Log z HiJackThis:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:14, on 08-12-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\XP\System32\smss.exe
C:\XP\system32\csrss.exe
C:\XP\system32\winlogon.exe
C:\XP\system32\services.exe
C:\XP\system32\lsass.exe
C:\XP\system32\svchost.exe
C:\XP\system32\svchost.exe
C:\XP\System32\svchost.exe
C:\XP\system32\svchost.exe
C:\XP\system32\svchost.exe
C:\XP\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\XP\Explorer.EXE
C:\XP\system32\spoolsv.exe
C:\XP\system32\CTsvcCDA.exe
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\XP\System32\FTRTSVC.exe
C:\XP\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\XP\system32\svchost.exe
C:\XP\System32\alg.exe
C:\XP\system32\wscntfy.exe
C:\XP\RTHDCPL.EXE
C:\XP\system32\RunDLL32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\XP\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\XP\System32\WScript.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\XP\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Patrycja\Pulpit\HiJackThis.exe
C:\XP\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66020
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66020
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66020
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\XP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\XP\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\XP\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\XP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\XP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [MS32DLL] C:\XP\MS32DLL.dll.vbs
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - Startup: GM_DevUpdate.lnk = C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FE99277-609C-4F44-B692-BEFAEC83A180}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{5FE99277-609C-4F44-B692-BEFAEC83A180}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\XP\system32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\XP\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\XP\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\XP\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
--
End of file - 10183 bytes
Log z ComboFixa:
- Kod: Zaznacz wszystko
ComboFix 08-12-29.02 - Patrycja 2008-12-30 21:10:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.186 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Patrycja\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Patrycja\Dane aplikacji\addons.dat
C:\MS32DLL.dll.vbs
c:\xp\MS32DLL.dll.vbs
c:\xp\system32\setup.ini
D:\MS32DLL.dll.vbs
E:\MS32DLL.dll.vbs
.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-28 do 2008-12-30 )))))))))))))))))))))))))))))))
.
2008-12-30 14:22 . 2008-12-30 14:22 <DIR> d-------- c:\program files\Lavasoft
2008-12-30 14:22 . 2008-12-30 14:22 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-30 14:22 . 2008-12-30 14:25 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2008-12-29 12:28 . 2008-12-29 12:45 <DIR> d-------- c:\program files\SkanerOnline
2008-12-29 00:21 . 2008-12-29 00:21 <DIR> d--h----- c:\xp\system32\sys32
2008-12-28 18:25 . 2008-12-28 18:25 <DIR> d-------- C:\My Downloads
2008-12-26 20:42 . 2008-12-26 20:43 <DIR> d-------- c:\program files\Ski Park Manager
2008-12-07 23:55 . 2008-12-07 23:55 <DIR> d-------- c:\program files\YouTube Downloader
2008-11-27 16:05 . 2008-11-27 16:05 <DIR> d-------- c:\program files\Sun
2008-11-01 21:55 . 2008-11-01 21:55 <DIR> d-------- c:\program files\Mp3 Knife
2008-11-01 21:55 . 2008-12-29 12:28 <DIR> d-------- c:\program files\Crawler
2008-11-01 21:55 . 2004-04-12 17:27 609,584 --a------ c:\xp\system32\comctl32.ocx
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 19:20 --------- d-----w c:\program files\neostrada tp
2008-12-30 19:12 --------- d-----w c:\documents and settings\Patrycja\Dane aplikacji\Skype
2008-12-30 19:11 --------- d-----w c:\documents and settings\Patrycja\Dane aplikacji\skypePM
2008-12-28 17:26 --------- d-----w c:\program files\BearShare
2008-12-27 15:34 --------- d-----w c:\documents and settings\Patrycja\Dane aplikacji\uTorrent
2008-11-27 15:05 --------- d-----w c:\program files\Java
2008-11-25 22:05 --------- d-----w c:\program files\Gadu-Gadu
2008-01-19 13:57 33,904 ----a-w c:\documents and settings\Patrycja\Dane aplikacji\GDIPFONTCACHEV1.DAT
2004-10-01 13:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-05-10 2111176]
"ares"="c:\program files\Ares\Ares.exe" [2007-05-04 961024]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-12-19 486856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools\daemon.exe" [2007-12-19 486856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2008-07-10 1597936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\xp\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\xp\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\xp\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="c:\xp\system32\NvCpl.dll" [2006-06-01 7618560]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\xp\system32\NeroCheck.exe" [2001-07-09 155648]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 135168]
"DT Task"="c:\program files\Portrait Displays\forteManager\DTHtml.exe" [2006-09-08 282624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-02 98304]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"BearShare"="c:\program files\BearShare\BearShare.exe" [2006-08-01 3313664]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\xp\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\xp\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-06-01 c:\xp\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\xp\system32\nvmctray.dll]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 c:\xp\system32\stmctrl.dll]
c:\documents and settings\Patrycja\Menu Start\Programy\Autostart\
GM_DevUpdate.lnk - c:\program files\USB all-in-one game controller\GM_DevUpdate.exe [2007-12-01 45056]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier - Szybkie uruchomienie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"vidc.ffds"= c:\progra~1\ffdshow\ffdshow.ax
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 VirtualK;VirtaulK;c:\xp\system32\drivers\VirtualK.sys [2007-12-01 3968]
R3 skbusenum;SKBus Enumerator;c:\xp\system32\DRIVERS\skbusenum.sys [2007-12-01 10880]
R3 Stmatm;ATM/ADSL miniport;c:\xp\system32\DRIVERS\stmatm.sys [2007-06-06 60255]
R3 SunkFilt62;Alcor Micro Corp - 6362;\??\c:\xp\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]
R3 TaurusUsb;ADSL Modem USB Service;c:\xp\system32\DRIVERS\torususb.sys [2007-06-06 684265]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\xp\system32\DRIVERS\k510bus.sys [2007-11-03 58288]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\xp\System32\Drivers\sunkfilt6.sys []
*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-InternetCalls - c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.bearshare.com/pl/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Crawler Search - tbr:iemenu
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
TCP: {5FE99277-609C-4F44-B692-BEFAEC83A180} = 194.204.159.1 217.98.63.164
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
c:\xp\system32\SkanerOnlineUninstall.exe - c:\xp\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\xp\Downloaded Program Files\SkanerOnline.inf
FF - ProfilePath - c:\documents and settings\Patrycja\Dane aplikacji\Mozilla\Firefox\Profiles\z36umy85.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.crawler.com/?tbid=66020
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66020&qkw=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 21:13:21
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-12-30 21:14:11
ComboFix-quarantined-files.txt 2008-12-30 20:13:57
Przed: 7 111 225 344 bajtów wolnych
Po: 10,861,785,088 bajtów wolnych
164
PS: Prosiłbym o w miarę nieskomplikowane rozwiązanie problemu, o ile to oczywiście możliwe.
