Aktualizacje na programosy.pl: Internet Download Manager (IDM)Telegram Desktop PortableTelegram DesktopSoft4Boost Video CaptureSoft4Boost Easy Disc BurnerSoft4Boost Any Audio GrabberSoft4Boost Burning StudioSoft4Boost Toolbar CleanerSoft4Boost Secure Eraser  

  • Ogłoszenie:

Prosze o analize hijack - win32:trojan-gen. (other)

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez fishark 26 Gru 2008, 15:09

reklama
Jestem zupełnym laikiem w tym temacie mimo że kompa używam nie od dziś, nie interesowałem się tym bo nigdy nie miałem podobnych problemów (od jakiś 5 lat cały czas w sieci), aż do niedawna
Mam: Avast'a, zone alarm oraz spybot - 2 ostatnie od kilku dni - po pojawieniu się problemu, zaczęło się od wyskakiwania okienek IE mimo że nie był on odpalony, otem info z avasta o wirusie i tak zacząłem przekopywać sieć w poszukiwaniu rozwiązania, ale na logach to się kompletnie nie znam, więc proszę o pomoc

Oto log:

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 13:35:34, on 2008-12-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Documents and Settings\fishark\Pulpit\hijackthis_199\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {b04a879c-94c9-47b4-9aa5-3292477eba90} - C:\WINDOWS\system32\wafatoto.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\nirotona.dll",s
O4 - HKLM\..\Run: [CPM531e2e35] Rundll32.exe "c:\windows\system32\suyuloke.dll",a
O4 - HKLM\..\Run: [502d1da9] rundll32.exe "C:\WINDOWS\system32\mohohimu.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223219254062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\suyuloke.dll,C:\WINDOWS\system32\hejitavo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\suyuloke.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

fishark
~user
 
Posty: 17
Dołączenie: 26 Gru 2008, 14:48


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez djarta 26 Gru 2008, 15:31

Daj log z ComboFixa.



=================
K.
Pozdrawiam djarta. :)
djarta
~user
 
Posty: 684
Dołączenie: 31 Lip 2008, 10:49
Pochwały: 55


Góra

Re: prosze o analize hijack - win32:trojan-gen. (other)

Postprzez fishark 26 Gru 2008, 22:49

hmmmmmmmmm.....
z miłą chęcią dałbym logi z ComboFixa, no ale nie trybi mi ten programik i nie wiem czemu.
zassałem combofix.exe ale odpala się tylko okienko niebieski i nic sie nie dzieje i nie mam pojęcia czemu
proszę o jakies instrukcje czy porady bo ja kompletnie sie na tym nie znam
pozdro FISh

P$: przeczytałem że CF nie uruchamia się na 1/100 komputerów i chyba mój jest tym wyjątkiem :(
fishark
~user
 
Posty: 17
Dołączenie: 26 Gru 2008, 14:48


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez Okocza 26 Gru 2008, 22:59

fishark, w takim wypadku daj log z RSITa
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406

Góra

Re: prosze o analize hijack - win32:trojan-gen. (other)

Postprzez fishark 27 Gru 2008, 22:01

jakoś poszło
Kod: Zaznacz wszystko
Logfile of random's system information tool 1.05 (written by random/random)
Run by fishark at 2008-12-27 20:59:01
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 1 GB (6%) free of 25 GB
Total RAM: 1407 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:29, on 2008-12-27
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\fishark\Pulpit\RSIT.exe
C:\Documents and Settings\fishark\Pulpit\RSIT.exe
C:\Documents and Settings\fishark\Pulpit\RSIT.exe
C:\Documents and Settings\fishark\Pulpit\RSIT.exe
C:\Program Files\trend micro\fishark.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {b04a879c-94c9-47b4-9aa5-3292477eba90} - C:\WINDOWS\system32\wafatoto.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\hehoyoze.dll",s
O4 - HKLM\..\Run: [502d1da9] rundll32.exe "C:\WINDOWS\system32\mohohimu.dll",b
O4 - HKLM\..\Run: [CPM531e2e35] Rundll32.exe "c:\windows\system32\hovofizo.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223219254062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\suyuloke.dll C:\WINDOWS\system32\hejitavo.dll c:\windows\system32\hovofizo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hovofizo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hovofizo.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9002 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b04a879c-94c9-47b4-9aa5-3292477eba90}]
C:\WINDOWS\system32\wafatoto.dll [2008-09-26 63723]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-14 102400]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 177456]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-03-28 454656]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-10-05 1499136]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-10-09 697976]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"limajoladu"=C:\WINDOWS\system32\nirotona.dll []
"502d1da9"=C:\WINDOWS\system32\mohohimu.dll []
"CPM531e2e35"=c:\windows\system32\suyuloke.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-25 25565992]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-16 167368]
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\fishark\Menu Start\Programy\Autostart
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\suyuloke.dll C:\WINDOWS\system32\hejitavo.dll c:\windows\system32\hovofizo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hovofizo.dll [2008-12-27 97948]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hovofizo.dll [2008-12-27 97948]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\hejitavo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\WINDOWS\system32\BCMWLTRY.EXE"="C:\WINDOWS\system32\BCMWLTRY.EXE:*:Enabled:bcmwltry"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe:*:Enabled:zlclient"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79c31e31-9648-11dd-a6d8-0017a4d6221b}]
shell\AutoRun\command - H:\d.com
shell\explore\command - H:\d.com
shell\open\command - H:\d.com


======List of files/folders created in the last 1 months======

2008-12-27 20:59:02 ----D---- C:\Program Files\trend micro
2008-12-27 20:59:01 ----D---- C:\rsit
2008-12-27 11:27:45 ----SH---- C:\WINDOWS\system32\erefifof.ini
2008-12-26 23:27:27 ----SH---- C:\WINDOWS\system32\uzusonik.ini
2008-12-26 20:48:10 ----D---- C:\ComboFix
2008-12-26 20:48:09 ----A---- C:\WINDOWS\system32\CF25856.exe
2008-12-26 20:44:58 ----D---- C:\WINDOWS\ERDNT
2008-12-26 20:44:58 ----D---- C:\Qoobox
2008-12-26 20:44:55 ----A---- C:\WINDOWS\system32\CF25239.exe
2008-12-26 01:08:04 ----SH---- C:\WINDOWS\system32\jojagigi.exe
2008-12-24 12:40:57 ----SH---- C:\WINDOWS\system32\hizudenu.exe
2008-12-24 11:08:00 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-23 22:14:06 ----SH---- C:\WINDOWS\system32\umihohom.ini
2008-12-23 19:57:46 ----A---- C:\WINDOWS\wininit.ini
2008-12-23 17:47:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-23 17:47:09 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-12-23 17:01:13 ----D---- C:\Program Files\Lavasoft
2008-12-23 17:01:12 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-12-23 17:00:21 ----D---- C:\Program Files\ZoneAlarmSB
2008-12-23 16:53:58 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2008-12-23 16:53:11 ----A---- C:\WINDOWS\zllsputility.exe
2008-12-23 16:53:10 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-12-23 16:52:04 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-12-23 16:52:04 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-12-23 16:51:50 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-12-23 16:51:50 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-12-23 16:51:25 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-12-23 16:51:20 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-12-23 16:51:18 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-12-23 16:51:15 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-12-23 16:51:15 ----D---- C:\Program Files\Zone Labs
2008-12-23 16:51:15 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-12-23 16:51:14 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-12-23 16:50:26 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-12-23 16:50:26 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-12-23 16:50:25 ----D---- C:\WINDOWS\Internet Logs
2008-12-23 16:50:25 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\java.exe
2008-12-11 07:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 07:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 07:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 07:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-12-07 20:16:17 ----D---- C:\Program Files\Real Alternative
2008-12-07 20:16:17 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\Real
2008-12-07 20:16:17 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Real

======List of files/folders modified in the last 1 months======

2008-12-27 20:59:21 ----D---- C:\WINDOWS\Prefetch
2008-12-27 20:59:02 ----RD---- C:\Program Files
2008-12-27 20:58:13 ----D---- C:\WINDOWS\system32
2008-12-27 20:48:04 ----D---- C:\Program Files\Mozilla Firefox
2008-12-27 20:46:25 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\Skype
2008-12-27 20:40:03 ----D---- C:\WINDOWS\Temp
2008-12-27 16:07:35 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\skypePM
2008-12-27 11:27:43 ----N---- C:\WINDOWS\system32\hovofizo.dll
2008-12-27 11:27:43 ----ASH---- C:\WINDOWS\system32\fofifere.dll
2008-12-27 11:01:43 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\uTorrent
2008-12-26 23:27:24 ----N---- C:\WINDOWS\system32\kinosuzu.dll
2008-12-26 23:27:24 ----ASH---- C:\WINDOWS\system32\zojetiru.dll
2008-12-26 20:44:58 ----D---- C:\WINDOWS
2008-12-26 13:58:47 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-26 13:27:44 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\OpenOffice.org2
2008-12-26 13:08:52 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-26 13:08:26 ----ASH---- C:\WINDOWS\system32\kerelizo.dll
2008-12-26 12:45:31 ----D---- C:\WINDOWS\SMINST
2008-12-26 12:33:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-24 11:08:40 ----D---- C:\WINDOWS\system32\drivers
2008-12-24 11:07:51 ----HD---- C:\WINDOWS\inf
2008-12-23 22:13:56 ----N---- C:\WINDOWS\system32\mohohimu.dll_old
2008-12-23 22:13:55 ----ASH---- C:\WINDOWS\system32\pekugedi.dll
2008-12-23 17:56:34 ----D---- C:\Program Files\PowerDataRecovery
2008-12-23 17:46:09 ----SHD---- C:\WINDOWS\Installer
2008-12-23 17:46:09 ----D---- C:\Program Files\Common Files
2008-12-23 12:41:48 ----SD---- C:\Documents and Settings\fishark\Dane aplikacji\Microsoft
2008-12-22 22:12:02 ----ASH---- C:\WINDOWS\system32\gikuzese.dll
2008-12-22 11:43:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-21 09:24:21 ----D---- C:\Program Files\Opera
2008-12-21 09:14:09 ----ASH---- C:\WINDOWS\system32\tisopayi.dll
2008-12-19 20:13:15 ----ASH---- C:\WINDOWS\system32\rerurepo.dll
2008-12-19 07:18:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 07:18:00 ----D---- C:\WINDOWS\ie7updates
2008-12-19 07:17:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 21:08:26 ----D---- C:\Program Files\Puzzle Quest
2008-12-17 07:36:58 ----D---- C:\Program Files\Java
2008-12-13 07:39:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 07:19:59 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 07:19:37 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-04-05 12672]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-27 1540096]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Sterownik karty sieciowej Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-05 822272]
R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-05 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-05 206976]
R3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-14 213696]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-05 726400]
S3 a30q7ev0;a30q7ev0; C:\WINDOWS\system32\drivers\a30q7ev0.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-27 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-10-05 24064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
fishark
~user
 
Posty: 17
Dołączenie: 26 Gru 2008, 14:48


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez sgsman 27 Gru 2008, 22:29

Ale to log z HiJacka, potrzeba zaś z ComboFixa bądź RSITa.
Pomagaj innym! Inni pomogą Tobie! A zwłaszcza Pan Pękaty Jeż!
Awatar użytkownika
sgsman
~user
 
Posty: 300
Dołączenie: 27 Wrz 2008, 23:52
Pochwały: 28


Góra

Re: prosze o analize hijack - win32:trojan-gen. (other)

Postprzez fishark 28 Gru 2008, 00:40

wiem że w nagłówku pisze że to log z hijack, ale ten log jest wygenerowany przez RIST'a, po 2-kliku wyskakuje mi okieenko z jakiego okresu mają być zmiany, zaznaczam 1 miesiąc, chwila skanowania i wyskakuje mi taki log, nie wiem co robię nie tak.
Po uruchomieniu mam tylko 2 opcje - dalej i wyjdź. Ale na tyle o ile znam EN to RIST ładuje HIJACK, informując że jeżeli nie odnajdzie na dysku to będzie łączył się z netem, a jeśli się nie powiedzie (zabroniony dostęp) to operacja się nie powiedzie czy coś w tym stylu.
Nie wiem co jest nie tak ale coś chyba robię źle tylko nie wiem co sciana sciana sciana
fishark
~user
 
Posty: 17
Dołączenie: 26 Gru 2008, 14:48


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez wojtas 28 Gru 2008, 16:22

sprobujemy tak:
skasuj w hijacku:


O2 - BHO: (no name) - {b04a879c-94c9-47b4-9aa5-3292477eba90} - C:\WINDOWS\system32\wafatoto.dll
O4 - HKLM\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\hehoyoze.dll",s
O4 - HKLM\..\Run: [502d1da9] rundll32.exe "C:\WINDOWS\system32\mohohimu.dll",b
O4 - HKLM\..\Run: [CPM531e2e35] Rundll32.exe "c:\windows\system32\hovofizo.dll",a
O20 - AppInit_DLLs: c:\windows\system32\suyuloke.dll C:\WINDOWS\system32\hejitavo.dll c:\windows\system32\hovofizo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hovofizo.dll


Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\wafatoto.dll
C:\WINDOWS\system32\erefifof.ini
C:\WINDOWS\system32\uzusonik.ini
C:\WINDOWS\system32\jojagigi.exe
C:\WINDOWS\system32\hizudenu.exe
C:\WINDOWS\system32\umihohom.ini
C:\WINDOWS\system32\hovofizo.dll
C:\WINDOWS\system32\fofifere.dll
C:\WINDOWS\system32\kinosuzu.dll
C:\WINDOWS\system32\zojetiru.dll
C:\WINDOWS\system32\kerelizo.dll
C:\WINDOWS\system32\mohohimu.dll_old
C:\WINDOWS\system32\pekugedi.dll
C:\WINDOWS\system32\gikuzese.dll
C:\WINDOWS\system32\tisopayi.dll
C:\WINDOWS\system32\rerurepo.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79c31e31-9648-11dd-a6d8-0017a4d6221b}]



>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->Image
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

jesli bedzie problem jakis to:


Pobierz i uruchom narzędzie
The Avenger
w bialym polu wklej tekst:

Files to delete:

C:\WINDOWS\system32\wafatoto.dll
C:\WINDOWS\system32\erefifof.ini
C:\WINDOWS\system32\uzusonik.ini
C:\WINDOWS\system32\jojagigi.exe
C:\WINDOWS\system32\hizudenu.exe
C:\WINDOWS\system32\umihohom.ini
C:\WINDOWS\system32\hovofizo.dll
C:\WINDOWS\system32\fofifere.dll
C:\WINDOWS\system32\kinosuzu.dll
C:\WINDOWS\system32\zojetiru.dll
C:\WINDOWS\system32\kerelizo.dll
C:\WINDOWS\system32\mohohimu.dll_old
C:\WINDOWS\system32\pekugedi.dll
C:\WINDOWS\system32\gikuzese.dll
C:\WINDOWS\system32\tisopayi.dll
C:\WINDOWS\system32\rerurepo.dll


Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79c31e31-9648-11dd-a6d8-0017a4d6221b}]


w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

potem jak najlepiej log z combofixa , jesi nie to raport z avangera, nowy log z rsita
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez fishark 28 Gru 2008, 17:35

poszło prawie wszystko oprócz combofix'a bo u mnie sie nie odpala (znaczy sie odpala ale tylko niebieskie okno i nie idzie dalej):
no i w hijack nie wszystko dało się usunąć

raport z avanger'a:

Kod: Zaznacz wszystko
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\wafatoto.dll" deleted successfully.
File "C:\WINDOWS\system32\erefifof.ini" deleted successfully.
File "C:\WINDOWS\system32\uzusonik.ini" deleted successfully.
File "C:\WINDOWS\system32\jojagigi.exe" deleted successfully.
File "C:\WINDOWS\system32\hizudenu.exe" deleted successfully.
File "C:\WINDOWS\system32\umihohom.ini" deleted successfully.

Error:  file "C:\WINDOWS\system32\hovofizo.dll" not found!
Deletion of file "C:\WINDOWS\system32\hovofizo.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\fofifere.dll" deleted successfully.
File "C:\WINDOWS\system32\kinosuzu.dll" deleted successfully.
File "C:\WINDOWS\system32\zojetiru.dll" deleted successfully.
File "C:\WINDOWS\system32\kerelizo.dll" deleted successfully.

Error:  file "C:\WINDOWS\system32\mohohimu.dll_old" not found!
Deletion of file "C:\WINDOWS\system32\mohohimu.dll_old" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\pekugedi.dll" deleted successfully.

Error:  file "C:\WINDOWS\system32\gikuzese.dll" not found!
Deletion of file "C:\WINDOWS\system32\gikuzese.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\tisopayi.dll" not found!
Deletion of file "C:\WINDOWS\system32\tisopayi.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\rerurepo.dll" not found!
Deletion of file "C:\WINDOWS\system32\rerurepo.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.


log z RSIT'a:

Kod: Zaznacz wszystko
Logfile of random's system information tool 1.05 (written by random/random)
Run by fishark at 2008-12-28 16:32:49
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 1 GB (6%) free of 25 GB
Total RAM: 1407 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:07, on 2008-12-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Documents and Settings\fishark\Pulpit\RSIT.exe
C:\Program Files\trend micro\fishark.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {b04a879c-94c9-47b4-9aa5-3292477eba90} - C:\WINDOWS\system32\wafatoto.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [502d1da9] rundll32.exe "C:\WINDOWS\system32\mohohimu.dll",b
O4 - HKLM\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\hehoyoze.dll",s
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\hehoyoze.dll",s (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223219254062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\hejitavo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8629 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b04a879c-94c9-47b4-9aa5-3292477eba90}]
C:\WINDOWS\system32\wafatoto.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-14 102400]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 177456]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-03-28 454656]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-10-05 1499136]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"502d1da9"=C:\WINDOWS\system32\mohohimu.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-25 25565992]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-16 167368]
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\fishark\Menu Start\Programy\Autostart
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\hejitavo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\hejitavo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\WINDOWS\system32\BCMWLTRY.EXE"="C:\WINDOWS\system32\BCMWLTRY.EXE:*:Enabled:bcmwltry"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe:*:Enabled:zlclient"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe:*:Enabled:aswUpdSv"
"C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"="C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe:*:Enabled:hpqwmiex"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-28 15:50:26 ----D---- C:\Avenger
2008-12-28 15:44:33 ----D---- C:\ComboFix
2008-12-28 15:44:31 ----A---- C:\WINDOWS\system32\CF6296.exe
2008-12-28 15:43:56 ----A---- C:\WINDOWS\system32\cmd.execf
2008-12-28 15:43:47 ----D---- C:\32788R22FWJFW
2008-12-28 06:29:46 ----SH---- C:\WINDOWS\system32\jigedohu.exe
2008-12-27 21:06:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-27 20:59:02 ----D---- C:\Program Files\trend micro
2008-12-27 20:59:01 ----D---- C:\rsit
2008-12-26 20:48:09 ----A---- C:\WINDOWS\system32\CF25856.exe
2008-12-26 20:44:58 ----D---- C:\WINDOWS\ERDNT
2008-12-26 20:44:58 ----D---- C:\Qoobox
2008-12-26 20:44:55 ----A---- C:\WINDOWS\system32\CF25239.exe
2008-12-24 11:08:00 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-23 19:57:46 ----A---- C:\WINDOWS\wininit.ini
2008-12-23 17:47:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-23 17:47:09 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-12-23 17:01:13 ----D---- C:\Program Files\Lavasoft
2008-12-23 17:01:12 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-12-23 17:00:21 ----D---- C:\Program Files\ZoneAlarmSB
2008-12-23 16:53:58 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2008-12-23 16:53:11 ----A---- C:\WINDOWS\zllsputility.exe
2008-12-23 16:53:10 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-12-23 16:52:04 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-12-23 16:52:04 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-12-23 16:51:50 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-12-23 16:51:50 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-12-23 16:51:25 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-12-23 16:51:20 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-12-23 16:51:18 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-12-23 16:51:15 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-12-23 16:51:15 ----D---- C:\Program Files\Zone Labs
2008-12-23 16:51:15 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-12-23 16:51:14 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-12-23 16:50:26 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-12-23 16:50:26 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-12-23 16:50:25 ----D---- C:\WINDOWS\Internet Logs
2008-12-23 16:50:25 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\java.exe
2008-12-11 07:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 07:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 07:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 07:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-12-07 20:16:17 ----D---- C:\Program Files\Real Alternative
2008-12-07 20:16:17 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\Real
2008-12-07 20:16:17 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Real

======List of files/folders modified in the last 1 months======

2008-12-28 16:28:44 ----D---- C:\WINDOWS\system32\config
2008-12-28 16:26:35 ----D---- C:\WINDOWS\Temp
2008-12-28 16:26:19 ----D---- C:\Program Files\Mozilla Firefox
2008-12-28 16:25:45 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\Skype
2008-12-28 16:25:16 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\skypePM
2008-12-28 16:24:52 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\OpenOffice.org2
2008-12-28 16:24:29 ----D---- C:\WINDOWS\Prefetch
2008-12-28 15:51:21 ----D---- C:\WINDOWS\system32
2008-12-28 15:51:13 ----D---- C:\WINDOWS
2008-12-28 15:50:26 ----D---- C:\WINDOWS\system32\drivers
2008-12-28 15:49:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-28 15:49:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-28 01:26:17 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-28 01:15:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-27 21:15:59 ----D---- C:\WINDOWS\SMINST
2008-12-27 21:08:42 ----D---- C:\Documents and Settings
2008-12-27 20:59:02 ----RD---- C:\Program Files
2008-12-27 11:01:43 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\uTorrent
2008-12-24 11:07:51 ----HD---- C:\WINDOWS\inf
2008-12-23 17:56:34 ----D---- C:\Program Files\PowerDataRecovery
2008-12-23 17:46:09 ----SHD---- C:\WINDOWS\Installer
2008-12-23 17:46:09 ----D---- C:\Program Files\Common Files
2008-12-23 12:41:48 ----SD---- C:\Documents and Settings\fishark\Dane aplikacji\Microsoft
2008-12-21 09:24:21 ----D---- C:\Program Files\Opera
2008-12-19 07:18:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 07:18:00 ----D---- C:\WINDOWS\ie7updates
2008-12-19 07:17:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 21:08:26 ----D---- C:\Program Files\Puzzle Quest
2008-12-17 07:36:58 ----D---- C:\Program Files\Java
2008-12-13 07:39:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 07:19:59 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 07:19:37 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-04-05 12672]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-27 1540096]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Sterownik karty sieciowej Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-05 822272]
R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-05 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-05 206976]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-14 213696]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-05 726400]
S3 a67ax7i5;a67ax7i5; C:\WINDOWS\system32\drivers\a67ax7i5.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-27 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-10-05 24064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------


i HIJACK:

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 16:34:09, on 2008-12-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Documents and Settings\fishark\Pulpit\hijackthis_199\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {b04a879c-94c9-47b4-9aa5-3292477eba90} - C:\WINDOWS\system32\wafatoto.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [502d1da9] rundll32.exe "C:\WINDOWS\system32\mohohimu.dll",b
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223219254062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\hejitavo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

fishark
~user
 
Posty: 17
Dołączenie: 26 Gru 2008, 14:48


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez Okocza 28 Gru 2008, 18:26

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406

Góra

Re: prosze o analize hijack - win32:trojan-gen. (other)

Postprzez fishark 28 Gru 2008, 22:02

Okocza napisał(a):Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka


Wszystko idzie ok do momentu który zaznaczyłem na czerwono, czekałem około 1h i nic sie nie działo, od samego początku tylko że: "sprawdza uruchomione procesy i usługi"
próbowałem 2 razy i to samo, więc albo mój system nie trybi z tym programikiem (podobnie jak z COMBOFIX), albo juz nie wiem co ?? po ponownym uruchomieniu windy w normalnym trybie wyskoczyło ponownie niebieskie okienko SDFix z :
Finishing Malware Check
Pleasa Be Patient As This Part May Take Several Minutes ...

ale ponownie długie oczekiwanie i nic się nie działo ... a w katalogu SDF kupa plików o nazwie chek..., test... a po raporcie ani śladu, no chyba ze musi to potrwać sporo dłużej, a mi po prostu zabrakło cierpliwości

Log z HijackThis:

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 20:57:45, on 2008-12-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\SDFix\dnif.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\fishark\Pulpit\hijackthis_199\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {b04a879c-94c9-47b4-9aa5-3292477eba90} - C:\WINDOWS\system32\wafatoto.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [502d1da9] rundll32.exe "C:\WINDOWS\system32\mohohimu.dll",b
O4 - HKLM\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\hehoyoze.dll",s
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223219254062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\hejitavo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



Jak gdyby wszystko sie uspokoiło mimo nieudanych prób z mojej strony, lecz przy starcie windy wyskakują 2 komunikaty:
1.
RUNDLL
"Wystąpił błąd podczas ładowania: C:\windows\system32\mohohimu.dll
nie można odnaleźć określonego modułu"
2.

RUNDLL
"Wystąpił błąd podczas ładowania: C:\windows\system32\hehoyoze.dll
nie można odnaleźć określonego modułu"

i to na tyle z mojej strony. Nic mi nie idzie oby przyszły rok był lepszy sciana sciana sciana <rotfl>
Ostatnio edytowany przez fishark, 28 Gru 2008, 22:11, edytowano w sumie 1 raz
fishark
~user
 
Posty: 17
Dołączenie: 26 Gru 2008, 14:48


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez Okocza 28 Gru 2008, 22:07

Kod: Zaznacz wszystko
O4 - HKLM\..\Run: [502d1da9] rundll32.exe "C:\WINDOWS\system32\mohohimu.dll",b
O4 - HKLM\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\hehoyoze.dll",s



fix w hj - daj nowy log z RSITa
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406

Góra

Re: prosze o analize hijack - win32:trojan-gen. (other)

Postprzez fishark 28 Gru 2008, 22:18

O4 - HKLM\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\hehoyoze.dll",s nie poszło, jest za kazdym razem

i log z rsita:
Kod: Zaznacz wszystko
Logfile of random's system information tool 1.05 (written by random/random)
Run by fishark at 2008-12-28 21:15:58
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 1 GB (5%) free of 25 GB
Total RAM: 1407 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:07, on 2008-12-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\fishark\Pulpit\RSIT.exe
C:\Program Files\trend micro\fishark.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {b04a879c-94c9-47b4-9aa5-3292477eba90} - C:\WINDOWS\system32\wafatoto.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\hehoyoze.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\hehoyoze.dll",s (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223219254062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\hejitavo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7905 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b04a879c-94c9-47b4-9aa5-3292477eba90}]
C:\WINDOWS\system32\wafatoto.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-14 102400]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 177456]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-03-28 454656]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-10-05 1499136]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"SDFix"=C:\SDFix\RunThis.bat [2008-11-06 964661]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171520]
"limajoladu"=C:\WINDOWS\system32\hehoyoze.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-25 25565992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\502d1da9]
C:\WINDOWS\system32\mohohimu.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Desktop Calendar]
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-08-16 167368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^fishark^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\hejitavo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\hejitavo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\WINDOWS\system32\BCMWLTRY.EXE"="C:\WINDOWS\system32\BCMWLTRY.EXE:*:Enabled:bcmwltry"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe:*:Enabled:zlclient"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe:*:Enabled:aswUpdSv"
"C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"="C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe:*:Enabled:hpqwmiex"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"="C:\Program Files\Alwil Software\Avast4\ashServ.exe:*:Enabled:ashServ"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-28 19:56:34 ----D---- C:\SDFix
2008-12-28 19:25:59 ----D---- C:\WINDOWS\ERUNT
2008-12-28 19:12:18 ----D---- C:\WINDOWS\pss
2008-12-28 18:57:33 ----D---- C:\SDFix11
2008-12-28 15:50:26 ----D---- C:\Avenger
2008-12-28 15:44:33 ----D---- C:\ComboFix
2008-12-28 15:44:31 ----A---- C:\WINDOWS\system32\CF6296.exe
2008-12-28 15:43:56 ----A---- C:\WINDOWS\system32\cmd.execf
2008-12-28 15:43:47 ----D---- C:\32788R22FWJFW
2008-12-28 06:29:46 ----SH---- C:\WINDOWS\system32\jigedohu.exe
2008-12-27 21:06:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-27 20:59:02 ----D---- C:\Program Files\trend micro
2008-12-27 20:59:01 ----D---- C:\rsit
2008-12-26 20:48:09 ----A---- C:\WINDOWS\system32\CF25856.exe
2008-12-26 20:44:58 ----D---- C:\WINDOWS\ERDNT
2008-12-26 20:44:58 ----D---- C:\Qoobox
2008-12-26 20:44:55 ----A---- C:\WINDOWS\system32\CF25239.exe
2008-12-24 11:08:00 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-23 19:57:46 ----A---- C:\WINDOWS\wininit.ini
2008-12-23 17:47:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-23 17:47:09 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-12-23 17:01:13 ----D---- C:\Program Files\Lavasoft
2008-12-23 17:01:12 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-12-23 17:00:21 ----D---- C:\Program Files\ZoneAlarmSB
2008-12-23 16:53:58 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2008-12-23 16:53:11 ----A---- C:\WINDOWS\zllsputility.exe
2008-12-23 16:53:10 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-12-23 16:52:04 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-12-23 16:52:04 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-12-23 16:51:50 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-12-23 16:51:50 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-12-23 16:51:25 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-12-23 16:51:20 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-12-23 16:51:18 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-12-23 16:51:15 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-12-23 16:51:15 ----D---- C:\Program Files\Zone Labs
2008-12-23 16:51:15 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-12-23 16:51:14 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-12-23 16:50:26 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-12-23 16:50:26 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-12-23 16:50:25 ----D---- C:\WINDOWS\Internet Logs
2008-12-23 16:50:25 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\java.exe
2008-12-11 07:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 07:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 07:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 07:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-12-07 20:16:17 ----D---- C:\Program Files\Real Alternative
2008-12-07 20:16:17 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\Real
2008-12-07 20:16:17 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Real

======List of files/folders modified in the last 1 months======

2008-12-28 20:58:15 ----D---- C:\Program Files\Mozilla Firefox
2008-12-28 20:47:56 ----RSH---- C:\boot.ini
2008-12-28 20:47:56 ----A---- C:\WINDOWS\win.ini
2008-12-28 20:47:55 ----A---- C:\WINDOWS\system.ini
2008-12-28 20:46:11 ----D---- C:\WINDOWS\Temp
2008-12-28 20:45:52 ----D---- C:\WINDOWS\system32
2008-12-28 20:45:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-28 20:45:15 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\Skype
2008-12-28 20:44:18 ----D---- C:\WINDOWS\Prefetch
2008-12-28 20:33:35 ----D---- C:\WINDOWS
2008-12-28 19:57:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-28 19:11:26 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\OpenOffice.org2
2008-12-28 19:04:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-28 16:28:44 ----D---- C:\WINDOWS\system32\config
2008-12-28 16:25:16 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\skypePM
2008-12-28 15:50:26 ----D---- C:\WINDOWS\system32\drivers
2008-12-28 01:26:17 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-27 21:15:59 ----D---- C:\WINDOWS\SMINST
2008-12-27 21:08:42 ----D---- C:\Documents and Settings
2008-12-27 20:59:02 ----RD---- C:\Program Files
2008-12-27 11:01:43 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\uTorrent
2008-12-24 11:07:51 ----HD---- C:\WINDOWS\inf
2008-12-23 17:56:34 ----D---- C:\Program Files\PowerDataRecovery
2008-12-23 17:46:09 ----SHD---- C:\WINDOWS\Installer
2008-12-23 17:46:09 ----D---- C:\Program Files\Common Files
2008-12-23 12:41:48 ----SD---- C:\Documents and Settings\fishark\Dane aplikacji\Microsoft
2008-12-21 09:24:21 ----D---- C:\Program Files\Opera
2008-12-19 07:18:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 07:18:00 ----D---- C:\WINDOWS\ie7updates
2008-12-19 07:17:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 21:08:26 ----D---- C:\Program Files\Puzzle Quest
2008-12-17 07:36:58 ----D---- C:\Program Files\Java
2008-12-13 07:39:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 07:19:59 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 07:19:37 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-04-05 12672]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-27 1540096]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Sterownik karty sieciowej Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-05 822272]
R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-05 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-05 206976]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-14 213696]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-05 726400]
S3 aig9a40u;aig9a40u; C:\WINDOWS\system32\drivers\aig9a40u.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-27 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-10-05 24064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]

-----------------EOF-----------------
fishark
~user
 
Posty: 17
Dołączenie: 26 Gru 2008, 14:48


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez Okocza 28 Gru 2008, 22:24

wklejasz w notatnik:

Kod: Zaznacz wszystko
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"limajoladu"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\502d1da9]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]


zapisujesz jako fix.reg i odpalasz.


skanujesz ten plik na http://www.virustotal.com

Kod: Zaznacz wszystko
C:\WINDOWS\system32\SpOrder.dll


jak wykryje chociaż w 4 skanerach - usuwasz ręcznie.

wyłączasz przywracanie na WSZYSTKICH dyskach.

RĘCZNIE i OSOBIŚCIE kasujesz te pliki:

Kod: Zaznacz wszystko
C:\WINDOWS\system32\CF6296.exe
C:\WINDOWS\system32\cmd.execf
C:\WINDOWS\system32\jigedohu.exe
C:\WINDOWS\system32\CF25856.exe
C:\WINDOWS\system32\CF25239.exe


wracasz z logiem z RSITa po tych czynnościach.
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406

Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez fishark 28 Gru 2008, 23:39

prawie skończyłem ale czas do pracy :oops: :oops: :oops: , skoncze jutro i dam loga
serdeczne dzx za pomoc i do juterka
pozdro FISh

Dodano Dzisiaj, 13:42:
Wklejam ponownie log z RSIT'a ponieważ nie wiem w którym momencie jestem. Po powrocie z nocki (pracy) przy próbie odpalenia lapa tylko ciągłe restarty sciana i musiałem włączyć przywracanie systemu, więc pewnie część zmian się cofnęła. Ciężki tem mój przypadek :1: , oby nie skończył się ponownym stawianiem windy.

@Okocza - tylko małe pytanko, ze wszystkim bym sobie poradził tylko - wyłączasz przywracanie na WSZYSTKICH dyskach - z tym miałbym problem bo nie wiem co z tym i jak sciana - a myślałem że sporawo wiem o kompach sciana sciana sciana

Kod: Zaznacz wszystko
Logfile of random's system information tool 1.05 (written by random/random)
Run by fishark at 2008-12-29 13:35:47
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 1 GB (5%) free of 25 GB
Total RAM: 1407 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:02, on 2008-12-29
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\fishark\Pulpit\RSIT.exe
C:\Program Files\trend micro\fishark.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {b04a879c-94c9-47b4-9aa5-3292477eba90} - C:\WINDOWS\system32\dezudesu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\kuzefawi.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\kuzefawi.dll",s (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223219254062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kihufupu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7860 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b04a879c-94c9-47b4-9aa5-3292477eba90}]
C:\WINDOWS\system32\dezudesu.dll [2008-09-28 63155]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-14 102400]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 177456]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-03-28 454656]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-10-05 1499136]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"SDFix"=C:\SDFix\RunThis.bat [2008-11-06 964661]
"limajoladu"=C:\WINDOWS\system32\kuzefawi.dll [2008-09-28 63155]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-25 25565992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Desktop Calendar]
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-08-16 167368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^fishark^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\kihufupu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\hejitavo.dll
C:\WINDOWS\system32\kihufupu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\WINDOWS\system32\BCMWLTRY.EXE"="C:\WINDOWS\system32\BCMWLTRY.EXE:*:Enabled:bcmwltry"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe:*:Enabled:zlclient"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe:*:Enabled:aswUpdSv"
"C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"="C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe:*:Enabled:hpqwmiex"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"="C:\Program Files\Alwil Software\Avast4\ashServ.exe:*:Enabled:ashServ"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-28 19:56:34 ----D---- C:\SDFix
2008-12-28 19:25:59 ----D---- C:\WINDOWS\ERUNT
2008-12-28 19:12:18 ----D---- C:\WINDOWS\pss
2008-12-28 18:57:33 ----D---- C:\SDFix11
2008-12-28 15:50:26 ----D---- C:\Avenger
2008-12-28 15:44:33 ----D---- C:\ComboFix
2008-12-28 15:44:31 ----A---- C:\WINDOWS\system32\CF6296.exe
2008-12-28 15:43:56 ----A---- C:\WINDOWS\system32\cmd.execf
2008-12-28 15:43:47 ----D---- C:\32788R22FWJFW
2008-12-28 06:29:46 ----SH---- C:\WINDOWS\system32\jigedohu.exe
2008-12-27 21:06:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-27 20:59:02 ----D---- C:\Program Files\trend micro
2008-12-27 20:59:01 ----D---- C:\rsit
2008-12-26 20:48:09 ----A---- C:\WINDOWS\system32\CF25856.exe
2008-12-26 20:44:58 ----D---- C:\WINDOWS\ERDNT
2008-12-26 20:44:58 ----D---- C:\Qoobox
2008-12-26 20:44:55 ----A---- C:\WINDOWS\system32\CF25239.exe
2008-12-24 11:08:00 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-23 19:57:46 ----A---- C:\WINDOWS\wininit.ini
2008-12-23 17:47:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-23 17:47:09 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-12-23 17:01:13 ----D---- C:\Program Files\Lavasoft
2008-12-23 17:01:12 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-12-23 17:00:21 ----D---- C:\Program Files\ZoneAlarmSB
2008-12-23 16:53:58 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2008-12-23 16:53:11 ----A---- C:\WINDOWS\zllsputility.exe
2008-12-23 16:53:10 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-12-23 16:52:04 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-12-23 16:52:04 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-12-23 16:51:50 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-12-23 16:51:50 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-12-23 16:51:25 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-12-23 16:51:20 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-12-23 16:51:18 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-12-23 16:51:15 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-12-23 16:51:15 ----D---- C:\Program Files\Zone Labs
2008-12-23 16:51:15 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-12-23 16:51:14 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-12-23 16:50:26 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-12-23 16:50:26 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-12-23 16:50:25 ----D---- C:\WINDOWS\Internet Logs
2008-12-23 16:50:25 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\java.exe
2008-12-11 07:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 07:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 07:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 07:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-12-07 20:16:17 ----D---- C:\Program Files\Real Alternative
2008-12-07 20:16:17 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\Real
2008-12-07 20:16:17 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Real

======List of files/folders modified in the last 1 months======

2008-12-29 13:35:59 ----D---- C:\WINDOWS\Prefetch
2008-12-29 13:34:49 ----D---- C:\Program Files\Mozilla Firefox
2008-12-29 13:22:35 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\Skype
2008-12-29 13:06:51 ----D---- C:\WINDOWS\Temp
2008-12-29 12:15:31 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-29 11:13:39 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\uTorrent
2008-12-29 08:08:13 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\skypePM
2008-12-29 07:41:07 ----D---- C:\WINDOWS\system32
2008-12-29 07:41:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-29 07:36:31 ----D---- C:\WINDOWS
2008-12-29 07:33:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-28 21:31:55 ----ASH---- C:\WINDOWS\system32\vejidoyu.dll
2008-12-28 20:47:56 ----RSH---- C:\boot.ini
2008-12-28 20:47:56 ----A---- C:\WINDOWS\win.ini
2008-12-28 20:47:55 ----A---- C:\WINDOWS\system.ini
2008-12-28 19:11:26 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\OpenOffice.org2
2008-12-28 16:28:44 ----D---- C:\WINDOWS\system32\config
2008-12-28 15:50:26 ----D---- C:\WINDOWS\system32\drivers
2008-12-28 01:26:17 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-27 21:15:59 ----D---- C:\WINDOWS\SMINST
2008-12-27 21:08:42 ----D---- C:\Documents and Settings
2008-12-27 20:59:02 ----RD---- C:\Program Files
2008-12-24 11:07:51 ----HD---- C:\WINDOWS\inf
2008-12-23 17:56:34 ----D---- C:\Program Files\PowerDataRecovery
2008-12-23 17:46:09 ----SHD---- C:\WINDOWS\Installer
2008-12-23 17:46:09 ----D---- C:\Program Files\Common Files
2008-12-23 12:41:48 ----SD---- C:\Documents and Settings\fishark\Dane aplikacji\Microsoft
2008-12-21 09:24:21 ----D---- C:\Program Files\Opera
2008-12-19 07:18:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 07:18:00 ----D---- C:\WINDOWS\ie7updates
2008-12-19 07:17:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 21:08:26 ----D---- C:\Program Files\Puzzle Quest
2008-12-17 07:36:58 ----D---- C:\Program Files\Java
2008-12-13 07:39:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 07:19:59 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 07:19:37 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-04-05 12672]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-27 1540096]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Sterownik karty sieciowej Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-05 822272]
R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-05 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-05 206976]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-14 213696]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-05 726400]
S3 an682ysj;an682ysj; C:\WINDOWS\system32\drivers\an682ysj.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-27 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-10-05 24064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]

-----------------EOF-----------------
fishark
~user
 
Posty: 17
Dołączenie: 26 Gru 2008, 14:48


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez wojtas 29 Gru 2008, 18:54

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg

zainstaluj:

http://www.programosy.pl/program,comodo-firewall.html

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)


skasuj ^^


wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b04a879c-94c9-47b4-9aa5-3292477eba90}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"limajoladu"=-


w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

potem wklej to:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
"appinit_dlls"=""


w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....


potem wklej to:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=-
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00


w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....


sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę
C:\WINDOWS\system32\jigedohu.exe

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)


potem nowy log oraz Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez fishark 30 Gru 2008, 23:12

wszystko poszło cacy oprócz kasperskiego, który strasznie sie krzaczył, zajmę się nim jutro bo musze troszkę opróżnic dyski
log z hijack:

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 22:10:43, on 2008-12-30
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\fishark\Pulpit\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {b04a879c-94c9-47b4-9aa5-3292477eba90} - C:\WINDOWS\system32\dezudesu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\kuzefawi.dll",s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223219254062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kihufupu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

fishark
~user
 
Posty: 17
Dołączenie: 26 Gru 2008, 14:48


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez wojtas 31 Gru 2008, 02:06

zastosuj VundoFix i wroc z nowym logiem z rsita...
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez fishark 01 Sty 2009, 00:42

Log:

Kod: Zaznacz wszystko
Logfile of random's system information tool 1.05 (written by random/random)
Run by fishark at 2008-12-31 23:31:32
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 1 GB (4%) free of 25 GB
Total RAM: 1407 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:49, on 2008-12-31
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\fishark\Pulpit\RSIT.exe
C:\Program Files\trend micro\fishark.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {b04a879c-94c9-47b4-9aa5-3292477eba90} - C:\WINDOWS\system32\hilijizi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\dekoleha.dll",s
O4 - HKLM\..\Run: [CPM531e2e35] Rundll32.exe "c:\windows\system32\wafayuwi.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [limajoladu] Rundll32.exe "C:\WINDOWS\system32\dekoleha.dll",s (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223219254062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\pipeyisi.dll c:\windows\system32\wafayuwi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wafayuwi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wafayuwi.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8940 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-12-30 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b04a879c-94c9-47b4-9aa5-3292477eba90}]
C:\WINDOWS\system32\hilijizi.dll [2008-09-30 61001]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-12-30 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-12-30 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-14 102400]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 177456]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-03-28 454656]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-10-05 1499136]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"SDFix"=C:\SDFix\RunThis.bat [2008-11-06 964661]
"COMODO SafeSurf"=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-12-30 278264]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-12-30 1655552]
"limajoladu"=C:\WINDOWS\system32\dekoleha.dll [2008-09-30 61001]
"CPM531e2e35"=c:\windows\system32\wafayuwi.dll [2008-12-31 95891]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-25 25565992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Desktop Calendar]
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-08-16 167368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^fishark^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\pipeyisi.dll c:\windows\system32\wafayuwi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wafayuwi.dll [2008-12-31 95891]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wafayuwi.dll [2008-12-31 95891]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\hejitavo.dll
C:\WINDOWS\system32\pipeyisi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\WINDOWS\system32\BCMWLTRY.EXE"="C:\WINDOWS\system32\BCMWLTRY.EXE:*:Enabled:bcmwltry"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe:*:Enabled:zlclient"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe:*:Enabled:aswUpdSv"
"C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"="C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe:*:Enabled:hpqwmiex"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"="C:\Program Files\Alwil Software\Avast4\ashServ.exe:*:Enabled:ashServ"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe:*:Enabled:ashWebSv"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-31 23:20:46 ----D---- C:\VundoFix Backups
2008-12-31 23:20:46 ----A---- C:\VundoFix.txt
2008-12-31 12:55:29 ----SH---- C:\WINDOWS\system32\imetadib.ini
2008-12-31 00:41:00 ----D---- C:\Program Files\Antivirus 2009
2008-12-31 00:07:32 ----SH---- C:\WINDOWS\system32\ozoralek.ini
2008-12-30 19:09:13 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-12-30 19:09:11 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2008-12-30 19:01:09 ----D---- C:\!KillBox
2008-12-30 15:33:08 ----A---- C:\WINDOWS\system32\cssdll32.dll
2008-12-30 15:33:06 ----D---- C:\Program Files\AskSBar
2008-12-30 15:18:13 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\Comodo
2008-12-30 15:18:11 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\comodo
2008-12-30 15:18:11 ----A---- C:\WINDOWS\system32\guard32.dll
2008-12-30 15:18:08 ----D---- C:\Program Files\COMODO
2008-12-30 11:06:59 ----SH---- C:\WINDOWS\system32\molafabo.exe
2008-12-29 17:05:57 ----SH---- C:\WINDOWS\system32\zirodeyo.exe
2008-12-28 19:56:34 ----D---- C:\SDFix
2008-12-28 19:25:59 ----D---- C:\WINDOWS\ERUNT
2008-12-28 19:12:18 ----D---- C:\WINDOWS\pss
2008-12-28 18:57:33 ----D---- C:\SDFix11
2008-12-28 15:50:26 ----D---- C:\Avenger
2008-12-28 15:44:33 ----D---- C:\ComboFix
2008-12-28 15:44:31 ----A---- C:\WINDOWS\system32\CF6296.exe
2008-12-28 15:43:56 ----A---- C:\WINDOWS\system32\cmd.execf
2008-12-28 15:43:47 ----D---- C:\32788R22FWJFW
2008-12-27 21:06:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-27 20:59:02 ----D---- C:\Program Files\trend micro
2008-12-27 20:59:01 ----D---- C:\rsit
2008-12-26 20:48:09 ----A---- C:\WINDOWS\system32\CF25856.exe
2008-12-26 20:44:58 ----D---- C:\WINDOWS\ERDNT
2008-12-26 20:44:58 ----D---- C:\Qoobox
2008-12-26 20:44:55 ----A---- C:\WINDOWS\system32\CF25239.exe
2008-12-24 11:08:00 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-23 19:57:46 ----A---- C:\WINDOWS\wininit.ini
2008-12-23 17:47:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-23 17:47:09 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-12-23 17:01:13 ----D---- C:\Program Files\Lavasoft
2008-12-23 17:01:12 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-12-23 17:00:21 ----D---- C:\Program Files\ZoneAlarmSB
2008-12-23 16:53:58 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2008-12-23 16:53:10 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-12-23 16:50:25 ----D---- C:\WINDOWS\Internet Logs
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-17 07:36:59 ----A---- C:\WINDOWS\system32\java.exe
2008-12-11 07:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 07:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 07:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 07:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-12-07 20:16:18 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-12-07 20:16:17 ----D---- C:\Program Files\Real Alternative
2008-12-07 20:16:17 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\Real
2008-12-07 20:16:17 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Real

======List of files/folders modified in the last 1 months======

2008-12-31 23:19:56 ----D---- C:\WINDOWS\Prefetch
2008-12-31 22:45:10 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\Skype
2008-12-31 21:16:09 ----D---- C:\Program Files\Mozilla Firefox
2008-12-31 21:02:47 ----D---- C:\WINDOWS\Temp
2008-12-31 16:04:45 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\skypePM
2008-12-31 12:55:52 ----D---- C:\WINDOWS\system32
2008-12-31 12:55:29 ----ASH---- C:\WINDOWS\system32\wafayuwi.dll
2008-12-31 12:55:28 ----ASH---- C:\WINDOWS\system32\bidatemi.dll
2008-12-31 00:48:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-31 00:44:19 ----D---- C:\WINDOWS
2008-12-31 00:41:00 ----RD---- C:\Program Files
2008-12-31 00:07:29 ----N---- C:\WINDOWS\system32\kelarozo.dll
2008-12-31 00:07:28 ----ASH---- C:\WINDOWS\system32\pebiwago.dll
2008-12-30 23:07:25 ----ASH---- C:\WINDOWS\system32\pehuraba.dll
2008-12-30 23:07:25 ----ASH---- C:\WINDOWS\system32\gijareso.dll
2008-12-30 21:51:26 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-30 19:09:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-30 19:09:11 ----HD---- C:\WINDOWS\inf
2008-12-30 19:09:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-30 19:05:43 ----RSH---- C:\boot.ini
2008-12-30 19:05:43 ----A---- C:\WINDOWS\win.ini
2008-12-30 19:05:43 ----A---- C:\WINDOWS\system.ini
2008-12-30 19:02:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-30 15:19:31 ----D---- C:\WINDOWS\system32\drivers
2008-12-29 11:13:39 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\uTorrent
2008-12-28 21:31:55 ----ASH---- C:\WINDOWS\system32\vejidoyu.dll
2008-12-28 19:11:26 ----D---- C:\Documents and Settings\fishark\Dane aplikacji\OpenOffice.org2
2008-12-28 16:28:44 ----D---- C:\WINDOWS\system32\config
2008-12-27 21:15:59 ----D---- C:\WINDOWS\SMINST
2008-12-27 21:08:42 ----D---- C:\Documents and Settings
2008-12-23 17:56:34 ----D---- C:\Program Files\PowerDataRecovery
2008-12-23 17:46:09 ----SHD---- C:\WINDOWS\Installer
2008-12-23 17:46:09 ----D---- C:\Program Files\Common Files
2008-12-23 12:41:48 ----SD---- C:\Documents and Settings\fishark\Dane aplikacji\Microsoft
2008-12-21 09:24:21 ----D---- C:\Program Files\Opera
2008-12-19 07:18:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 07:18:00 ----D---- C:\WINDOWS\ie7updates
2008-12-19 07:17:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 21:08:26 ----D---- C:\Program Files\Puzzle Quest
2008-12-17 07:36:58 ----D---- C:\Program Files\Java
2008-12-13 07:39:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 07:19:59 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 07:19:37 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-12-30 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-12-30 24208]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-04-05 12672]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-27 1540096]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Sterownik karty sieciowej Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-05 822272]
R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-05 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-05 206976]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-14 213696]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-05 726400]
S3 aqe8qhr5;aqe8qhr5; C:\WINDOWS\system32\drivers\aqe8qhr5.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-27 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-12-30 519936]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-10-05 24064]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]

-----------------EOF-----------------


a programik nic nie wyczaił
fishark
~user
 
Posty: 17
Dołączenie: 26 Gru 2008, 14:48


Góra

Prosze o analize hijack - win32:trojan-gen. (other)

Postprzez wojtas 01 Sty 2009, 16:35

zastosuj:

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

potem

zastosuj RogueRemover

nastepnie tym:

http://www.programosy.pl/program,dr-web-cureit.html

i wroc z logiem nowym
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra
Następna
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: wuwunibs oraz 11 gości

Powered by phpBB © Group
Forum Programosy.pl