- Kod: Zaznacz wszystko
ComboFix 08-08-18.04 - BASIA 2008-08-19 13:52:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.528 [GMT 2:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\BASIA\Cookies\basia@tradedoubler[1].txt
C:\Documents and Settings\BASIA\Dane aplikacji\inst.exe
C:\Documents and Settings\BASIA\UserData
C:\Documents and Settings\BASIA\UserData\G7EBQBIB\oWindowsUpdate[1].xml
C:\Documents and Settings\BASIA\UserData\index.dat
C:\Documents and Settings\BASIA\UserData\IXCPMHOB\oWindowsUpdate[1].xml
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))
.
2008-08-18 22:53 . 2008-08-18 22:54 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-08-18 22:53 . 2008-08-18 22:53 <DIR> d-------- C:\Program Files\AVSMedia
2008-08-18 22:53 . 2002-08-20 01:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-08-18 22:53 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-08-18 22:53 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-08-18 22:53 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-08-18 22:53 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-08-18 22:53 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-08-18 22:53 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-08-18 22:53 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-08-18 22:33 . 2008-08-18 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\IM
2008-08-18 22:32 . 2008-08-18 22:33 <DIR> d-------- C:\Program Files\IncrediMail
2008-08-18 22:32 . 2008-08-18 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\IncrediMail
2008-08-17 17:38 . 2008-08-17 17:41 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-17 17:18 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-17 17:17 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-07-31 23:01 . 2008-07-31 23:01 <DIR> d-------- C:\Program Files\Opera
2008-07-30 21:53 . 2008-07-30 21:53 <DIR> d-------- C:\Program Files\ESET
2008-07-30 21:53 . 2008-07-30 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-27 13:25 . 2008-07-27 13:30 <DIR> d-------- C:\Program Files\SkanerOnline
2008-07-23 02:44 . 2008-07-23 02:45 <DIR> d-------- C:\Program Files\RegSupreme Pro
2008-07-22 10:05 . 2008-07-22 10:10 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-22 10:05 . 2008-07-27 01:01 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-22 09:59 . 2008-07-22 09:59 <DIR> d-------- C:\Documents and Settings\BASIA\Dane aplikacji\DAEMON Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 20:30 --------- d-----w C:\Program Files\Magentic
2008-08-17 15:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-12 12:41 --------- d-----w C:\Program Files\Lx_cats
2008-07-28 16:51 --------- d-----w C:\Documents and Settings\BASIA\Dane aplikacji\Spamihilator
2008-07-27 10:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 10:53 --------- d-----w C:\Program Files\ArcaBit
2008-07-27 09:16 --------- d-----w C:\Documents and Settings\BASIA\Dane aplikacji\Skype
2008-07-27 08:50 --------- d-----w C:\Documents and Settings\BASIA\Dane aplikacji\skypePM
2008-07-22 07:59 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-18 12:54 --------- d-----w C:\Program Files\Java
2008-07-17 15:29 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-07-17 15:25 --------- d-----w C:\Program Files\Cartall
2008-07-13 18:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-09 20:28 --------- d-----w C:\Documents and Settings\BASIA\Dane aplikacji\Vso
2008-07-09 18:14 --------- d-----w C:\Program Files\VSO
2008-07-08 18:50 --------- d-----w C:\Program Files\Axis Communications
2008-07-08 11:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
2008-07-08 11:57 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\ArcaBit
2008-07-08 11:54 --------- d-----w C:\Documents and Settings\BASIA\Dane aplikacji\ArcaBit
2008-07-08 09:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-07-07 21:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-01 07:04 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-07-01 06:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-07-01 06:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-27 11:38 --------- d-----w C:\Program Files\Eidos
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-01 15:35 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-24 18:25 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-19 17:23 47,360 ----a-w C:\Documents and Settings\BASIA\Dane aplikacji\pcouffin.sys
2007-12-16 16:19 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2008-05-10 19:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008051020080511\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-23 12:26 243072]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:06 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 11:37 110592]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 12:22 638976]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-08-17 17:24 716800]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 14:02 786521]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 13:05 8429568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-28 13:05 81920]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 15:46 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 09:01 1447168]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 10:21 16125952 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-04-28 13:05 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-05-16 12:42:52 1777664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^BASIA^Menu Start^Programy^Autostart^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\BASIA\Menu Start\Programy\Autostart\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^BASIA^Menu Start^Programy^Autostart^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\BASIA\Menu Start\Programy\Autostart\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-17 14:20 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2005-07-26 14:17 94208 C:\Program Files\Lexmark 4300 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 12:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-23 12:26 243072 C:\Program Files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
--a------ 2007-03-21 15:41 145496 C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcemon.exe]
--a------ 2005-08-02 19:47 192512 C:\Program Files\Lexmark 4300 Series\lxcemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate]
--a------ 2005-07-27 11:59 260096 C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-09-20 08:23 132624 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Spamihilator\\dccproc.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\Team17\\Worms World Party\\Wwp.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15284:TCP"= 15284:TCP:BitComet 15284 TCP
"15284:UDP"= 15284:UDP:BitComet 15284 UDP
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 09:04]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-02-07 12:44]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 13:19]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-02-13 06:41]
S2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4df9d31-ac0b-11dc-a5ea-0013e8bff85d}]
\Shell\AutoRun\command - G:\USBNB.exe
*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{88485281-8b4b-4f8d-9ede-82e29a064277} - (no file)
MSConfigStartUp-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe
MSConfigStartUp-gcasServ - C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
MSConfigStartUp-Magentic - C:\PROGRA~1\Magentic\bin\Magentic.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/
R0 -: HKLM-Main,Start Page = hxxp://www.wp.pl/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206
O9 -: {40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} -
O16 -: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
C:\WINDOWS\Downloaded Program Files\ArcaOnline.inf
C:\WINDOWS\system32\ArcaMicroScanUpdater.exe
C:\WINDOWS\system32\ArcaOnlineUninstall.exe
C:\WINDOWS\system32\ArcaOnline.dll
O16 -: {631FF594-EC25-4CFF-B869-402DF294E1D6} - hxxp://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
C:\WINDOWS\Downloaded Program Files\OnetInstalator012s.ocx
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\system32\SkanerOnlineUninstall.exe
C:\WINDOWS\system32\SkanerOnline.dll
O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://stroms.dyndns.biz/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf
O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://212.123.135.131/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 13:55:37
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-19 13:57:01
ComboFix-quarantined-files.txt 2008-08-19 11:56:40
Pre-Run: 33,979,117,568 bajtów wolnych
Post-Run: 34,033,721,344 bajtów wolnych
242 --- E O F --- 2008-08-17 15:41:51
[code][/code]
[codeLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:05, on 2008-08-19
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198270239156
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://stroms.dyndns.biz/activex/AMC.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://gw.tallinnlv.ee:11082/activex/AxisCamControl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://212.123.135.131/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcaBit Update Service (AVUpdate) - Unknown owner - C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
--
End of file - 9372 bytes
[code]
Proszę o sprawdzenie powyższych logów.
Od pewniego czasu nie mogę otwierać zdjęć (rożne formaty zdjęć),nie otwiera mi się muzyka ,przestał działać program do odbierania poczty(incredi mail),generalnie wszystko spowolniło(może to wina wakacji?)
