- Kod: Zaznacz wszystko
"Administrator" - 2008-06-14 16:44:39 Dodatek Service Pack 2
ComboFix 07-05.27.V - Running from: "D:\Moje programy\"
((((((((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))))))
2008-05-31 09:57 <DIR> d-------- C:\Downloads
2008-05-31 09:41 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-31 09:41 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-31 09:41 444,952 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-05-31 09:41 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-31 09:41 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-31 09:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-31 09:41 109,080 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-05-31 09:41 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-31 09:41 <DIR> d-------- C:\Program Files\OpenAL
2008-05-28 08:34 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-27 17:19 106,496 --a------ C:\WINDOWS\system32\APmpg4v1.dll
2008-05-27 17:19 <DIR> d-------- C:\Program Files\AngelPotion Video Codec V1
2008-05-25 04:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\PowerChallenge
2008-05-24 14:56 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-05-24 14:54 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-24 14:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-23 00:11 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-05-23 00:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\MegauploadToolbar
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-07-22 22:34:59 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\Opera
2008-05-31 07:41:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-27 12:36:02 28,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-05-26 17:53:48 -------- d-----w C:\Program Files\Opera
2008-05-25 03:58:27 -------- d-----w C:\Program Files\Codec Pack - All In 1
2008-05-10 06:20:50 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\RapidGet
2008-05-06 17:50:42 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 17:50:42 22,328 ----a-w C:\DOCUME~1\ADMINI~1\DANEAP~1\PnkBstrK.sys
2008-05-06 17:50:20 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-06 17:50:11 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-05 05:18:02 520,192 ----a-w C:\WINDOWS\system32\Grand Theft Auto IV Screenshot.scr
2008-05-03 11:38:17 -------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-02 12:16:18 -------- d-----w C:\Program Files\AGEIA Technologies
2008-05-02 12:15:44 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 08:37:18 -------- d-----w C:\Program Files\Nokia
2008-05-02 08:37:17 -------- d-----w C:\Program Files\Common Files\PCSuite
2008-05-02 08:19:37 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\Nokia
2008-05-02 07:59:23 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\PC Suite
2008-05-02 07:59:20 -------- d-----w C:\Program Files\DIFX
2008-04-23 17:35:16 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-21 16:41:41 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\FlashGet
2008-04-21 15:02:13 -------- d-----w C:\Program Files\Alcohol Soft
2008-04-19 06:58:36 74,230 ----a-w C:\WINDOWS\system32\perfc015.dat
2008-04-19 06:58:36 448,004 ----a-w C:\WINDOWS\system32\perfh015.dat
2008-04-18 17:51:43 -------- d-----w C:\Program Files\Realtek AC97
2008-04-17 13:16:03 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\Orbit
2008-04-16 06:35:28 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\Winamp
2008-04-16 06:34:26 -------- d-----w C:\Program Files\Winamp
2008-04-15 12:43:40 40 ----a-w C:\WINDOWS\RSoftInfo.dat
2008-04-13 07:26:54 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-04-03 08:11:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-03 08:11:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-03 07:49:42 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-02 12:35:12 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=D:\Program Files\FlashGet\jccatch.dll [2007-08-06 11:11]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 18:25]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 04:25]
{F156768E-81EF-470C-9057-481BA8380DBA}=D:\Program Files\FlashGet\getflash.dll [2007-05-18 18:13]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49]
"SoundMan"="SOUNDMAN.EXE" []
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
*Newly Created Service* -PROCEXP90
********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 16:45:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2008-06-14 16:45:25
C:\ComboFix-quarantined-files.txt ... 2008-06-14 16:45
C:\ComboFix2.txt ... 2003-07-23 00:22
--- E O F ---
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 16:46:09, on 2008-06-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PLANET WL-8314\WLANMON.exe
D:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
D:\Moje programy\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy.megainternet.pl:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WL-8314 Configuration Utility.lnk = ?
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.minigry.pl/applet/PowerLoader.cab
O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://83.14.10.131/ActiveView.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91BE16DE-BD82-43BD-A335-C39AEEC8F844}: NameServer = 85.117.17.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
