Od wczoraj powoli zaczęła znikać sieć lokalna aż znikła.
A parę godzin temu zaczęły się dziać dziwne rzeczy z internetem, jeżeli odłączę kabelek od lini telefonicznej od modemu to przy ponownym połączeniu nie może nawiązać łączności, muszę zejść do telefonu stacjonarnego odłożyć go i jak załapie połączenie z netem to mogę go odłożyć
a jak próbowałem przez zwykły modem się połączyć to "wybrany numer jest za krótki" -chociaż był dobry
zauważyłem jakieś nowe procesy w menedżerze jakiś "OMO.exe" i coś podobnego ale wyłączyłem to po zrobieniu loga.
logi zrobiłem po skanie avasta, coś tam znalazł ale nie było to nic godnego uwagi.
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 19:40:58, on 2008-03-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\XP\internet\ochrona\avast v4.7\aswUpdSv.exe
D:\XP\internet\ochrona\avast v4.7\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
D:\XP\internet\cFos\spd.exe
D:\XP\nagrywarka\Nero 7\InCD\InCDsrv.exe
D:\XP\internet\ochrona\kerio personal firewall 4.2.3\Personal Firewall 4\kpf4ss.exe
D:\XP\różne\moka5\Engine\bin\m5authd.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
D:\XP\internet\ochrona\kerio personal firewall 4.2.3\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
D:\XP\internet\ochrona\avast v4.7\ashMaiSv.exe
D:\XP\internet\ochrona\avast v4.7\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\XP\internet\ochrona\kerio personal firewall 4.2.3\Personal Firewall 4\kpf4gui.exe
D:\XP\internet\ochrona\AVASTV~1.7\ashDisp.exe
D:\XP\sterowniki\drukarka\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\XP\sterowniki\drukarka\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\XP\różne\JAP\jap.exe
C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe
C:\Program Files\internet explorer\iexplore.exe
D:\XP\internet\firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
D:\XP\Urzytkowe\abby fine reader\NetworkLicenseServer.exe
C:\Documents and Settings\odimen\Pulpit\do sprawdzenia loga\hijackthis1.99.1\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://users.iptelecom.net.ua/~codecs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcworld.pl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\XP\internet\ochrona\AVASTV~1.7\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\XP\sterowniki\drukarka\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\XP\internet\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\XP\sterowniki\drukarka\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\XP\URZYTK~1\MsO\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\XP\URZYTK~1\MsO\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\XP\URZYTK~1\MsO\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\XP\URZYTK~1\MsO\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\XP\URZYTK~1\MsO\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pcworld.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF44B170-639A-4CED-9F37-D45FABBD5158}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\XP\URZYTK~1\MsO\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Usługa licencjonowania programu ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - D:\XP\Urzytkowe\abby fine reader\NetworkLicenseServer.exe" -service (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\XP\internet\ochrona\avast v4.7\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\XP\internet\ochrona\avast v4.7\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\XP\internet\ochrona\avast v4.7\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\XP\internet\ochrona\avast v4.7\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\XP\internet\cFos\spd.exe" -service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\XP\nagrywarka\Nero 7\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\XP\internet\ochrona\kerio personal firewall 4.2.3\Personal Firewall 4\kpf4ss.exe
O23 - Service: moka5 Authorization Service (m5authd) - moka5 - D:\XP\różne\moka5\Engine\bin\m5authd.exe
O23 - Service: NBService - Nero AG - D:\XP\nagrywarka\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:\XP\nagrywarka\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
Sillent
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""D:\XP\internet\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"avast!" = "D:\XP\internet\ochrona\AVASTV~1.7\ashDisp.exe" ["ALWIL Software"]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"HP Software Update" = ""D:\XP\sterowniki\drukarka\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Co."]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\XP\Urzytkowe\winrar\rarext.dll" [null data]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
-> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{8932AEFE-9DB6-4f43-AFB2-5682F55E773A}" = "VPCHostCopyHook"
-> {HKLM...CLSID} = "VPCHostCopyHook"
\InProcServer32\(Default) = "D:\XP\Urzytkowe\Windows\MVPC\VPCShExH.DLL" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\XP\internet\ochrona\avast v4.7\ashShell.dll" ["ALWIL Software"]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\XP\Urzytkowe\MsO\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{CAE3251E-9B15-4810-B268-852AD9792A59}" = "InCDShellExt extension"
-> {HKLM...CLSID} = "InCDShellExt Class"
\InProcServer32\(Default) = "D:\XP\nagrywarka\Nero 7\InCD\InCDshx.dll" ["Nero AG"]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "D:\XP\nagrywarka\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B3D9AEDE-B2C3-406d-A254-6BE07767B08B}" = "InCDUdfPerm extension"
-> {HKLM...CLSID} = "InCDUdfPerm Class"
\InProcServer32\(Default) = "D:\XP\nagrywarka\Nero 7\InCD\InCDUP.dll" ["Nero AG"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "GinaDLL" = "moka5gna.dll" ["moka5, Inc."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\XP\internet\ochrona\avast v4.7\ashShell.dll" ["ALWIL Software"]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "D:\XP\nagrywarka\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
InCDShellExt\(Default) = "{CAE3251E-9B15-4810-B268-852AD9792A59}"
-> {HKLM...CLSID} = "InCDShellExt Class"
\InProcServer32\(Default) = "D:\XP\nagrywarka\Nero 7\InCD\InCDshx.dll" ["Nero AG"]
ShredderExt\(Default) = "{AE733F78-D42C-428B-B6BD-28B41EE97925}"
-> {HKLM...CLSID} = "ShredderShlExt Class"
\InProcServer32\(Default) = "D:\XP\internet\ochrona\Privacy Guardian\Shredder\ShredderShellExtension.dll" ["PC Tools Research Pty Ltd"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\XP\Urzytkowe\winrar\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
InCDShellExt\(Default) = "{CAE3251E-9B15-4810-B268-852AD9792A59}"
-> {HKLM...CLSID} = "InCDShellExt Class"
\InProcServer32\(Default) = "D:\XP\nagrywarka\Nero 7\InCD\InCDshx.dll" ["Nero AG"]
ShredderExt\(Default) = "{AE733F78-D42C-428B-B6BD-28B41EE97925}"
-> {HKLM...CLSID} = "ShredderShlExt Class"
\InProcServer32\(Default) = "D:\XP\internet\ochrona\Privacy Guardian\Shredder\ShredderShellExtension.dll" ["PC Tools Research Pty Ltd"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\XP\Urzytkowe\winrar\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\XP\internet\ochrona\avast v4.7\ashShell.dll" ["ALWIL Software"]
InCDShellExt\(Default) = "{CAE3251E-9B15-4810-B268-852AD9792A59}"
-> {HKLM...CLSID} = "InCDShellExt Class"
\InProcServer32\(Default) = "D:\XP\nagrywarka\Nero 7\InCD\InCDshx.dll" ["Nero AG"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\XP\Urzytkowe\winrar\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\odimen\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"
Startup items in "odimen" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\odimen\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"HP Digital Imaging Monitor" -> shortcut to: "D:\XP\sterowniki\drukarka\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
Enabled Scheduled Tasks:
------------------------
"Tasker" -> launches: "F:\XP\Silkroad\new\tasker\tasker\tasker\Tasker.exe" ["Copyright © 2000-2004 Vista Software, Inc. All Rights Reserved."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
000000000007\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\GRA8E1~1.DLL" [MS]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Wyślij do programu OneNote"
"MenuText" = "Wyślij &do programu OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "D:\XP\URZYTK~1\MsO\Office12\ONBttnIE.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.pcworld.pl
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""D:\XP\internet\ochrona\avast v4.7\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""D:\XP\internet\ochrona\avast v4.7\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""D:\XP\internet\ochrona\avast v4.7\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\XP\internet\ochrona\avast v4.7\ashWebSv.exe" /service" ["ALWIL Software"]
Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."]
cFosSpeed System Service, cFosSpeedS, ""D:\XP\internet\cFos\spd.exe" -service" ["cFos Software GmbH"]
InCD Helper, InCDsrv, "D:\XP\nagrywarka\Nero 7\InCD\InCDsrv.exe" ["Nero AG"]
moka5 Authorization Service, m5authd, "D:\XP\różne\moka5\Engine\bin\m5authd.exe run" ["moka5"]
Sunbelt Kerio Personal Firewall 4, KPF4, ""D:\XP\internet\ochrona\kerio personal firewall 4.2.3\Personal Firewall 4\kpf4ss.exe"" ["Sunbelt Software"]
Usługa licencjonowania programu ABBYY FineReader 9.0, ABBYY.Licensing.FineReader.Professional.9.0, ""D:\XP\Urzytkowe\abby fine reader\NetworkLicenseServer.exe" -service" ["ABBYY (BIT Software)"]
Usługi Simple TCP/IP, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]
LPR Port\Driver = "lprmon.dll" [MS]
PDF995 Monitor\Driver = "pdf995mon.dll" [null data]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 61 seconds.
---------- (total run time: 127 seconds)
Combo
ComboFix 08-03-27.1 - odimen 2008-03-28 19:55:38.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.556 [GMT 1:00]
Running from: C:\Documents and Settings\odimen\Pulpit\do sprawdzenia loga\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.
2008-03-28 12:28 . 2008-03-28 12:28 305 --a------ C:\WINDOWS\doom3.ini
2008-03-27 21:46 . 2008-03-27 21:46 <DIR> d-------- C:\Documents and Settings\odimen\Dane aplikacji\ATI
2008-03-27 21:46 . 2008-03-27 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI
2008-03-27 21:45 . 2008-03-27 21:45 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-27 21:37 . 2008-03-27 21:37 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-03-27 21:37 . 2007-09-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-03-27 21:36 . 2008-03-27 21:41 <DIR> d-------- C:\Program Files\ATI Technologies
2008-03-27 17:40 . 2008-03-27 17:40 <DIR> d-------- C:\Program Files\FT2593
2008-03-27 17:40 . 2007-06-07 03:36 57,344 --a------ C:\WINDOWS\system32\Hidhlp.dll
2008-03-27 17:40 . 2006-01-13 05:03 51,915 --a------ C:\WINDOWS\system32\drivers\FT2593.sys
2008-03-21 21:29 . 2008-03-21 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-03-21 11:26 . 2008-03-21 11:26 <DIR> d-------- C:\Documents and Settings\odimen\Dane aplikacji\Ulead Systems
2008-03-21 11:26 . 2008-03-21 11:26 24 --a------ C:\WINDOWS\system32\DKRNL.JAX
2008-03-21 11:23 . 2008-03-21 11:23 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-21 11:22 . 2008-03-21 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-03-19 17:36 . 2008-03-19 17:36 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-13 21:21 . 2008-03-13 21:21 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-03-11 17:26 . 2008-03-11 17:28 <DIR> d-------- C:\WINDOWS\UbiSoft
2008-03-04 17:54 . 2008-03-04 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-03-04 17:45 . 2008-03-04 17:45 <DIR> d-------- C:\Program Files\Bonjour
2008-03-04 17:35 . 2008-03-04 17:35 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-29 15:04 . 2008-03-20 10:54 <DIR> d-------- C:\Documents and Settings\odimen\Dane aplikacji\Ice Age 2
2008-02-29 12:52 . 2008-02-29 12:52 1 --a------ C:\DXOkay.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 20:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 19:00 --------- d-----w C:\Documents and Settings\odimen\Dane aplikacji\gtk-2.0
2008-03-19 16:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-01 16:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
.
------- Sigcheck -------
2007-07-24 12:13 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-07-24 12:13 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\dllcache\tcpip.sys
2007-07-24 12:13 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:44 15360]
"Gadu-Gadu"="D:\XP\internet\Gadu-Gadu\gg.exe" [2006-02-17 14:03 2396160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 20:43 86016 C:\WINDOWS\system32\nvmctray.dll]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 09:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"avast!"="D:\XP\internet\ochrona\AVASTV~1.7\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"HP Software Update"="D:\XP\sterowniki\drukarka\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 20:43 7630848]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - D:\XP\sterowniki\drukarka\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk
backup=C:\WINDOWS\pss\Kalendarz XP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^moka5tools Startup.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\moka5tools Startup.lnk
backup=C:\WINDOWS\pss\moka5tools Startup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]
D:\XP\internet\ściąganie\cfos\cFosSpeed.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2006-02-17 14:03 2396160 D:\XP\internet\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 D:\XP\Urzytkowe\MsO\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-09-26 13:31 1057064 D:\XP\nagrywarka\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\MSMSGS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
D:\XP\nagrywarka\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 20:43 7630848 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 20:43 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 D:\XP\Urzytkowe\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-09-26 13:31 1629480 D:\XP\nagrywarka\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-03-23 11:06 888832 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAnonymous]
D:\XP\internet\strony www\SurfAnonymous\SurfAnonymous.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2006-11-02 11:41 4763648 D:\XP\Urzytkowe\SpeedUpMyPC\SpeedUpMyPC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
D:\XP\Urzytkowe\Windows\VMware\hqtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
D:\XP\Urzytkowe\Windows\VMware\vmware-tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updates]
c:\windows\system\Update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 17:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 17:01]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-07-21 15:12]
R2 ABBYY.Licensing.FineReader.Professional.9.0;Usługa licencjonowania programu ABBYY FineReader 9.0;"D:\XP\Urzytkowe\abby fine reader\NetworkLicenseServer.exe" -service []
R2 m5authd;moka5 Authorization Service;D:\XP\różne\moka5\Engine\bin\m5authd.exe run []
S3 atidgllk;atidgllk;C:\DOCUME~1\odimen\USTAWI~1\Temp\~Af26888\Upgrade\atidgllk.sys []
S3 FT2593;FT2593 Filter;C:\WINDOWS\system32\DRIVERS\FT2593.sys [2006-01-13 05:03]
S3 msloop;Sterownik karty Microsoft Loopback;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 20:53]
S3 NTProcDrv;Process creation detector for NT.;F:\XP\Silkroad\new\boty\sroboten1.75\NtProcDrv.sys []
S3 p2pgasvc;Uwierzytelnianie grup sieci równorzędnej;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:44]
S3 p2pimsvc;Menedżer tożsamości sieci równorzędnej;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:44]
S3 p2psvc;Sieć równorzędna;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:44]
S3 PNRPSvc;Protokół PNRP (Peer Name Resolution Protocol);C:\WINDOWS\System32\svchost.exe [2004-08-04 08:44]
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 21:39:09 C:\WINDOWS\Tasks\Tasker.job"
- F:\XP\Silkroad\new\tasker\tasker\tasker\Tasker.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 20:00:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-28 20:01:46
ComboFix-quarantined-files.txt 2008-03-28 19:01:40
Pre-Run: 600,702,976 bajtów wolnych
Post-Run: 587,874,304 bajtów wolnych
.
2008-03-27 14:07:06 --- E O F ---
