Za pomoc z góry dziękuję
Podaję logi z ComboFixa
- Kod: Zaznacz wszystko
ComboFix 08-11-07.01 - M i B 2008-11-09 20:08:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.478 [GMT 1:00]
Uruchomiony z: d:\programy\skanery loga\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-09 do 2008-11-09 )))))))))))))))))))))))))))))))
.
2029-09-07 12:31 . 2029-09-07 12:31 28,714 --a------ c:\windows\system32\codec.dat
2008-11-09 20:08 . 2008-11-09 20:08 6,736 --a------ c:\windows\system32\drivers\PROCEXP90.SYS
2008-11-09 19:06 . 2008-11-09 19:06 <DIR> d-------- c:\program files\QuickTime
2008-11-09 19:06 . 2008-11-09 19:06 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2008-11-09 19:05 . 2008-11-09 19:06 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-09 19:05 . 2008-11-09 19:05 <DIR> d-------- c:\program files\Apple Software Update
2008-11-09 19:05 . 2008-11-09 19:05 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple
2008-11-09 18:31 . 2008-11-09 19:40 45,056 --a------ c:\windows\system32\acovcnt.exe
2008-11-09 12:30 . 2008-11-09 19:19 <DIR> d--h----- C:\LG3G
2008-11-09 12:30 . 2008-11-09 12:30 <DIR> d-------- c:\documents and settings\M i B\Dane aplikacji\LG Electronics
2008-11-09 10:18 . 2008-11-09 10:45 <DIR> d-------- C:\divx
2008-11-09 09:59 . 2008-11-09 10:17 <DIR> d-------- c:\documents and settings\M i B\Dane aplikacji\DivX
2008-11-09 09:44 . 2008-11-09 10:24 <DIR> d-------- c:\program files\DivX
2008-11-09 09:44 . 2007-09-06 19:04 120,056 --------- c:\windows\system32\pxcpyi64.exe
2008-11-09 09:44 . 2007-09-06 19:04 118,520 --------- c:\windows\system32\pxinsi64.exe
2008-11-09 09:31 . 2008-11-09 09:31 <DIR> d-------- c:\program files\LG Electronics
2008-11-09 09:31 . 2007-07-11 10:45 21,632 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2008-11-09 09:31 . 2007-07-11 15:51 19,840 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2008-11-09 09:31 . 2007-07-11 10:40 12,416 --a------ c:\windows\system32\drivers\lgusbbus.sys
2008-11-09 09:28 . 2008-11-09 09:30 <DIR> d-------- c:\program files\LG PC Suite 2
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:\windows\system32\divxdec.ax
2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-27 17:37 . 2002-11-20 13:26 1,253,376 --a------ c:\windows\system32\xgusb.cpl
2008-10-27 17:37 . 2002-11-20 13:26 169,088 -ra------ c:\windows\system32\drivers\ymidusb.sys
2008-10-26 19:51 . 2008-10-26 19:51 5,452 --a------ c:\windows\system32\WINTIS3V.386
2008-10-26 19:38 . 2008-10-30 21:12 52 --a------ c:\windows\STYLEWRK.INI
2008-10-26 19:34 . 2008-10-30 20:58 249,856 --------- c:\windows\Setup1.exe
2008-10-26 19:34 . 2008-10-26 19:34 178,176 --a------ c:\windows\system32\OposRf.DLL
2008-10-26 19:34 . 2008-10-26 19:34 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2008-10-26 19:34 . 2008-10-30 20:58 73,216 --a------ c:\windows\ST6UNST.EXE
2008-10-24 14:24 . 2008-10-15 17:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 17:06 . 2008-10-17 17:06 <DIR> d-------- c:\program files\Windows Sidebar
2008-10-17 17:03 . 2008-10-18 08:44 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-10-17 17:03 . 2008-10-18 08:44 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-10-17 17:03 . 2008-10-18 08:44 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-10-17 17:03 . 2008-10-18 08:44 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-10-17 17:02 . 2008-10-18 08:44 <DIR> d-------- c:\program files\Symantec
2008-10-17 17:02 . 2008-10-18 08:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Symantec
2008-10-17 16:34 . 2008-10-17 16:34 <DIR> d-------- c:\documents and settings\All Users\Symantec Temporary Files
2008-10-15 16:02 . 2008-08-14 14:26 2,190,464 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 16:02 . 2008-08-14 14:26 2,146,816 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:02 . 2008-08-14 14:26 2,067,328 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:02 . 2008-08-14 14:26 2,025,472 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 16:02 . 2008-09-15 16:27 1,846,656 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 16:02 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-13 21:40 . 2008-10-13 21:40 38 --a------ c:\windows\AviSplitter.INI
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 19:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-09 18:34 --------- d-----w c:\program files\Nokia
2008-11-09 18:34 --------- d-----w c:\program files\Common Files\Nokia
2008-11-09 08:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 19:09 --------- d-----w c:\program files\Norton 360
2008-10-30 19:22 --------- d-----w c:\program files\Java
2008-10-29 20:39 --------- d-----w c:\documents and settings\M i B\Dane aplikacji\OpenOffice.org2
2008-10-17 16:09 --------- d-----w c:\documents and settings\M i B\Dane aplikacji\Symantec
2008-10-13 17:20 --------- d-----w c:\documents and settings\M i B\Dane aplikacji\Skype
2008-10-07 17:59 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 17:26 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
2008-08-27 09:27 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-08-26 08:27 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
2008-08-26 08:27 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2008-08-26 08:27 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2008-08-26 08:27 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
2008-08-26 08:27 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
2008-08-26 08:27 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2008-08-26 08:27 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
2008-08-26 08:27 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-08-25 08:42 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 13:26 2,146,816 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:26 2,025,472 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2008-02-13 16:25 112,390,224 ----a-w c:\program files\setup.exe
2007-11-23 18:58 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2008-05-06 20:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008050620080507\index.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"AlcoholAutomount"="d:\zainstalowane programy\Alcohol 52\axcmd.exe" [2008-03-20 216520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-06 118784]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-13 c:\windows\STSYSTRA.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"midi1"= xgusb.cpl
"midi2"= xgusb.cpl
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMS_RSChecker
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2006-02-21 15:20 180224 c:\program files\Asus\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 USBSTOR;Sterownik magazynu masowego USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b13e2e8-cb7a-11dc-8ce6-0018f3cf89be}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64c77b92-cbf0-11dc-8ce7-0018f3cf89be}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Zawartość folderu 'Zaplanowane zadania'
2008-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-TomTomHOME - (no file)
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\M i B\Dane aplikacji\Mozilla\Firefox\Profiles\hlrrflt1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.wp.pl/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 20:10:48
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-11-09 20:12:12
ComboFix-quarantined-files.txt 2008-11-09 19:11:59
Przed: 31 885 107 200 bajtów wolnych
Po: 32,398,755,328 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
226 --- E O F --- 2008-10-24 13:38:55
A ty log z Hijackthis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:35, on 2008-11-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\zainstalowane programy\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programy\skanery loga\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\zainstalowane programy\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dyskietka.lnk = C:\WINDOWS\system32\subst.exe
O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\M i B\Pulpit\rapget_[www.programosy.pl]\rapget.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\zainstalowane programy\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 10512 bytes
