oto mój problem , wczoraj na pulpicie wyświetliło mi się taka tapeta, i przeglądarka IE zaczeła się sama uruchamiać i pokazywał się komunikat o przeskanowaniu systemu
http://www.vpx.pl/up/20080109/60205d5889505b5790cf5fdc9f1a622b85269100908.jpg
dziś po przeskanowałem awastem ( 2 infekcje) a potem Spyware doktorem (2 robaki) i pulpit wygląda tak
http://www.vpx.pl/up/20080109/60208eeaedfe138ae65aa1bf22075183cc0b477854.jpg
http://www.vpx.pl/up/20080109/60212ca1b5bdac793ec2644311e91d44058a1147363.jpg
log z hijack
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:50, on 2008-01-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\netdde.exe
H:\Documents and Settings\Dom\Pulpit\RÓŻNE\PODSŁUH -GG\Podsłuch gg + programy\uap.exe
H:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Cain\Abel.exe
C:\BLUTUCZ\BTNtService.exe
H:\Program Files\cFosSpeed\spd.exe
C:\Diskeper-defragmentator\DkService.exe
C:\CDBurnerXP\NMSAccessU.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\alg.exe
C:\Spyware Doctor\svcntaux.exe
C:\Spyware Doctor\swdsvc.exe
C:\Spyware Doctor\SDTrayApp.exe
H:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
H:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
H:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Mozilla Firefox\firefox.exe
H:\WINDOWS\Explorer.EXE
C:\Tlen.pl\tlen.exe
C:\Browser Hijack Retaliator 4.5 @\BHR.exe
H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Hi Jack\HijackThis.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - H:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - H:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - H:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - H:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - I:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\ExPLabs.com\LinkScanner\LinkScannerIE.dll (file missing)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Program Files\AV VCS 3.0\Vcs3RT.dll
O2 - BHO: BDEX System - {D3464F94-A3FE-4675-8D96-49B008E12CD3} - H:\WINDOWS\dnqdlpmsom.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - H:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: The voipwet - {D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C} - H:\WINDOWS\voipwet.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - H:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: The epxonwo - {D94D49D7-31D6-42E1-A5FE-438C7BFD6498} - H:\WINDOWS\epxonwo.dll
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [uap1.4] H:\Documents and Settings\Dom\Pulpit\RÓŻNE\PODSŁUH -GG\Podsłuch gg + programy\uap.exe task
O4 - HKLM\..\Run: [SDTray] "C:\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ISUSPM] "H:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Komunikator] C:\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [AutoConnect] C:\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "H:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alexa.LNK = C:\ALEXA\AlexaStart.exe
O4 - Startup: HDDlife.lnk = C:\H D D\HDDlifePro.exe
O4 - Global Startup: SnagIt 8.lnk = H:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - I:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - I:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyszukiwanie w serwisie eBay - res://H:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\Program Files\SmartWhois IP\swmsie.exe
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files\SmartWhois IP\swmsie.exe
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files\SmartWhois IP\swmsie.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C45E3E1-429E-4A35-BFED-9E72717D19D4}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C45E3E1-429E-4A35-BFED-9E72717D19D4}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS4\Services\Tcpip\..\{7C45E3E1-429E-4A35-BFED-9E72717D19D4}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS5\Services\Tcpip\..\{7C45E3E1-429E-4A35-BFED-9E72717D19D4}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nnnopmk - nnnopmk.dll (file missing)
O23 - Service: Abel - oxid.it - C:\Cain\Abel.exe
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\BLUTUCZ\BTNtService.exe
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - H:\Program Files\BufferZone\CLNTSVC.EXE (file missing)
O23 - Service: BufferZone DCOM Helper (BZDcomLaunch) - Unknown owner - H:\Program Files\BufferZone\BZDCOMLAUNCH.EXE (file missing)
O23 - Service: BufferZone RPC Helper (BZRpcSs) - Unknown owner - H:\Program Files\BufferZone\BZRPCSS.EXE (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - H:\Program Files\cFosSpeed\spd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Diskeper-defragmentator\DkService.exe
O23 - Service: lxcg_device - - H:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MezzmoService - Conceiva Pty. Ltd. - C:\MEZZO\MezzmoService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - H:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: Privacy Protection - file:///H:\WINDOWS\privacy_danger\index.htm
--
End of file - 10150 bytes
combo fix
- Kod: Zaznacz wszystko
ComboFix 08-01-09.2 - Dom 2008-01-09 17:58:06.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.518 [GMT 1:00]
Running from: H:\Documents and Settings\Dom\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
H:\WINDOWS\dat.txt
H:\WINDOWS\dnqdlpmsom.dll
H:\WINDOWS\epxonwo.dll
H:\WINDOWS\explore256.dll
H:\WINDOWS\nretcip.exe
H:\WINDOWS\rs.txt
H:\WINDOWS\system32\afbdfecd7_d.dll
H:\WINDOWS\system32\ddeeg.ini
H:\WINDOWS\system32\ddeeg.ini2
H:\WINDOWS\system32\knqtbeev.ini
H:\WINDOWS\voipwet.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.
2008-01-09 00:58 . 2008-01-09 00:58 4,096 --ahs---- H:\WINDOWS\system32\Thumbs.db
2008-01-09 00:47 . 2008-01-09 00:47 20,234 --a------ H:\Documents and Settings\Dom\sig2B3.dat
2008-01-08 17:06 . 2008-01-08 17:06 <DIR> d-------- H:\WINDOWS\Beetle Bug 2
2008-01-08 12:35 . 2008-01-08 12:35 <DIR> d-------- H:\Documents and Settings\Dom\Dane aplikacji\Nero
2008-01-08 12:34 . 2008-01-08 12:34 <DIR> d-------- H:\Program Files\Common Files\Nero
2008-01-08 12:34 . 2008-01-08 12:34 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-01-08 12:34 . 2006-03-17 11:45 1,757,184 --a------ H:\WINDOWS\system32\imagX7.dll
2008-01-08 12:34 . 2006-03-17 11:45 802,816 --a------ H:\WINDOWS\system32\imagXRA7.dll
2008-01-08 12:34 . 2006-03-17 11:45 497,296 --a------ H:\WINDOWS\system32\imagXpr7.dll
2008-01-08 12:34 . 2006-03-17 14:49 368,640 --a------ H:\WINDOWS\system32\TwnLib4.dll
2008-01-08 12:34 . 2006-03-17 11:45 258,048 --a------ H:\WINDOWS\system32\imagXR7.dll
2008-01-08 09:30 . 2008-01-08 09:35 0 --a------ H:\WINDOWS\system32\WIN.INI
2008-01-08 09:30 . 2008-01-08 09:35 0 --a------ H:\WINDOWS\system32\SYSTEM.INI
2008-01-08 00:06 . 2006-07-11 19:49 57,344 --a------ H:\WINDOWS\system32\MFC71ENU.DLL
2008-01-07 22:36 . 2008-01-07 11:45 90,112 --a------ H:\WINDOWS\fqwmwdn.exe
2008-01-07 14:49 . 2008-01-07 14:49 21 --a------ H:\WINDOWS\kit.ini
2008-01-07 14:46 . 2008-01-08 08:49 <DIR> d-------- H:\Program Files\neostrada tp
2008-01-07 14:44 . 2008-01-07 14:44 1,094 --a------ H:\WINDOWS\Active Setup Log.BAK
2008-01-07 14:41 . 2008-01-07 14:41 <DIR> d-------- H:\Program Files\ZTE ZXDSL 852
2008-01-07 14:41 . 2006-06-02 17:38 425,984 -ra------ H:\WINDOWS\system32\stmcfg32.dll
2008-01-07 14:41 . 2006-06-02 10:01 151,552 -ra------ H:\WINDOWS\system32\stmctrl.dll
2008-01-07 14:41 . 2008-01-07 14:43 3,242 --a------ H:\WINDOWS\stsetup.htm
2008-01-07 09:46 . 2008-01-07 09:46 26 --a------ H:\WINDOWS\rainbowcrack-online.types
2008-01-06 23:49 . 2008-01-06 23:49 <DIR> d-------- H:\Program Files\Video Server E
2008-01-06 22:37 . 2005-08-02 22:08 81,920 --a------ H:\WINDOWS\system32\_packet.dlluninstall
2008-01-06 16:40 . 2008-01-06 16:40 <DIR> d-------- H:\Documents and Settings\Dom\Dane aplikacji\USBSafelyRemove
2008-01-05 00:40 . 2008-01-05 00:40 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\BlazeVideo
2008-01-04 15:53 . 2008-01-04 15:53 <DIR> d-------- H:\Documents and Settings\Dom\Dane aplikacji\NASA
2008-01-04 14:29 . 2008-01-04 14:30 <DIR> d-------- H:\Documents and Settings\Dom\Dane aplikacji\Super-Cow
2008-01-04 14:25 . 2008-01-04 14:25 <DIR> d-------- H:\Program Files\ReflexiveArcade
2008-01-04 11:36 . 2008-01-04 11:36 <DIR> d-------- H:\Documents and Settings\Dom\Dane aplikacji\ABBYY
2008-01-04 10:48 . 2008-01-04 10:48 <DIR> d-------- H:\Documents and Settings\Dom\filterfiles
2008-01-04 00:49 . 2008-01-04 10:09 <DIR> d-------- H:\Documents and Settings\Dom\Dane aplikacji\CallingID
2008-01-04 00:49 . 2008-01-04 00:49 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\ExPLabs.com
2008-01-04 00:49 . 2008-01-06 17:11 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\{54B37BDA-7415-4C17-A2C9-A871DC6D2370}
2008-01-04 00:34 . 2008-01-04 00:34 <DIR> d-------- H:\Documents and Settings\Dom\Dane aplikacji\SopCast
2008-01-03 22:25 . 2008-01-03 22:25 <DIR> d-------- H:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-01-03 22:23 . 2008-01-03 22:23 <DIR> d-------- H:\Documents and Settings\Administrator\Gadu-Gadu
2008-01-03 21:35 . 2000-12-05 23:00 209,608 --------- H:\WINDOWS\system32\TABCTL32.OCX
2008-01-03 21:35 . 2004-03-08 23:00 124,688 --------- H:\WINDOWS\system32\Mswinsck.ocx
2008-01-03 21:35 . 2000-07-14 23:00 101,888 --------- H:\WINDOWS\system32\VB6STKIT.DLL
2008-01-03 21:20 . 2008-01-03 21:20 <DIR> d--hs---- H:\Diskeeper
2008-01-03 21:17 . 2008-01-03 21:17 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
2008-01-03 21:03 . 2008-01-03 21:03 <DIR> d-------- H:\WINDOWS\Easy Rapidshare Points
2008-01-03 10:49 . 2008-01-03 10:49 <DIR> d-------- H:\Documents and Settings\Dom\Dane aplikacji\Media Player Classic
2008-01-03 10:45 . 2005-12-08 13:56 65,536 --a------ H:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-03 10:45 . 2005-12-08 13:56 49,152 --a------ H:\WINDOWS\system32\QuickTime.qts
2008-01-03 10:44 . 2008-01-03 10:44 <DIR> d-------- H:\Program Files\QuickTime Alternative
2008-01-03 10:42 . 2008-01-03 10:42 <DIR> d-------- H:\Program Files\Common Files\Real
2008-01-03 10:42 . 2008-01-03 10:44 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-01-03 09:53 . 2008-01-06 23:35 <DIR> d-------- H:\Program Files\WinPcap
2008-01-03 09:36 . 2008-01-03 09:36 <DIR> d-------- H:\Program Files\Winamp Remote
2008-01-03 09:36 . 2008-01-03 09:36 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-01-03 08:04 . 2008-01-03 08:04 103,736 --a------ H:\WINDOWS\system32\PnkBstrB.exe
2008-01-03 08:04 . 2008-01-03 08:04 66,872 --a------ H:\WINDOWS\system32\PnkBstrA.exe
2008-01-03 08:04 . 2008-01-03 08:04 22,328 --a------ H:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-03 08:04 . 2008-01-03 08:04 22,328 --a------ H:\Documents and Settings\Dom\Dane aplikacji\PnkBstrK.sys
2008-01-03 00:38 . 2008-01-03 00:38 277 --a------ H:\WINDOWS\game.ini
2008-01-02 19:35 . 2008-01-02 19:55 <DIR> d-------- H:\Documents and Settings\Dom\Dane aplikacji\Spik
2008-01-02 11:39 . 2008-01-02 11:41 <DIR> d-------- H:\Program Files\TechSmith
2008-01-02 11:39 . 2008-01-02 11:39 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\TechSmith
2007-12-31 18:33 . 2007-12-31 18:33 2,320,256 --a------ H:\WINDOWS\system32\kernel1.exe
2007-12-31 15:24 . 2007-11-29 11:40 143,360 --a------ H:\WINDOWS\monhop.exe
2007-12-30 21:42 . 2007-12-30 21:56 16 --a------ H:\WINDOWS\system32\RgsData.dat
2007-12-30 21:42 . 2007-12-30 21:56 16 --a------ H:\WINDOWS\odbctrap.ini
2007-12-30 20:29 . 2002-12-10 09:11 6,852 --a------ H:\WINDOWS\system32\drivers\Vcs.sys
2007-12-30 19:10 . 2007-12-30 19:10 <DIR> d-------- H:\Documents and Settings\Dom\Dane aplikacji\TamoSoft
2007-12-30 19:10 . 2007-12-30 19:10 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\TamoSoft
2007-12-28 21:37 . 2007-12-28 21:37 <DIR> d-------- H:\Program Files\DFX
2007-12-28 21:37 . 2007-12-28 21:37 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\DFX
2007-12-28 20:23 . 2007-12-28 20:37 200 --a------ H:\WINDOWS\MPPAGER.INI
2007-12-28 20:04 . 2007-12-28 20:04 <DIR> d-------- H:\Program Files\Mplayer
2007-12-28 19:59 . 2007-12-28 19:59 <DIR> d-------- H:\Documents and Settings\Dom\WINDOWS
2007-12-28 18:57 . 2007-12-24 09:55 192 --ahs---- H:\BOOT.BKK
2007-12-28 18:53 . 2007-12-28 18:53 <DIR> d-------- H:\Program Files\TGTSoft
2007-12-27 21:46 . 2007-12-27 21:46 <DIR> d-------- H:\Documents and Settings\Dom\.thumbnails
2007-12-27 21:40 . 2007-12-27 22:22 <DIR> d-------- H:\Documents and Settings\Dom\.gimp-2.4
2007-12-24 10:15 . 2008-01-01 22:13 705 --a------ H:\WINDOWS\NPGUI.INI
2007-12-24 10:10 . 2008-01-09 17:41 111,804 --a------ H:\WINDOWS\NetPkr.str
2007-12-24 10:08 . 2007-12-24 10:08 246,864 --a------ H:\WINDOWS\system32\drivers\NetPeeker.sys
2007-12-24 10:08 . 2004-08-05 21:35 2,615 --a------ H:\WINDOWS\NetPkr.Rul
2007-12-23 21:10 . 2000-06-23 14:05 136,704 --a------ H:\WINDOWS\system32\iacenc.dll
2007-12-23 21:10 . 2000-06-22 13:09 56,320 --------- H:\WINDOWS\system32\iyvu9_32.dll
2007-12-23 21:07 . 2007-12-23 21:11 1,118 --a------ H:\WINDOWS\disney.ini
2007-12-23 21:07 . 2007-12-23 21:07 192 --a------ H:\WINDOWS\disneysy.ini
2007-12-23 14:13 . 2007-12-23 14:13 <DIR> d-------- H:\Program Files\UZC
2007-12-23 13:39 . 2007-12-23 23:12 1,442 --a------ H:\WINDOWS\ARCHPR.INI
2007-12-23 10:02 . 2007-12-23 10:02 <DIR> d-------- H:\Soldat
2007-12-21 20:30 . 2007-12-21 20:30 54 --a------ H:\WINDOWS\MyProg.ini
2007-12-21 20:20 . 2007-12-21 20:20 <DIR> d-------- H:\Documents and Settings\Dom\Dane aplikacji\Cimaware
2007-12-21 12:56 . 2007-12-21 12:58 1,066 --a------ H:\WINDOWS\ARPR.INI
2007-12-20 12:43 . 2007-12-20 17:49 725 --a------ H:\WINDOWS\CoD.INI
2007-12-20 12:28 . 2007-12-20 12:28 <DIR> d-------- H:\Program Files\Alcohol Soft
2007-12-18 23:38 . 2007-12-18 23:38 135 --a------ H:\WINDOWS\wcx_ftp.ini
2007-12-18 23:36 . 2007-12-18 23:39 597 --a------ H:\WINDOWS\wincmd.ini
2007-12-18 23:36 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\UC.PIF
2007-12-18 23:36 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\RAR.PIF
2007-12-18 23:36 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\PKZIP.PIF
2007-12-18 23:36 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\PKUNZIP.PIF
2007-12-18 23:36 . 2007-09-14 07:02 545 --a------ H:\WINDOWS\NOCLOSE.PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 16:58 --------- d-----w H:\Program Files\cFosSpeed
2008-01-09 16:57 --------- d---a-w H:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-08 19:17 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\Skype
2008-01-08 11:04 --------- d-----w H:\Program Files\Mozilla Thunderbird
2008-01-07 23:06 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-01-07 16:24 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\uTorrent
2008-01-07 13:08 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\Hamachi
2008-01-07 13:06 --------- d-----w H:\Program Files\Usługi online
2008-01-06 16:56 --------- d-----w H:\Program Files\Windows Media Connect 2
2008-01-03 23:06 --------- d-----w H:\Program Files\Gadu-Gadu
2008-01-03 09:44 --------- d-----w H:\Program Files\Media Player Classic
2008-01-03 08:28 --------- d-----w H:\Program Files\Winamp
2008-01-02 22:07 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\Tlen.pl
2008-01-02 10:41 --------- d-----w H:\Program Files\Common Files\Wise Installation Wizard
2008-01-01 21:02 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\Metacafe
2007-12-31 14:23 --------- d-----w H:\Program Files\RichVideoCodec
2007-12-27 21:14 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\gtk-2.0
2007-12-27 08:04 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\Uniblue
2007-12-18 09:45 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\WholeSecurity
2007-12-17 15:57 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\Cream Software
2007-12-14 15:02 --------- d-----w H:\Program Files\Common Files\Adobe
2007-12-12 20:08 --------- d-----w H:\Program Files\Common Files\Nokia
2007-12-12 19:57 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Installations
2007-12-11 14:11 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\URSoft
2007-12-07 20:25 39,424 ----a-w H:\WINDOWS\zipinst.exe
2007-12-06 22:10 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\WNR
2007-12-05 22:03 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\AutoMapa
2007-12-05 17:18 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\eBay
2007-12-05 17:17 --------- d-----w H:\Program Files\eBay
2007-12-05 10:49 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\GlarySoft
2007-12-04 22:09 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Metacafe
2007-12-04 14:56 93,264 ----a-w H:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w H:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w H:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w H:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w H:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w H:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w H:\WINDOWS\system32\AvastSS.scr
2007-12-02 20:25 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\PC Suite
2007-12-02 19:56 --------- d-----w H:\Program Files\BearShare Applications
2007-12-01 08:43 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\Nokia Multimedia Player
2007-12-01 08:13 --------- d-----w H:\Program Files\Nokia
2007-11-29 20:41 359,808 ----a-w H:\WINDOWS\system32\drivers\TCPIP.SYS
2007-11-27 13:07 49,152 ----a-r H:\WINDOWS\system32\inetwh32.dll
2007-11-27 13:07 1,044,480 ----a-r H:\WINDOWS\system32\roboex32.dll
2007-11-26 21:46 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Nokia
2007-11-23 19:08 --------- d-----w H:\Program Files\Common Files\LogoManager
2007-11-22 08:56 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\Nokia
2007-11-22 08:55 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2007-11-21 17:33 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\BearShare
2007-11-21 15:41 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2007-11-20 20:59 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\Leadertech
2007-11-20 17:28 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\IE7Pro
2007-11-20 17:17 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-11-20 12:38 24,860 ----a-w H:\Documents and Settings\Dom\sig17.dat
2007-11-19 13:41 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\AdobeUM
2007-11-16 21:31 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\AdobeAUM
2007-11-16 18:45 114,688 ----a-w H:\WINDOWS\sawkip.exe
2007-11-16 16:20 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\Lavasoft
2007-11-16 12:10 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\PC Tools
2007-11-16 08:12 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\YourPrivacyGuard
2007-11-15 22:31 --------- d-----w H:\Program Files\Common Files\YourPrivacyGuard
2007-11-15 22:31 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\YourPrivacyGuard
2007-11-15 07:53 --------- d-----w H:\Program Files\Yahoo!
2007-11-12 23:15 15,872 ------w H:\WINDOWS\system32\winskfr.dll
2007-11-12 23:15 119,568 ------w H:\WINDOWS\system32\vb6fr.dll
2007-11-12 18:50 17,480 ----a-w H:\WINDOWS\system32\drivers\hamachi.sys
2007-11-12 17:42 --------- d-----w H:\Documents and Settings\Dom\Dane aplikacji\OTVREG
2007-11-12 09:13 685,816 ----a-w H:\WINDOWS\system32\drivers\sptd.sys
2007-11-11 20:08 94,208 ----a-w H:\WINDOWS\ScUnin.exe
2007-11-10 21:47 737,280 ----a-w H:\WINDOWS\iun6002.exe
2007-11-06 08:20 831,048 ----a-w H:\WINDOWS\system32\WudfUpdate_01005.dll
2007-10-22 02:39 267,272 ----a-w H:\WINDOWS\system32\xactengine2_10.dll
2007-10-12 14:14 3,734,536 ----a-w H:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w H:\WINDOWS\system32\D3DCompiler_36.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-09_17.47.16,70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-09 16:54:27 16,384 ----atw H:\WINDOWS\Temp\Perflib_Perfdata_3a0.dat
+ 2008-01-09 16:54:06 16,384 ----atw H:\WINDOWS\Temp\Perflib_Perfdata_79c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-12-02 15:13 394680 --a------ H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@={37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@={F594B094-8768-4632-8143-12852EBBD688}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@={F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@={E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2007-08-06 14:20 1222576 --a------ H:\WINDOWS\system32\RlShellExt.dll
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2007-08-06 14:20 1222576 --a------ H:\WINDOWS\system32\RlShellExt.dll
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2007-08-06 14:20 1222576 --a------ H:\WINDOWS\system32\RlShellExt.dll
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2007-08-06 14:20 1222576 --a------ H:\WINDOWS\system32\RlShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="H:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 22:56 218032]
"Komunikator"="C:\Tlen.pl\tlen.exe" [2007-11-07 15:33 6234624]
"AutoConnect"="C:\AutoConnect\AutoConnect.exe" [2004-08-28 19:27 295424]
"AlcoholAutomount"="H:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27 219520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StormCodec_Helper"="C:\Storm Codec\StormSet.exe" [2006-04-08 08:17 296631]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 H:\WINDOWS\system32\nwiz.exe]
"uap1.4"="H:\Documents and Settings\Dom\Pulpit\RÓŻNE\PODSŁUH -GG\Podsłuch gg + programy\uap.exe" [2008-01-06 21:45 236499]
"SDTray"="C:\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]
"Nokia.PCSync"="C:\NOKIA N70\Nokia PC Suite 6\Nokia PC Suite 6\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
H:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
SnagIt 8.lnk - H:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 11:11:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiscSpaceChecks"= 000000000000f03f
"NoBandCustomize"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= file:///H:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopmk]
nnnopmk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=H:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Menu Start^Programy^Autostart^LUMIX Simple Viewer.lnk]
backup=H:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 11:27 219520 H:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
--a------ 2007-10-31 10:51 599280 H:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
--a------ 2007-11-07 15:33 6234624 C:\Tlen.pl\tlen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetPeeker]
--a------ 2004-12-05 22:51 439296 C:\mierzy transfer\NPGUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-12-18 02:02 471040 H:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PasswordOfficer]
R0 REDLIGHT;REDLIGHT;H:\WINDOWS\system32\drivers\REDLIGHT.SYS [2007-08-06 14:20]
R1 NetPeeker;NetPeeker;H:\WINDOWS\system32\Drivers\NetPeeker.sys [2007-12-24 10:08]
R2 Abel;Abel;C:\Cain\Abel.exe [2007-12-11 19:33]
R2 NMSAccessU;NMSAccessU;C:\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
R2 Vcs;Vcs support;H:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 DynCal;Dynamic Calibration Service;H:\WINDOWS\system32\drivers\Dyncal.sys [2003-11-14 02:46]
R3 NPF;NetGroup Packet Filter Driver;H:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10]
R3 Stmatm;ATM/ADSL miniport;H:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 13:51]
R3 TaurusUsb;ADSL Modem USB Service;H:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 14:28]
S2 BufferZoneSvc;BufferZone Service;H:\Program Files\BufferZone\CLNTSVC.EXE []
S2 BZDcomLaunch;BufferZone DCOM Helper;H:\Program Files\BufferZone\BZDCOMLAUNCH.EXE []
S2 BZRpcSs;BufferZone RPC Helper;H:\Program Files\BufferZone\BZRPCSS.EXE []
S2 MezzmoService;MezzmoService;"C:\MEZZO\MezzmoService.exe" [2007-12-24 11:08]
S3 BTNetFilter;Bluetooth Network Filter;H:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 cmudau;C-Media USB Sound Interface;H:\WINDOWS\system32\drivers\cmudau.sys [2005-06-06 10:21]
S3 DataMan;DataMan USB Infrared Adapter;H:\WINDOWS\system32\DRIVERS\DataMan.sys [2003-01-01 06:08]
S3 GVCplDrv;GVCplDrv;H:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
S3 usb2vcom;USB Data Cable;H:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-12-21 04:32]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 07:50:13 H:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-09 23:35:23 H:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 18:02:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: H:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Tlen.pl\hook.dll
-> H:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.
Completion time: 2008-01-09 18:04:25
ComboFix-quarantined-files.txt 2008-01-09 17:04:19
.
2007-11-14 20:02:03 --- E O F ---
prosze o pomoc i z góry dziękuje
