:28 <DIR> dr------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Moje dokumenty
2007-12-24 21:28 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start
2007-12-24 21:28 . 2007-12-24 22:41 <DIR> dr-h----- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji
2007-12-24 15:17 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-24 15:12 . 2006-09-13 18:19 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-24 14:52 . 2007-12-24 14:52 <DIR> d-------- C:\Program Files\BearShare
2007-12-24 14:51 . 2007-12-24 14:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-24 14:44 . 2007-12-24 14:44 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-24 14:36 . 2007-12-24 14:36 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-24 14:30 . 2007-12-24 14:30 <DIR> d-------- C:\Program Files\EA SPORTS
2007-12-24 14:15 . 2007-12-24 14:15 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-12-24 14:13 . 2007-12-24 14:13 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-24 14:10 . 2007-12-25 21:03 <DIR> d-------- C:\Filmy
2007-12-24 14:07 . 2007-12-24 14:07 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-12-24 14:05 . 2007-12-26 02:01 <DIR> d-------- C:\Program Files\AutoConnect
2007-12-24 14:04 . 2007-12-24 14:04 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\Talkback
2007-12-24 14:04 . 2007-12-24 14:04 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\OpenOffice.org2
2007-12-24 14:04 . 2007-12-24 14:04 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\Ahead
2007-12-24 14:04 . 2006-09-13 19:14 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-12-24 14:04 . 2006-09-13 19:14 3,072 --a------ C:\WINDOWS\system32\dllcache\audstub.sys
2007-12-24 14:04 . 2007-12-24 22:44 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> dr------- C:\Documents and Settings\Ewelina.FORZAMILAN\Moje dokumenty
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> dr------- C:\Documents and Settings\Ewelina.FORZAMILAN\Menu Start
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Gadu-Gadu
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\Winamp
2007-12-24 14:03 . 2007-12-24 14:04 <DIR> dr-h----- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji
2007-12-24 14:02 . 2007-12-24 21:28 <DIR> d--hs---- C:\WINDOWS\Installer
2007-12-24 14:02 . 2007-12-24 14:02 <DIR> dr------- C:\Documents and Settings\Ewelina.FORZAMILAN\Ulubione
2007-12-24 14:02 . 2007-12-24 14:02 <DIR> d--h----- C:\Documents and Settings\Ewelina.FORZAMILAN\Szablony
2007-12-24 14:02 . 2007-12-24 14:03 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Pulpit
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Ewelina\Ulubione
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Ewelina\Pulpit
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Ewelina\Moje dokumenty
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Ewelina\Gadu-Gadu
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d--h----- C:\Documents and Settings\Ewelina.FORZAMILAN\Ustawienia lokalne
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2007-12-24 14:01 . 2007-12-24 13:07 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2007-12-24 14:01 . 2007-12-24 14:07 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2007-12-24 14:01 . 2007-12-24 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2007-12-24 14:01 . 2007-12-24 13:12 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2007-12-24 14:01 . 2007-12-24 13:08 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2007-12-24 14:01 . 2004-08-04 02:27 1,086,058 -ra------ C:\WINDOWS\SET4.tmp
2007-12-24 14:00 . 2007-12-26 14:23 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-12-24 14:00 . 2007-12-26 13:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-12-24 14:00 . 2007-12-24 14:01 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2007-12-24 14:00 . 2007-12-24 13:49 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2007-12-24 14:00 . 2004-08-04 02:32 1,014,483 -ra------ C:\WINDOWS\SET3.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 13:37 --------- d-----w C:\Program Files\neostrada tp
2007-12-26 00:51 --------- d-----w C:\Program Files\RegCleaner
2007-12-25 20:13 --------- d-----w C:\Program Files\SubEdit-Player
2007-12-24 15:21 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Winamp
2007-12-24 12:56 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-24 12:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 12:55 --------- d-----w C:\Program Files\SAGEM
2007-12-24 12:55 --------- d-----w C:\Program Files\Java
2007-12-24 12:51 --------- d-----w C:\Program Files\XviD
2007-12-24 12:50 --------- d-----w C:\Program Files\Windows Media Components
2007-12-24 12:50 --------- d-----w C:\Program Files\Winamp
2007-12-24 12:49 --------- d-----w C:\Program Files\VistaCodecPack
2007-12-24 12:49 --------- d-----w C:\Program Files\DivX
2007-12-24 12:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-12-24 12:48 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-24 12:48 --------- d-----w C:\Program Files\Bradbury
2007-12-24 12:47 --------- d-----w C:\Program Files\SopCast
2007-12-24 12:47 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\SopCast
2007-12-24 12:46 --------- d-----w C:\Program Files\PSPad editor
2007-12-24 12:45 --------- d-----w C:\Program Files\PPMate
2007-12-24 12:45 --------- d-----w C:\Program Files\Opera
2007-12-24 12:45 --------- d-----w C:\Program Files\NAPI-PROJEKT
2007-12-24 12:45 --------- d-----w C:\Program Files\Common Files\Synacast
2007-12-24 12:45 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\PPMate
2007-12-24 12:42 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-24 12:42 --------- d-----w C:\Program Files\IrfanView
2007-12-24 12:42 --------- d-----w C:\Program Files\Hamachi
2007-12-24 12:42 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Hamachi
2007-12-24 12:41 --------- d-----w C:\Program Files\GIMP-2.0
2007-12-24 12:40 --------- d-----w C:\Program Files\FMA 2
2007-12-24 12:40 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\FMA
2007-12-24 12:39 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2007-12-24 12:38 --------- d-----w C:\Program Files\Stardock
2007-12-24 12:38 --------- d-----w C:\Program Files\Common Files\Stardock
2007-12-24 12:38 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-24 12:35 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-24 12:34 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Ahead
2007-12-24 12:33 --------- d-----w C:\Program Files\Nero
2007-12-24 12:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-12-24 12:30 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-24 12:29 --------- d-----w C:\Program Files\Alwil Software
2007-12-24 12:24 --------- d-----w C:\Program Files\VIA
2007-12-24 12:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-24 12:17 --------- d-----w C:\Program Files\C-Media 3D Audio
2007-12-24 12:16 --------- d-----w C:\Program Files\SiSLan
2007-12-24 12:10 --------- d-----w C:\Program Files\Usługi online
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F60777DA-D6A6-40F6-B665-6F361C1017B6}]
2007-12-26 00:53 225792 --a------ C:\WINDOWS\poswin.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 15:58]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 10:40]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-05-25 22:02 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-18 18:13]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44]
C:\Documents and Settings\Ewelina.FORZAMILAN\Menu Start\Programy\Autostart\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]
C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start\Programy\Autostart\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-15 08:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-15 08:42]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 18:19]
S3 Via4in1;Via4in1;F:\DATA\fscommand\Via4in1.sys []
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 14:42:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???\???/??[?????? [?? [???????????????????[???[?C???? [$??????[????????????S??[????????m??[$??w????(????>?w???w???????w???w???[????????d???b6?[%??[?? [????"??[A??[???[v??wZ??[?3?[?3?[????st.I???????[????d???0=?[?K?[
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-26 14:43:11
przez wojtas 26 Gru 2007, 16:16
File::
C:\WINDOWS\SET4.tmp
C:\WINDOWS\SET3.tmp
C:\WINDOWS\poswin.dll
C:\WINDOWS\system32\OLD541.tmp
Folder::
C:\Program Files\MediaSupplyCodec
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F60777DA-D6A6-40F6-B665-6F361C1017B6}]
przez Superpippo 26 Gru 2007, 16:52
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:27, on 2007-12-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Michael007\gry\NFS Pro street\PB\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Problemy z robakami\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E5553EF-A5CE-4220-9034-AECB2BFE7B9B}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{5E5553EF-A5CE-4220-9034-AECB2BFE7B9B}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Michael007\gry\NFS Pro street\PB\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 5979 bytesComboFix 07-12-21.4 - Michael 2007-12-26 15:48:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.676 [GMT 1:00]
Running from: C:\Problemy z robakami\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.
2007-12-26 14:35 . 2006-09-13 18:18 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2007-12-26 14:34 . 2006-09-13 18:17 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2007-12-26 14:33 . 2006-09-13 18:17 899,530 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-12-26 14:32 . 2005-05-25 22:02 3,885,440 --a------ C:\WINDOWS\system32\OLD541.tmp
2007-12-26 14:31 . 2001-07-22 01:23 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2007-12-26 14:30 . 2001-10-26 20:28 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-12-26 14:29 . 2006-09-13 18:16 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2007-12-26 14:28 . 2006-09-13 18:14 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
2007-12-26 14:27 . 2001-10-26 20:28 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2007-12-26 14:26 . 2006-09-13 18:19 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-12-26 14:25 . 2007-12-26 14:34 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-12-26 14:23 . 2007-12-26 14:23 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-12-26 14:23 . 2007-12-26 14:23 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-12-26 14:22 . 2007-12-26 15:43 <DIR> d--hs---- C:\WINDOWS\system32\dllcache
2007-12-26 14:19 . 2007-12-26 14:20 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-26 14:11 . 2007-12-26 15:47 <DIR> d-------- C:\Problemy z robakami
2007-12-26 02:13 . 2007-12-26 02:28 <DIR> d-------- C:\Program Files\Files-Secure
2007-12-26 01:04 . 2007-12-26 01:04 <DIR> d-------- C:\Documents and Settings\Michael\.jpi_cache
2007-12-26 01:04 . 2007-12-26 01:04 <DIR> d-------- C:\Documents and Settings\Michael\.java
2007-12-26 00:55 . 2007-12-26 00:55 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Talkback
2007-12-26 00:47 . 2007-12-26 00:53 225,792 --a------ C:\WINDOWS\poswin.dll
2007-12-25 20:34 . 2007-12-25 20:34 <DIR> d-------- C:\Downloads
2007-12-24 22:41 . 2007-12-24 22:41 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Ahead
2007-12-24 21:39 . 2007-12-26 12:22 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\OpenOffice.org2
2007-12-24 21:38 . 2007-12-24 21:38 <DIR> d-------- C:\Program Files\Edgard Multimedia
2007-12-24 21:35 . 2007-12-24 21:35 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Winamp
2007-12-24 21:29 . 2007-12-24 21:30 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Gadu-Gadu
2007-12-24 21:28 . 2007-12-26 15:39 <DIR> d--h----- C:\Documents and Settings\Ewelina.SUPERPIPPO\Ustawienia lokalne
2007-12-24 21:28 . 2007-12-24 21:28 <DIR> dr------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Ulubione
2007-12-24 21:28 . 2007-12-24 13:07 <DIR> d--h----- C:\Documents and Settings\Ewelina.SUPERPIPPO\Szablony
2007-12-24 21:28 . 2007-12-25 11:22 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Pulpit
2007-12-24 21:28 . 2007-12-24 21:28 <DIR> dr------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Moje dokumenty
2007-12-24 21:28 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start
2007-12-24 21:28 . 2007-12-24 22:41 <DIR> dr-h----- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji
2007-12-24 15:17 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-24 15:12 . 2006-09-13 18:19 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-24 14:52 . 2007-12-24 14:52 <DIR> d-------- C:\Program Files\BearShare
2007-12-24 14:51 . 2007-12-24 14:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-24 14:44 . 2007-12-24 14:44 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-24 14:36 . 2007-12-24 14:36 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-24 14:30 . 2007-12-24 14:30 <DIR> d-------- C:\Program Files\EA SPORTS
2007-12-24 14:15 . 2007-12-24 14:15 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-12-24 14:13 . 2007-12-24 14:13 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-24 14:10 . 2007-12-25 21:03 <DIR> d-------- C:\Filmy
2007-12-24 14:07 . 2007-12-24 14:07 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-12-24 14:05 . 2007-12-26 02:01 <DIR> d-------- C:\Program Files\AutoConnect
2007-12-24 14:04 . 2007-12-24 14:04 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\Talkback
2007-12-24 14:04 . 2007-12-24 14:04 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\OpenOffice.org2
2007-12-24 14:04 . 2007-12-24 14:04 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\Ahead
2007-12-24 14:04 . 2006-09-13 19:14 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-12-24 14:04 . 2006-09-13 19:14 3,072 --a------ C:\WINDOWS\system32\dllcache\audstub.sys
2007-12-24 14:04 . 2007-12-26 15:40 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> dr------- C:\Documents and Settings\Ewelina.FORZAMILAN\Moje dokumenty
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> dr------- C:\Documents and Settings\Ewelina.FORZAMILAN\Menu Start
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Gadu-Gadu
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\Winamp
2007-12-24 14:03 . 2007-12-24 14:04 <DIR> dr-h----- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji
2007-12-24 14:02 . 2007-12-24 21:28 <DIR> d--hs---- C:\WINDOWS\Installer
2007-12-24 14:02 . 2007-12-24 14:02 <DIR> dr------- C:\Documents and Settings\Ewelina.FORZAMILAN\Ulubione
2007-12-24 14:02 . 2007-12-24 14:02 <DIR> d--h----- C:\Documents and Settings\Ewelina.FORZAMILAN\Szablony
2007-12-24 14:02 . 2007-12-24 14:03 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Pulpit
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Ewelina\Ulubione
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Ewelina\Pulpit
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Ewelina\Moje dokumenty
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Ewelina\Gadu-Gadu
2007-12-24 14:01 . 2007-12-26 15:39 <DIR> d--h----- C:\Documents and Settings\Ewelina.FORZAMILAN\Ustawienia lokalne
2007-12-24 14:01 . 2007-12-26 15:39 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2007-12-24 14:01 . 2007-12-24 13:07 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2007-12-24 14:01 . 2007-12-24 14:07 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2007-12-24 14:01 . 2007-12-24 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2007-12-24 14:01 . 2007-12-24 13:12 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2007-12-24 14:01 . 2007-12-24 13:08 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2007-12-24 14:01 . 2004-08-04 02:27 1,086,058 -ra------ C:\WINDOWS\SET4.tmp
2007-12-24 14:00 . 2007-12-26 14:23 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-12-24 14:00 . 2007-12-26 13:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-12-24 14:00 . 2007-12-24 14:01 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2007-12-24 14:00 . 2007-12-24 13:49 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2007-12-24 14:00 . 2004-08-04 02:32 1,014,483 -ra------ C:\WINDOWS\SET3.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 14:45 --------- d-----w C:\Program Files\neostrada tp
2007-12-26 00:51 --------- d-----w C:\Program Files\RegCleaner
2007-12-25 20:13 --------- d-----w C:\Program Files\SubEdit-Player
2007-12-24 15:21 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Winamp
2007-12-24 12:56 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-24 12:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 12:55 --------- d-----w C:\Program Files\SAGEM
2007-12-24 12:55 --------- d-----w C:\Program Files\Java
2007-12-24 12:51 --------- d-----w C:\Program Files\XviD
2007-12-24 12:50 --------- d-----w C:\Program Files\Windows Media Components
2007-12-24 12:50 --------- d-----w C:\Program Files\Winamp
2007-12-24 12:49 --------- d-----w C:\Program Files\VistaCodecPack
2007-12-24 12:49 --------- d-----w C:\Program Files\DivX
2007-12-24 12:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-12-24 12:48 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-24 12:48 --------- d-----w C:\Program Files\Bradbury
2007-12-24 12:47 --------- d-----w C:\Program Files\SopCast
2007-12-24 12:47 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\SopCast
2007-12-24 12:46 --------- d-----w C:\Program Files\PSPad editor
2007-12-24 12:45 --------- d-----w C:\Program Files\PPMate
2007-12-24 12:45 --------- d-----w C:\Program Files\Opera
2007-12-24 12:45 --------- d-----w C:\Program Files\NAPI-PROJEKT
2007-12-24 12:45 --------- d-----w C:\Program Files\Common Files\Synacast
2007-12-24 12:45 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\PPMate
2007-12-24 12:42 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-24 12:42 --------- d-----w C:\Program Files\IrfanView
2007-12-24 12:42 --------- d-----w C:\Program Files\Hamachi
2007-12-24 12:42 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Hamachi
2007-12-24 12:41 --------- d-----w C:\Program Files\GIMP-2.0
2007-12-24 12:40 --------- d-----w C:\Program Files\FMA 2
2007-12-24 12:40 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\FMA
2007-12-24 12:39 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2007-12-24 12:38 --------- d-----w C:\Program Files\Stardock
2007-12-24 12:38 --------- d-----w C:\Program Files\Common Files\Stardock
2007-12-24 12:38 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-24 12:35 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-24 12:34 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Ahead
2007-12-24 12:33 --------- d-----w C:\Program Files\Nero
2007-12-24 12:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-12-24 12:30 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-24 12:29 --------- d-----w C:\Program Files\Alwil Software
2007-12-24 12:24 --------- d-----w C:\Program Files\VIA
2007-12-24 12:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-24 12:17 --------- d-----w C:\Program Files\C-Media 3D Audio
2007-12-24 12:16 --------- d-----w C:\Program Files\SiSLan
2007-12-24 12:10 --------- d-----w C:\Program Files\Usługi online
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2007-12-26_14.42.48,20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-26 14:44:29 16,384 ----atw C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temp\Perflib_Perfdata_484.dat
- 2006-09-13 17:18:56 1,897,408 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
+ 2005-05-25 21:02:00 3,193,536 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
- 2006-09-13 17:18:40 4,274,816 ----a-w C:\WINDOWS\system32\nv4_disp.dll
+ 2005-05-25 21:02:00 3,885,440 ----a-w C:\WINDOWS\system32\nv4_disp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 15:58]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 10:40]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-05-25 22:02 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-18 18:13]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44]
C:\Documents and Settings\Ewelina.FORZAMILAN\Menu Start\Programy\Autostart\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]
C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start\Programy\Autostart\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-15 08:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-15 08:42]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 18:19]
S3 Via4in1;Via4in1;F:\DATA\fscommand\Via4in1.sys []
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SISPORT
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 15:49:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???\???/??[?????? [?? [???????????????????[???[?C???? [$??????[????????????S??[????????m??[$??w????(????>?w???w???????w???w???[????????d???b6?[%??[?? [????"??[A??[???[v??wZ??[?3?[?3?[????st.I???????[????d???0=?[?K?[
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-26 15:50:04
C:\ComboFix2.txt ... 2007-12-26 15:39
C:\ComboFix3.txt ... 2007-12-26 14:43
przez wojtas 26 Gru 2007, 17:29
C:\WINDOWS\system32\OLD541.tmp
C:\WINDOWS\poswin.dll
C:\WINDOWS\SET3.tmp
C:\WINDOWS\SET4.tmp
przez Superpippo 26 Gru 2007, 21:56
ComboFix 07-12-21.4 - Michael 2007-12-26 20:53:08.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.740 [GMT 1:00]
Running from: C:\Problemy z robakami\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.
2007-12-26 15:58 . 2007-12-26 15:58 <DIR> d-------- C:\Program Files\Auralog
2007-12-26 14:35 . 2006-09-13 18:18 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2007-12-26 14:34 . 2006-09-13 18:17 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2007-12-26 14:33 . 2006-09-13 18:17 899,530 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-12-26 14:32 . 2005-05-25 22:02 3,885,440 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-12-26 14:31 . 2001-07-22 01:23 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2007-12-26 14:30 . 2001-10-26 20:28 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-12-26 14:29 . 2006-09-13 18:16 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2007-12-26 14:28 . 2006-09-13 18:14 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
2007-12-26 14:27 . 2001-10-26 20:28 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2007-12-26 14:26 . 2006-09-13 18:19 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-12-26 14:25 . 2006-09-13 18:18 2,137,088 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-12-26 14:23 . 2007-12-26 14:23 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-12-26 14:23 . 2007-12-26 14:23 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-12-26 14:22 . 2007-12-26 15:43 <DIR> d--hs---- C:\WINDOWS\system32\dllcache
2007-12-26 14:19 . 2007-12-26 14:20 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-26 14:11 . 2007-12-26 20:49 <DIR> d-------- C:\Problemy z robakami
2007-12-26 02:13 . 2007-12-26 02:28 <DIR> d-------- C:\Program Files\Files-Secure
2007-12-26 01:04 . 2007-12-26 01:04 <DIR> d-------- C:\Documents and Settings\Michael\.jpi_cache
2007-12-26 01:04 . 2007-12-26 01:04 <DIR> d-------- C:\Documents and Settings\Michael\.java
2007-12-26 00:55 . 2007-12-26 00:55 <DIR> d-------- C:\Documents and Settings\Michael\Dane aplikacji\Talkback
2007-12-25 20:34 . 2007-12-25 20:34 <DIR> d-------- C:\Downloads
2007-12-24 22:41 . 2007-12-24 22:41 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Ahead
2007-12-24 21:39 . 2007-12-26 12:22 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\OpenOffice.org2
2007-12-24 21:38 . 2007-12-24 21:38 <DIR> d-------- C:\Program Files\Edgard Multimedia
2007-12-24 21:35 . 2007-12-24 21:35 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji\Winamp
2007-12-24 21:29 . 2007-12-24 21:30 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Gadu-Gadu
2007-12-24 21:28 . 2007-12-26 15:50 <DIR> d--h----- C:\Documents and Settings\Ewelina.SUPERPIPPO\Ustawienia lokalne
2007-12-24 21:28 . 2007-12-24 21:28 <DIR> dr------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Ulubione
2007-12-24 21:28 . 2007-12-24 13:07 <DIR> d--h----- C:\Documents and Settings\Ewelina.SUPERPIPPO\Szablony
2007-12-24 21:28 . 2007-12-25 11:22 <DIR> d-------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Pulpit
2007-12-24 21:28 . 2007-12-24 21:28 <DIR> dr------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Moje dokumenty
2007-12-24 21:28 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start
2007-12-24 21:28 . 2007-12-24 22:41 <DIR> dr-h----- C:\Documents and Settings\Ewelina.SUPERPIPPO\Dane aplikacji
2007-12-24 15:17 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-24 15:12 . 2006-09-13 18:19 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-24 14:52 . 2007-12-24 14:52 <DIR> d-------- C:\Program Files\BearShare
2007-12-24 14:51 . 2007-12-24 14:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-24 14:44 . 2007-12-24 14:44 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-24 14:36 . 2007-12-24 14:36 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-24 14:30 . 2007-12-24 14:30 <DIR> d-------- C:\Program Files\EA SPORTS
2007-12-24 14:15 . 2007-12-24 14:15 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-12-24 14:13 . 2007-12-24 14:13 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-24 14:10 . 2007-12-26 16:02 <DIR> d-------- C:\Filmy
2007-12-24 14:07 . 2007-12-24 14:07 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-12-24 14:05 . 2007-12-26 15:54 <DIR> d-------- C:\Program Files\AutoConnect
2007-12-24 14:04 . 2007-12-24 14:04 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\Talkback
2007-12-24 14:04 . 2007-12-24 14:04 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\OpenOffice.org2
2007-12-24 14:04 . 2007-12-24 14:04 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\Ahead
2007-12-24 14:04 . 2006-09-13 19:14 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-12-24 14:04 . 2006-09-13 19:14 3,072 --a------ C:\WINDOWS\system32\dllcache\audstub.sys
2007-12-24 14:04 . 2007-12-26 15:40 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> dr------- C:\Documents and Settings\Ewelina.FORZAMILAN\Moje dokumenty
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> dr------- C:\Documents and Settings\Ewelina.FORZAMILAN\Menu Start
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Gadu-Gadu
2007-12-24 14:03 . 2007-12-24 14:03 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji\Winamp
2007-12-24 14:03 . 2007-12-24 14:04 <DIR> dr-h----- C:\Documents and Settings\Ewelina.FORZAMILAN\Dane aplikacji
2007-12-24 14:02 . 2007-12-24 21:28 <DIR> d--hs---- C:\WINDOWS\Installer
2007-12-24 14:02 . 2007-12-24 14:02 <DIR> dr------- C:\Documents and Settings\Ewelina.FORZAMILAN\Ulubione
2007-12-24 14:02 . 2007-12-24 14:02 <DIR> d--h----- C:\Documents and Settings\Ewelina.FORZAMILAN\Szablony
2007-12-24 14:02 . 2007-12-24 14:03 <DIR> d-------- C:\Documents and Settings\Ewelina.FORZAMILAN\Pulpit
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Ewelina\Ulubione
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Ewelina\Pulpit
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Ewelina\Moje dokumenty
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Ewelina\Gadu-Gadu
2007-12-24 14:01 . 2007-12-26 15:50 <DIR> d--h----- C:\Documents and Settings\Ewelina.FORZAMILAN\Ustawienia lokalne
2007-12-24 14:01 . 2007-12-26 15:50 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2007-12-24 14:01 . 2007-12-24 13:07 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2007-12-24 14:01 . 2007-12-24 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2007-12-24 14:01 . 2007-12-24 14:07 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2007-12-24 14:01 . 2007-12-26 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2007-12-24 14:01 . 2007-12-24 13:12 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2007-12-24 14:01 . 2007-12-24 13:08 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2007-12-24 14:01 . 2001-10-26 20:29 176,157 --a------ C:\WINDOWS\system32\dllcache\dgrpsetu.dll
2007-12-24 14:00 . 2007-12-26 15:58 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-12-24 14:00 . 2007-12-26 13:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-12-24 14:00 . 2007-12-24 14:01 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2007-12-24 14:00 . 2007-12-24 13:49 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 19:52 --------- d-----w C:\Program Files\neostrada tp
2007-12-26 17:43 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Ahead
2007-12-26 14:58 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-12-26 00:51 --------- d-----w C:\Program Files\RegCleaner
2007-12-25 20:13 --------- d-----w C:\Program Files\SubEdit-Player
2007-12-24 15:21 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Winamp
2007-12-24 12:56 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-24 12:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 12:55 --------- d-----w C:\Program Files\SAGEM
2007-12-24 12:55 --------- d-----w C:\Program Files\Java
2007-12-24 12:51 --------- d-----w C:\Program Files\XviD
2007-12-24 12:50 --------- d-----w C:\Program Files\Windows Media Components
2007-12-24 12:50 --------- d-----w C:\Program Files\Winamp
2007-12-24 12:49 --------- d-----w C:\Program Files\VistaCodecPack
2007-12-24 12:49 --------- d-----w C:\Program Files\DivX
2007-12-24 12:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-12-24 12:48 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-24 12:48 --------- d-----w C:\Program Files\Bradbury
2007-12-24 12:47 --------- d-----w C:\Program Files\SopCast
2007-12-24 12:47 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\SopCast
2007-12-24 12:46 --------- d-----w C:\Program Files\PSPad editor
2007-12-24 12:45 --------- d-----w C:\Program Files\PPMate
2007-12-24 12:45 --------- d-----w C:\Program Files\Opera
2007-12-24 12:45 --------- d-----w C:\Program Files\NAPI-PROJEKT
2007-12-24 12:45 --------- d-----w C:\Program Files\Common Files\Synacast
2007-12-24 12:45 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\PPMate
2007-12-24 12:42 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-24 12:42 --------- d-----w C:\Program Files\IrfanView
2007-12-24 12:42 --------- d-----w C:\Program Files\Hamachi
2007-12-24 12:42 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\Hamachi
2007-12-24 12:41 --------- d-----w C:\Program Files\GIMP-2.0
2007-12-24 12:40 --------- d-----w C:\Program Files\FMA 2
2007-12-24 12:40 --------- d-----w C:\Documents and Settings\Michael\Dane aplikacji\FMA
2007-12-24 12:39 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2007-12-24 12:38 --------- d-----w C:\Program Files\Stardock
2007-12-24 12:38 --------- d-----w C:\Program Files\Common Files\Stardock
2007-12-24 12:38 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-24 12:35 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-24 12:33 --------- d-----w C:\Program Files\Nero
2007-12-24 12:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-12-24 12:30 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-24 12:29 --------- d-----w C:\Program Files\Alwil Software
2007-12-24 12:24 --------- d-----w C:\Program Files\VIA
2007-12-24 12:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-24 12:17 --------- d-----w C:\Program Files\C-Media 3D Audio
2007-12-24 12:16 --------- d-----w C:\Program Files\SiSLan
2007-12-24 12:10 --------- d-----w C:\Program Files\Usługi online
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2007-12-26_14.42.48,20 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-09-13 17:18:56 1,897,408 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
+ 2005-05-25 21:02:00 3,193,536 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
+ 2005-03-03 17:53:57 48,640 ----a-w C:\WINDOWS\system32\drivers\sfdrv01.sys
+ 2005-02-23 15:59:54 6,656 ----a-w C:\WINDOWS\system32\drivers\sfhlp02.sys
+ 2004-12-03 10:20:41 20,544 ----a-w C:\WINDOWS\system32\drivers\sfsync02.sys
+ 1998-08-27 04:51:44 182,032 ----a-w C:\WINDOWS\system32\dxtmsft3.dll
+ 1998-09-02 08:28:18 38,160 ----a-w C:\WINDOWS\system32\LMRTREND.dll
+ 2003-12-08 12:58:22 94,208 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
+ 1998-09-02 08:02:02 194,320 ----a-w C:\WINDOWS\system32\qcut.dll
+ 1998-09-02 08:28:48 63,488 ----a-w C:\WINDOWS\system32\unam4ie.exe
+ 1998-08-17 09:21:56 10,240 ----a-w C:\WINDOWS\system32\vidx16.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 15:58]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 10:40]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-05-25 22:02 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-18 18:13]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44]
C:\Documents and Settings\Ewelina.FORZAMILAN\Menu Start\Programy\Autostart\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]
C:\Documents and Settings\Ewelina.SUPERPIPPO\Menu Start\Programy\Autostart\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-15 08:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-15 08:42]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 18:19]
S3 Via4in1;Via4in1;F:\DATA\fscommand\Via4in1.sys []
*Newly Created Service* - SISPORT
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 20:54:21
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???\???/??[?????? [?? [???????????????????[???[?C???? [$??????[????????????S??[????????m??[$??w????(????>?w???w???????w???w???[????????d???b6?[%??[?? [????"??[A??[???[v??wZ??[?3?[?3?[????st.I???????[????d???0=?[?K?[
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-26 20:54:51
C:\ComboFix2.txt ... 2007-12-26 15:50
C:\ComboFix3.txt ... 2007-12-26 15:39
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 17 gości