hijack :
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:14, on 2008-03-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Flashget] "D:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\mat\Dane aplikacji\Mozilla\Firefox\Profiles\of7vvjg5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\mat\Dane aplikacji\Mozilla\Firefox\Profiles/of7vvjg5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Privoxy.lnk = D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp01.photoprintit.de/microsite/8570/defaults/activex/IPSUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CE6613E-189A-4844-A23D-AE9BBB0C4152}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
--
End of file - 7354 bytes
Combofix
- Kod: Zaznacz wszystko
ComboFix 08-03-27.4 - mat 2008-03-29 13:06:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.620 [GMT 1:00]
Running from: C:\Documents and Settings\mat\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_npf
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.
2008-03-29 12:57 . 2008-03-29 12:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-29 12:55 . 2008-03-29 13:03 <DIR> d-------- C:\SDFix
2008-03-29 12:54 . 2008-03-29 12:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-25 08:38 . 2008-03-25 08:38 <DIR> d-------- C:\Program Files\Nvu
2008-03-25 08:38 . 2008-03-25 08:57 <DIR> d-------- C:\Documents and Settings\mat\Dane aplikacji\Nvu
2008-03-15 13:14 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-15 13:14 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-15 13:07 . 2008-03-15 13:07 <DIR> d-------- C:\Documents and Settings\mat\Dane aplikacji\InstallShield
2008-03-11 17:03 . 2008-03-14 12:24 <DIR> d-------- C:\Documents and Settings\mat\Dane aplikacji\GetRightToGo
2008-03-08 16:43 . 2008-03-08 16:43 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-03-08 16:43 . 2008-03-29 12:52 <DIR> d-------- C:\Documents and Settings\mat\Dane aplikacji\MegauploadToolbar
2008-03-08 10:29 . 2008-03-08 10:29 <DIR> d-------- C:\Program Files\AlfaClock Free Edition
2008-03-08 09:50 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-03-08 09:50 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-08 09:50 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-03-08 09:50 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-03-08 09:50 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-08 09:50 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-03-08 09:50 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-08 09:49 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-08 09:49 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-08 09:49 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-08 09:49 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-03-08 09:49 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-03-08 09:49 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-03-08 09:49 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-03-05 10:57 . 2007-12-07 03:14 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-05 10:57 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-05 10:57 . 2007-07-01 04:36 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-05 10:57 . 2007-12-07 03:14 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-05 10:57 . 2007-12-07 03:14 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-05 10:57 . 2007-12-07 03:14 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-05 10:57 . 2007-12-07 03:14 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-05 10:57 . 2007-12-07 03:14 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-05 10:57 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-05 10:56 . 2008-03-05 10:57 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-03-04 12:39 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-03-04 12:39 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-03-04 12:39 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-03-04 12:39 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-03-04 12:38 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-03-04 12:38 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-03-04 12:11 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-04 11:50 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-04 11:32 . 2008-03-06 07:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-03 14:25 . 2008-03-05 16:07 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-03-03 14:25 . 2008-03-03 14:27 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-03 14:25 . 2008-03-05 16:07 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-03 14:22 . 2008-03-03 14:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-03 14:04 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-03-03 14:04 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-03-03 14:03 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-03-03 14:03 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-03-03 14:03 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-03-01 15:41 . 2002-08-07 09:09 430,080 --a------ C:\WINDOWS\system32\cmcs21.ocx
2008-03-01 15:41 . 2007-12-04 14:05 352,256 --a------ C:\WINDOWS\system32\CyBattle.ocx
2008-03-01 15:41 . 2000-05-21 16:00 115,920 --a------ C:\WINDOWS\system32\Msinet.ocx
2008-03-01 15:41 . 2000-12-06 06:00 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-03-01 15:41 . 1998-06-23 21:00 103,744 --a------ C:\WINDOWS\system32\MSCOMM32.OCX
2008-03-01 15:41 . 2008-01-14 13:06 36,864 --a------ C:\WINDOWS\system32\CyFixer.exe
2008-03-01 15:41 . 2007-12-04 14:07 32,256 --a------ C:\WINDOWS\system32\CyBattle.oca
2008-03-01 15:40 . 1998-04-27 02:00 570,128 --a------ C:\WINDOWS\system32\dao350.dll
2008-03-01 15:40 . 2008-02-16 20:32 229,376 --a------ C:\WINDOWS\system32\CyMenu.ocx
2008-03-01 15:40 . 2004-03-08 22:00 212,240 --a------ C:\WINDOWS\system32\Richtx32.ocx
2008-03-01 15:40 . 2008-02-16 20:25 32,256 --a------ C:\WINDOWS\system32\CyMenu.oca
2008-03-01 15:40 . 2008-02-15 16:02 28,672 --a------ C:\WINDOWS\system32\CyTrap.dll
2008-03-01 15:25 . 2004-03-08 22:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-03-01 15:25 . 1998-03-25 22:12 53,248 --a------ C:\WINDOWS\system32\zlib.dll
2008-03-01 15:25 . 2007-02-24 23:52 45,056 --a------ C:\WINDOWS\system32\VBMP.ocx
2008-03-01 11:11 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-01 11:11 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-01 11:11 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-03-01 11:11 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-03-01 11:11 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-03-01 11:11 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-01 11:11 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-03-01 11:11 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-03-01 11:11 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-03-01 11:10 . 2008-03-01 11:11 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-01 11:10 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-03-01 11:10 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-01 11:10 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-29 12:06 . 2008-03-29 13:06 <DIR> d-------- C:\Program Files\ESET
2008-02-29 12:06 . 2008-02-29 12:06 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-02-29 12:06 . 2008-02-29 12:06 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-02-29 12:06 . 2008-02-29 12:06 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-02-29 12:06 . 2008-02-29 12:06 0 --a------ C:\WINDOWS\system32\mapisvc.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 22:06 --------- d-----w C:\Documents and Settings\mat\Dane aplikacji\Skype
2008-03-23 11:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 20:24 18,360 ----a-w C:\Documents and Settings\mat\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-03-15 11:57 --------- d-----w C:\Program Files\Java
2008-03-15 11:15 --------- d-----w C:\Documents and Settings\mat\Dane aplikacji\Vidalia
2008-03-15 11:15 --------- d-----w C:\Documents and Settings\mat\Dane aplikacji\tor
2008-03-01 08:57 --------- d-----w C:\Program Files\CyEngine
2008-02-23 11:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\POP3Profiles
2008-02-17 12:17 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-02-14 18:27 --------- d-----w C:\Documents and Settings\mat\Dane aplikacji\Corel
2008-02-14 18:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-02-11 19:27 --------- d-----w C:\Program Files\Common Files\Onet.pl
2008-02-11 19:27 --------- d-----w C:\Documents and Settings\mat\Dane aplikacji\Czat
2008-02-10 14:34 --------- d-----w C:\Program Files\IrfanView
2008-01-31 17:30 2,945,816 ----a-w C:\WINDOWS\dotnetfx3setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\mat\Dane aplikacji\Mozilla\Firefox\Profiles\of7vvjg5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [2007-03-05 14:24 2481088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 10:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"ScanRegistry"="C:\W" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 10:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"Flashget"="D:\Program Files\FlashGet\FlashGet.exe" [2007-04-02 14:32 1716224]
"NWEReboot"="" []
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-29 12:06 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Privoxy.lnk - D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 15:30:54 250368]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-19 17:40 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate]
C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-03-05 14:43 25879592 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2002-02-26 19:25 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"D:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 13:08:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="Base"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2008-03-29 13:09:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 12:09:54
Pre-Run: 9,494,298,624 bajtów wolnych
Post-Run: 9,424,547,840 bajt˘w wolnych
.
2008-03-12 08:23:45 --- E O F ---
Sdfix:
- Kod: Zaznacz wszystko
[b]SDFix: Version 1.164 [/b]
Run by mat on 2008-03-29 at 12:59
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 13:01:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:8b5cb58d
"s2"=dword:f51e36bb
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:36,80,62,f5,9d,74,1d,af,35,19,8b,e3,5e,5a,5f,cc,21,66,4a,bc,09,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cf,41,40,3f,b4,e7,af,fe,23,0f,89,32,31,37,49,95,11,..
"khjeh"=hex:30,79,21,eb,5f,fc,ba,ff,65,30,60,b1,2b,78,3f,6e,f2,53,ff,7f,d3,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,03,00,30,eb,1d,00,63,79,32,00,e8,ff,ff,ff,75,00,73,00,62,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:36,80,62,f5,9d,74,1d,af,35,19,8b,e3,5e,5a,5f,cc,21,66,4a,bc,09,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,cf,41,40,3f,b4,e7,af,fe,23,0f,89,32,31,37,49,95,11,..
"khjeh"=hex:30,79,21,eb,5f,fc,ba,ff,65,30,60,b1,2b,78,3f,6e,f2,53,ff,7f,d3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,03,00,00,d9,11,00,10,31,15,00,d8,ff,ff,ff,76,6b,0e,00,04,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikacj©"
"D:\\Program Files\\FlashGet\\flashget.exe"="D:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"D:\\Program Files\\BitTorrent\\bittorrent.exe"="D:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="D:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Disabled:Unreal Tournament 3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Onet.pl - Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sat 16 Feb 2008 88 ..SHR --- "C:\WINDOWS\system32\F20C2012D2.sys"
Sat 16 Feb 2008 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
[b]Finished![/b]
Pomozcie prosze
